I suppose the biggest hint of how serious this news release
is for all of us is the fact that the Big
Kahunas at Equifax jumped ship before the hack went public.
Well, that and the timing of this big story while all of the
media spotlights are shining on South Florida in expectation of Hurricane Irma.
So, you need to assume
you’re screwed here and do something.
But what?
Their Site is Sneaky in How It Lets You Know You’ve Been Compromised
If you go to their site, and follow their steps, you’ll get
a request to enter the last six digits of your SSN with your last name. Then you get a message that you will receive
their free Identity Theft coverage for one year … but you’ll have to come back
on the date that’s given in order to join up.
Yes, that’s right.
They want you to input the last six digits of your SSN into a site they’ve
just admitted was compromised.
In South Texas, we say they’ve sure got some big huevos, boy
howdy.
And that’s it. That’s
the only tip to you that some of your personal information has been stolen from
the site. They don’t give you any
details. Heck, they don’t even tell you “yes,
your information is involved.” All you get is this little invite popping
up.
TechCrunch
has called them on this as a lack of “actual functionality” and is pushing them
to do the right thing here. Like give
us details.
But right now, their
site is still sneaky in how it’s letting you know that you’re a part of the
pack that’s been exposed to the Dark Side.
.
What Can You Do Right Now?
So, what can you do, now that you know your personal
information is out there, somewhere?
1. Have I Been Pwned
Well, Kim
Komando recommends going over to the web site “Have I Been Pwned” – and that’s good
advice.
Be prepared, you’re
not going to like what it tells you. But
at least you know, and can take action.
And you can sign up so the site will give you notice in the
future if your accounts have been breached at other sites (like LinkedIn, or
Adobe, or Dropbox).
2. Identity Theft Protection or Credit Freeze
Next, you can get yourself some Identity Theft
Protection. That’s the freebie for one
year that Equifax is offering you in the sneaky message affirming that your information
on their site has been hacked.
Silly me, but I don’t
know that I want to trust their Theft Protection service. Call me paranoid.
So, I surfed around and discovered advice from Steve
Weisman, a law professor and cybercrime expert, who blogs at scamicide.com.
In his April 22, 2017, USA
Today piece entitled “Is
identity theft protection worth it?” Mr. Weisman suggests that maybe it’s
not the best course to take.
Instead, he suggests a “credit
freeze.” Go read his article – makes
good sense.
3. Change Those Passwords
And, of course, you need to go and change those
passwords. Use different ones for each
account, too.
And I’m reading lots
of folk suggesting that you do the two-step authentication for added security. Problem
is: that in and of itself may open you
up to being hacked. Whattha? Yep.
Check out the May 2017 article by Joseph Cox in Vice,
entitled “We
Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is
Screwed.” The key language here (and the scary part):
"Everyone's accounts protected by text-based two-factor
authentication, such as bank accounts, are potentially at risk until the FCC
and telecom industry fix the devastating SS7 security flaw," Lieu
said in a statement published Wednesday. "I urge the
Republican-controlled Congress to hold immediate hearings on this issue."
4. Visit the FTC Site
Finally, you can visit the government site which stores lots
of information about identity theft. Like the following things you need to know because
Equifax has been hacked.
What Do Thieves Do
With Your Information?
Once identity thieves have your personal information, they
can drain your bank account, run up charges on your credit cards, open new
utility accounts, or get medical treatment on your health insurance. An
identity thief can file a tax refund in your name and get your refund. In some
extreme cases, a thief might even give your name to the police during an
arrest.
Clues That Someone
Has Stolen Your Information
- You see withdrawals from your bank account that you can’t explain.
- You don’t get your bills or other mail.
- Merchants refuse your checks.
- Debt collectors call you about debts that aren’t yours.
- You find unfamiliar accounts or charges on your credit report.
- Medical providers bill you for services you didn’t use.
- Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
- A health plan won’t cover you because your medical records show a condition you don’t have.
- The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
- You get notice that your information was compromised by a data breach at a company where you do business or have an account
- If your wallet, Social Security number, or other personal information is lost or stolen, there are steps you can take to help protect yourself from identity theft.
Equifax’s Explanation of What Went Wrong
So, what has happened here, anyway? Equifax has issued a long news release giving
details. I’ve inserted the full text of their news
release, entitled “Consumer Notice” below for your convenience.
Notice that they are telling you that “names, Social Security numbers,
birth dates, addresses, and in some instances, driver’s license numbers … [and]
credit card numbers for approximately 209,000 consumers and certain dispute
documents… have been stolen.
At Equifax, protecting the security of the information in
our possession is a responsibility we take very seriously. This is to notify
you of a data security incident that may have exposed some of your personal
information, including your Social Security number and other identifying
information. This
site explains the incident and steps Equifax has undertaken
to address it. In addition, we provide guidance below on what you can do to
protect your personal information.
I. What Happened
On July 29, 2017, Equifax discovered that criminals
exploited a U.S. website application vulnerability to gain access to certain
files. Upon discovery, we acted immediately to stop the intrusion. The company
promptly engaged a leading, independent cybersecurity firm which has been conducting
a comprehensive forensic review to determine the scope of the intrusion,
including the specific data impacted. Equifax also reported the criminal access
to law enforcement and continues to work with authorities. Based on the
company’s investigation, the unauthorized access occurred from mid-May through
July 2017.
II. What Information Was Involved
Most of the consumer information accessed includes names,
Social Security numbers, birth dates, addresses, and in some instances,
driver’s license numbers. In addition, credit card numbers for approximately
209,000 consumers and certain dispute documents, which included personal
identifying information, for approximately 182,000 consumers were accessed. In
addition to this site, Equifax will send direct mail notices to consumers whose
credit card numbers or dispute documents with personal identifying information
were impacted. We have found no evidence of unauthorized access to Equifax’s
core consumer or commercial credit reporting databases.
III. What We Are Doing
Upon learning of this incident, Equifax took steps to stop
the intrusion, and engaged an independent cybersecurity firm to forensically
investigate and determine the scope. Equifax also engaged the cybersecurity
firm to conduct an assessment and provide recommendations on steps that can be
taken to help prevent this type of incident from happening again.
Equifax is focused on consumer protection and has
established a dedicated website, www.equifaxsecurity2017.com to help consumers.
We have provided a tool on this site for you to determine if your information
was potentially impacted by this incident. To find out if you are potentially
impacted, please go to www.equifaxsecurity2017.com, and click on “Potential
Impact,” and enter your last name and last 6 digits of your Social Security
number.
We are also offering free identity theft protection and
credit file monitoring to all U.S. consumers, even if you are not impacted by
this incident. This offering, called TrustedID Premier, includes 3-Bureau
credit monitoring of your Equifax, Experian and TransUnion credit reports;
copies of your Equifax credit report; the ability to lock and unlock your
Equifax credit report; identity theft insurance; and Internet scanning for your
Social Security number – all complimentary to U.S. consumers for one year. To
find out more information on this complimentary offer and to sign up, please
click on the tab “Enroll” on this site. You must complete the enrollment
process by November 21, 2017.
IV. What You Can Do
In addition to enrolling in identity theft protection and
credit file monitoring, please see the “Identity Theft Prevention Tips” below,
and the “State Information” tab of this site. This information provides
additional steps you can take, including how to obtain a free copy of your
credit report and place a fraud alert and/or credit freeze on your credit
report. In addition, please monitor your account statements and report any
unauthorized charges to your credit card companies and financial institutions.
V. For More Information
Equifax is committed to ensuring that your personal
information is protected, and we apologize to our consumers and our business
customers for the concern and frustration this incident causes. If you have
additional questions, please call our dedicated call center at 866-447-7559,
available from 7:00 a.m. to 1:00 a.m. Eastern time, seven days a week.
Identity Theft Prevention Tips
We recommend that you remain vigilant for incidents of fraud
and identity theft by reviewing account statements and monitoring your credit
reports. You may obtain a free copy of your credit report from each company
listed below once every 12 months by requesting your report online at www.annualcreditreport.com,
calling toll-free 1-877-322-8228, or mailing an Annual Credit Report Request
Form (available at www.annualcreditreport.com) to: Annual Credit Report
Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281. You may also
purchase a copy of your credit report by contacting any of the credit reporting
agencies below:
If you believe you are the victim of identity theft, you
should contact the proper law enforcement authorities, including local law
enforcement, and you should consider contacting your state attorney general
and/or the Federal Trade Commission (“FTC”). You also may contact the FTC to
obtain additional information about avoiding identity theft.
Federal Trade Commission, Consumer Response Center
600 Pennsylvania Avenue NW, Washington, DC 20580; 1-877-IDTHEFT (438-4338)
www.ftc.gov/idtheft
600 Pennsylvania Avenue NW, Washington, DC 20580; 1-877-IDTHEFT (438-4338)
www.ftc.gov/idtheft
State Attorneys General: Information on how to
contact your state attorney general may be found at www.naag.org/naag/attorneys-general/whos-my-ag.php.
You may obtain information from the FTC and the credit
reporting agencies listed above about placing a fraud alert and/or credit
freeze on your credit report. Please also visit the “State Information” tab of
this site.
No comments:
Post a Comment