I suppose the biggest hint of how serious this news release
is for all of us is the fact that the Big
Kahunas at Equifax jumped ship before the hack went public.
Well, that and the timing of this big story while all of the
media spotlights are shining on South Florida in expectation of Hurricane Irma.
So, you need to assume
you’re screwed here and do something.
But what?
Their Site is Sneaky in How It Lets You Know You’ve Been Compromised
If you go to their site, and follow their steps, you’ll get
a request to enter the last six digits of your SSN with your last name. Then you get a message that you will receive
their free Identity Theft coverage for one year … but you’ll have to come back
on the date that’s given in order to join up.
Yes, that’s right.
They want you to input the last six digits of your SSN into a site they’ve
just admitted was compromised.
In South Texas, we say they’ve sure got some big huevos, boy
howdy.
And that’s it. That’s
the only tip to you that some of your personal information has been stolen from
the site. They don’t give you any
details. Heck, they don’t even tell you “yes,
your information is involved.” All you get is this little invite popping
up.
TechCrunch
has called them on this as a lack of “actual functionality” and is pushing them
to do the right thing here. Like give
us details.
But right now, their
site is still sneaky in how it’s letting you know that you’re a part of the
pack that’s been exposed to the Dark Side.
.
What Can You Do Right Now?
So, what can you do, now that you know your personal
information is out there, somewhere?
1. Have I Been Pwned
Well, Kim
Komando recommends going over to the web site “Have I Been Pwned” – and that’s good
advice.
Be prepared, you’re
not going to like what it tells you. But
at least you know, and can take action.
And you can sign up so the site will give you notice in the
future if your accounts have been breached at other sites (like LinkedIn, or
Adobe, or Dropbox).
2. Identity Theft Protection or Credit Freeze
Next, you can get yourself some Identity Theft
Protection. That’s the freebie for one
year that Equifax is offering you in the sneaky message affirming that your information
on their site has been hacked.
Silly me, but I don’t
know that I want to trust their Theft Protection service. Call me paranoid.
So, I surfed around and discovered advice from Steve
Weisman, a law professor and cybercrime expert, who blogs at scamicide.com.
In his April 22, 2017, USA
Today piece entitled “Is
identity theft protection worth it?” Mr. Weisman suggests that maybe it’s
not the best course to take.
Instead, he suggests a “credit
freeze.” Go read his article – makes
good sense.
3. Change Those Passwords
And, of course, you need to go and change those
passwords. Use different ones for each
account, too.
And I’m reading lots
of folk suggesting that you do the two-step authentication for added security. Problem
is: that in and of itself may open you
up to being hacked. Whattha? Yep.
Check out the May 2017 article by Joseph Cox in Vice,
entitled “We
Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is
Screwed.” The key language here (and the scary part):
"Everyone's accounts protected by text-based two-factor
authentication, such as bank accounts, are potentially at risk until the FCC
and telecom industry fix the devastating SS7 security flaw," Lieu
said in a statement published Wednesday. "I urge the
Republican-controlled Congress to hold immediate hearings on this issue."
4. Visit the FTC Site
Finally, you can visit the government site which stores lots
of information about identity theft. Like the following things you need to know because
Equifax has been hacked.
What Do Thieves Do
With Your Information?
Once identity thieves have your personal information, they
can drain your bank account, run up charges on your credit cards, open new
utility accounts, or get medical treatment on your health insurance. An
identity thief can file a tax refund in your name and get your refund. In some
extreme cases, a thief might even give your name to the police during an
arrest.
Clues That Someone
Has Stolen Your Information
- You see withdrawals from your bank account that you can’t explain.
- You don’t get your bills or other mail.
- Merchants refuse your checks.
- Debt collectors call you about debts that aren’t yours.
- You find unfamiliar accounts or charges on your credit report.
- Medical providers bill you for services you didn’t use.
- Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
- A health plan won’t cover you because your medical records show a condition you don’t have.
- The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
- You get notice that your information was compromised by a data breach at a company where you do business or have an account
- If your wallet, Social Security number, or other personal information is lost or stolen, there are steps you can take to help protect yourself from identity theft.
Equifax’s Explanation of What Went Wrong
So, what has happened here, anyway? Equifax has issued a long news release giving
details. I’ve inserted the full text of their news
release, entitled “Consumer Notice” below for your convenience.
Notice that they are telling you that “names, Social Security numbers,
birth dates, addresses, and in some instances, driver’s license numbers … [and]
credit card numbers for approximately 209,000 consumers and certain dispute
documents… have been stolen.
At Equifax, protecting the security of the information in
our possession is a responsibility we take very seriously. This is to notify
you of a data security incident that may have exposed some of your personal
information, including your Social Security number and other identifying
information. This
