Equifax lost all your data. All gone.
-
-
@blakeyrat fucking hell.
-
Their "Check potential impact" link is bullshit. All it gave me was an enrollment date and a warning that I'm not going to get any more reminders.
If the link says "Check potential impact", it should do what it says! It shouldn't tell me when I'm eligible to enroll in some damned credit monitoring!
Yes, I know I was most likely affected. That still doesn't excuse piss poor design on their part.
-
Why did they wait six weeks to disclose? Apparently their trading window was not open yet.
-
@polygeekery Isn't it still insider trading?
-
I'm seriously getting tired of having my data lost. First OPM and now this. These are institutions you're supposed to be able to trust to safeguard your data, as opposed to the 7-11 down the street or Random Internet Shop LLC.
I have no idea how to fix it either. I'm a realist; more regulations = more lip service, more willful shortcuts.
-
@heterodox said in Equifax lost all your data. All gone.:
I'm seriously getting tired of having my data lost. First OPM and now this. These are institutions you're supposed to be able to trust to safeguard your data, as opposed to the 7-11 down the street or Random Internet Shop LLC.
I have no idea how to fix it either. I'm a realist; more regulations = more lip service, more willful shortcuts. God damn it.
MAC rounds in atmosphere help.
-
@dangeruss I am not for certain how all of those rules work and what rules they have that pertain to them. My wife is an HR exec for a publicly traded company. She is only allowed to sell stock inside of trading windows and she is allowed to freely do so during that time regardless of what information she is privy to. That is the function of the trading window as I understand it. She can sell anytime during those trading windows and is closed from doing so when they are closed.
Executives at her level or at the level of those Equifax fellows are always privy to information that would constitute insider trading. The trading windows are a compromise on that.
-
Well, it's a good thing I'm already on the AllClear ID thing from the Sony hack a while ago....
-
@heterodox said in Equifax lost all your data. All gone.:
I'm seriously getting tired of having my data lost. First OPM and now this. These are institutions you're supposed to be able to trust to safeguard your data, as opposed to the 7-11 down the street or Random Internet Shop LLC.
I have no idea how to fix it either. I'm a realist; more regulations = more lip service, more willful shortcuts.
What do you mean "safeguard my data"? Credit reporting bureaus have no real interest in that. I don't pay them to protect the data they collect on me without my permission. I pay them when I want to see the data they collect on me without my permission.
-
@polygeekery said in Equifax lost all your data. All gone.:
Why did they wait six weeks to disclose? Apparently their trading window was not open yet.
Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers.
The trio had not yet been informed of the incident, the company said.
Go on...who are these people?
The credit-reporting service said late Thursday in a statement that it discovered the intrusion on July 29. Regulatory filings show that three days later, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans.
Your President of U.S. Information Solutions was not aware of the breach? Seriously? I think I found your problem. Your IT people have no fucking clue what is going on.
-
@polygeekery said in Equifax lost all your data. All gone.:
Your President of U.S. Information Solutions was not aware of the breach? Seriously? I think I found your problem. Your IT people have no fucking clue what is going on.
That's almost always the case in these data breaches. And since there's little or no penalty for incompetence, it will continue.
-
@polygeekery said in Equifax lost all your data. All gone.:
@polygeekery said in Equifax lost all your data. All gone.:
Why did they wait six weeks to disclose? Apparently their trading window was not open yet.
Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers.
The trio had not yet been informed of the incident, the company said.
Go on...who are these people?
The credit-reporting service said late Thursday in a statement that it discovered the intrusion on July 29. Regulatory filings show that three days later, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans.
Your President of U.S. Information Solutions was not aware of the breach? Seriously? I think I found your problem. Your IT people have no fucking clue what is going on.
Or, they figured that they'd get blamed for it and decided not to mention it.
-
@abarker that "check potential impact" site was not thought out at all. It's hosted on a completely separate domain, named very similar to Equifax itself, registered just recently, sudden traffic spike – it all added up to OpenDNS automated systems flagging it as phishing:
(image by @SwiftOnSecurity)
-
@dcoder said in Equifax lost all your data. All gone.:
@abarker that "check potential impact" site was not thought out at all.
-
@dcoder said in Equifax lost all your data. All gone.:
It's hosted on a completely separate domain, named very similar to Equifax itself
I also love how they put the year in the domain name. They are basically thinking that they are going to screw the pooch again so they better have a way to separate them by year.
-
@tsaukpaetra said in Equifax lost all your data. All gone.:
Well, it's a good thing I'm already on the AllClear ID thing from the Sony hack a while ago....
Given the frequency of breaches, it's not far-fetched to be able to get years and years of credit monitoring.
-
@polygeekery said in Equifax lost all your data. All gone.:
@dcoder said in Equifax lost all your data. All gone.:
It's hosted on a completely separate domain, named very similar to Equifax itself
I also love how they put the year in the domain name. They are basically thinking that they are going to screw the pooch again so they better have a way to separate them by year.
I thought that was against the cybersquatting law that Bill Clinton regretted signing?
-
@groaner said in Equifax lost all your data. All gone.:
@tsaukpaetra said in Equifax lost all your data. All gone.:
Well, it's a good thing I'm already on the AllClear ID thing from the Sony hack a while ago....
Given the frequency of breaches, it's not far-fetched to be able to get years and years of credit monitoring.
Even without the monitoring I get from some of my credit cards, I've had continuous monitoring for the past 5 years or so because of various data breaches. Sometimes I've even had two or three different monitors going at the same time. This is just going to keep that streak going.
-
BTW let's talk about paid lock-downs or paid monitoring of these credit reputation companies...
How is that not extortion?
"We gathered all this information about you without specific disclosure or your consent. But don't worry! For an additional $10 a month we can actually expend a tiny bit of effort to ensure someone doesn't use that info to open credit cards in your name! Unless we fuck up and just leak the data anyway because we're incompetent."
-
@blakeyrat said in Equifax lost all your data. All gone.:
"We gathered all this information about you without specific disclosure or your consent. But don't worry! For an additional $10 a month we can actually expend a tiny bit of effort to ensure someone doesn't use that info to open credit cards in your name! Unless we fuck up and just leak the data anyway because we're incompetent."
Mmm, are people impacted by the Equifax breach going to be signed up for credit monitoring without their consent? My impression is you'd have to opt-in. That's the way it worked after the OPM breach (they offered credit monitoring, I took a look, they asked for social security number again without the faintest indication that they understood the irony of doing so, I told them to fuck off).
-
@blakeyrat Especially since they already get money by selling some or most of the information to people/organizations running credit checks on you. It's not like the $10 is helping them stay solvent.
-
@heterodox said in Equifax lost all your data. All gone.:
Mmm, are people impacted by the Equifax breach going to be signed up for credit monitoring without their consent?
No? Also learn to read?
-
@abarker said in Equifax lost all your data. All gone.:
Especially since they already get money by selling some or most of the information to people/organizations running credit checks on you. It's not like the $10 is helping them stay solvent.
Srsly. There's no way that's not extortion.
-
@blakeyrat said in Equifax lost all your data. All gone.:
@heterodox said in Equifax lost all your data. All gone.:
Mmm, are people impacted by the Equifax breach going to be signed up for credit monitoring without their consent?
No? Also learn to read?
I think his point was that automatic credit monitoring sign up is just handing the same data over to another incompetent company. So being signed up for credit monitoring without your consent is extra ironic.
-
@heterodox said in Equifax lost all your data. All gone.:
Mmm, are people impacted by the Equifax breach going to be signed up for credit monitoring without their consent? My impression is you'd have to opt-in. That's the way it worked after the OPM breach (they offered credit monitoring, I took a look, they asked for social security number again without the faintest indication that they understood the irony of doing so, I told them to fuck off).
That's independent of what @blakeyrat said.
On one hand, you have the free credit monitoring that Equifax is offering to those who are potentially affected by the breach.
On the other hand, their standard business model has them charging you if you want to lock your file (so no new accounts can be opened without a lengthy process) or check your file more than once per year.
@blakeyrat was talking about the second.
-
@xaade said in Equifax lost all your data. All gone.:
@blakeyrat said in Equifax lost all your data. All gone.:
@heterodox said in Equifax lost all your data. All gone.:
Mmm, are people impacted by the Equifax breach going to be signed up for credit monitoring without their consent?
No? Also learn to read?
I think his point was that automatic credit monitoring sign up is just handing the same data over to another incompetent company. So being signed up for credit monitoring without your consent is extra ironic.
But no one is being signed up without consent.
-
@blakeyrat said in Equifax lost all your data. All gone.:
No? Also learn to read?
Then I'm confused as to what the hell you're talking about. If you're talking about the credit bureaus collecting information on you, they do so with disclosure and your consent. Sure, it's coerced consent (you basically can't participate in modern economy without credit), but I've never had any data shared without my consent.
-
@xaade said in Equifax lost all your data. All gone.:
I think his point was that automatic credit monitoring sign up is just handing the same data over to another incompetent company.
Is that a thing that exists? It didn't yesterday when I went to the site for this breach.
@xaade said in Equifax lost all your data. All gone.:
So being signed up for credit monitoring without your consent is extra ironic.
But that you have to actually consent to. That's not the part of this whole arrangement that's a problem.
But yes, if it were automatic (which it's not and I never said it was and I have no idea where that information is coming from), then it'd be even more awful than status quo.
-
@blakeyrat said in Equifax lost all your data. All gone.:
@abarker said in Equifax lost all your data. All gone.:
Especially since they already get money by selling some or most of the information to people/organizations running credit checks on you. It's not like the $10 is helping them stay solvent.
Srsly. There's no way that's not extortion.
Worse yet. I end up paying for many of those credit checks that OTHER people do on me.
-
@xaade Do you at least get a copy in those cases?
-
@abarker said in Equifax lost all your data. All gone.:
@xaade Do you at least get a copy in those cases?
You have to ask for it, but yes.
As in, not of all them volunteered it or told me that it's an option.
-
@abarker said in Equifax lost all your data. All gone.:
Do you at least get a copy in those cases?
Some States in the US require it. Washington fortunately does, I always request a copy because I figure it costs them more money and makes the horrible "credit check everything by default!!!" attitude slightly less economically viable. I usually throw the copy in the trash when I get it.
Many do not.
-
-
@polygeekery said in Equifax lost all your data. All gone.:
@dangeruss I am not for certain how all of those rules work and what rules they have that pertain to them. My wife is an HR exec for a publicly traded company. She is only allowed to sell stock inside of trading windows and she is allowed to freely do so during that time regardless of what information she is privy to. That is the function of the trading window as I understand it. She can sell anytime during those trading windows and is closed from doing so when they are closed.
Executives at her level or at the level of those Equifax fellows are always privy to information that would constitute insider trading. The trading windows are a compromise on that.
Sell stock in the company she works for I assume? Otherwise I assume she has to go through normal compliance procedures to buy/sell other company stocks?
-
@blakeyrat said in Equifax lost all your data. All gone.:
I usually throw the copy in the trash when I get it.
Hopefully you shred it first.
-
@heterodox Nope.
-
@jazzyjosh said in Equifax lost all your data. All gone.:
@polygeekery said in Equifax lost all your data. All gone.:
@dangeruss I am not for certain how all of those rules work and what rules they have that pertain to them. My wife is an HR exec for a publicly traded company. She is only allowed to sell stock inside of trading windows and she is allowed to freely do so during that time regardless of what information she is privy to. That is the function of the trading window as I understand it. She can sell anytime during those trading windows and is closed from doing so when they are closed.
Executives at her level or at the level of those Equifax fellows are always privy to information that would constitute insider trading. The trading windows are a compromise on that.
Sell stock in the company she works for I assume? Otherwise I assume she has to go through normal compliance procedures to buy/sell other company stocks?
Yes. Part of her compensation is stock options.
-
@blakeyrat said in Equifax lost all your data. All gone.:
We gathered all this information about you without specific disclosure or your consent.
Incorrect. You agree to this every time you open a credit account.
@blakeyrat said in Equifax lost all your data. All gone.:
For an additional $10 a month we can actually expend a tiny bit of effort to ensure someone doesn't use that info to open credit cards in your name!
Or for a single payment of $0-10 (depending on state)/per bureau you can freeze your credit and not have to deal with it?
Most states are fucked though and mandate a maximum charge of $10 to lift, place, or remove if you're not a victim of identity theft. Thankfully this is one instance where NC is better than most, as it's free as long as you make your request electronically, or if you don't the maximum charge is $3
-
@heterodox said in Equifax lost all your data. All gone.:
(they offered credit monitoring, I took a look, they asked for social security number again without the faintest indication that they understood the irony of doing so, I told them to fuck off).
Just looked at the Equifax site; it asks for the last six of your SSN. Well, given the first three just designate where you were born (generally), that's hardly better than asking for the full SSN. Ugh.
-
@blakeyrat said in Equifax lost all your data. All gone.:
@abarker said in Equifax lost all your data. All gone.:
Do you at least get a copy in those cases?
Some States in the US require it. Washington fortunately does, I always request a copy because I figure it costs them more money and makes the horrible "credit check everything by default!!!" attitude slightly less economically viable. I usually throw the copy in the trash when I get it.
Many do not.
Meh, it's basically a federal requirement that you have access after a pull, since if you're impacted in any negative way e.g. lower credit limit, higher interest rate, increased fees, etc. you have the right to request your report from the bureau the report was pulled from. (No way any of us peons are getting the actual maximum credit limit the issuer offers for the product)
-
@heterodox said in Equifax lost all your data. All gone.:
@heterodox said in Equifax lost all your data. All gone.:
(they offered credit monitoring, I took a look, they asked for social security number again without the faintest indication that they understood the irony of doing so, I told them to fuck off).
Just looked at the Equifax site; it asks for the last six of your SSN. Well, given the first three just designate where you were born (generally), that's hardly better than asking for the full SSN. Ugh.
Obligatory Simpsons:
-
Looks like Equifax is getting creamed. All I get is a blank page and spinner.
-
Can we just have a way for us to reset our SSNs? At this rate, we might as well just start from a clean slate and then enact a mandatory 20 year sentence for people who store SSNs in plain text on a flash drive that they hide under a brick in their patio for safekeeping.
-
@the_quiet_one said in Equifax lost all your data. All gone.:
Can we just have a way for us to reset our SSNs?
-
-
@abarker said in Equifax lost all your data. All gone.:
@xaade said in Equifax lost all your data. All gone.:
@blakeyrat said in Equifax lost all your data. All gone.:
@heterodox said in Equifax lost all your data. All gone.:
Mmm, are people impacted by the Equifax breach going to be signed up for credit monitoring without their consent?
No? Also learn to read?
I think his point was that automatic credit monitoring sign up is just handing the same data over to another incompetent company. So being signed up for credit monitoring without your consent is extra ironic.
But no one is being signed up without consent.
I'm just guessing at what was meant.
-
@the_quiet_one said in Equifax lost all your data. All gone.:
Can we just have a way for us to reset our SSNs? At this rate, we might as well just start from a clean slate and then enact a mandatory 20 year sentence for people who store SSNs in plain text on a flash drive that they hide under a brick in their patio for safekeeping.
Or better yet: don't treat SSNs as the secret passwords they're incorrectly used as. Treat them as the primary keys that they were meant to be.
-
@the_quiet_one said in Equifax lost all your data. All gone.:
Can we just have a way for us to reset our SSNs?
SSNs aren't ID. Never were designed for that purpose, Government's been saying forever that they shouldn't be used for that purpose.
Problem is, since the US has no nation-wide ID number (and probably never will, although the TSA's getting gradually closer), companies use it for that purpose regardless.
-
@the_quiet_one said in Equifax lost all your data. All gone.:
Can we just have a way for us to reset our SSNs? At this rate, we might as well just start from a clean slate and then enact a mandatory 20 year sentence for people who store SSNs in plain text on a flash drive that they hide under a brick in their patio for safekeeping.
No. What we should do is enforce credit bureaus to report to the individual all data they've collected on them.
Meaning, personal credit monitoring is free.
They can then decide whether it's economically feasible to continue existing. I don't give a shit.