The Equifax Hack of September 2017

The Recent Equifax Hack

Credit Report

If you have been living under a stone for the month of September 2017, you wouldn't have heard that Argentinian, Canadian, UK, and USA residents had their personal information accessed by identity thieves by a known Apache vulnerability, and the executives of the company sold their shares before they released this information to the public. There are many things the thieves can do with your identity including commit crimes in your name with your identity, or change ownership on your assets without your knowledge. You should not take this lightly.

Argentina residents

You are all totally screwed and that is the proper technical term. If you have a credit card, bank account, or anything that requires a credit reporting agency, your information was wide open. The password for the entire main system was admin.
https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/

Canadian residents

Equifax will notify the 100,000 residents directly if you were hacked. The data does seem to be reported as more severe, but that remains to be seen. For now I would recommend writing your Federal, Provincial representatives demanding that action be taken against Equifax. It has also been reported that it is likely residents who have dual citizenship or records in both countries.

https://www.thestar.com/business/2017/09/19/equifax-says-100000-canadians-may-have-been-in-data-breach.html

UK residents

Reports show that approximately 400,000 UK residents had some information released in the hack. This goes against the Safe Harbour/Privacy Shield agreements. It does appear that the nature of the information stolen was less severe than either Canada USA or Argentina, but still a cause for concern as they now have your name, date of birth, email addresses and telephone numbers.

http://www.wired.co.uk/article/equifax-credit-data-breach-uk-security 

https://www.theguardian.com/technology/2017/sep/19/equifax-credit-firm-march-breach-massive-may-hack-customers

USA residents

The Basics Only

Equifax was recently hacked and by recent I mean sometime this year. Sometime around May to June 2017 Equifax was hacked due to a known bug in Apache. Approximately 145 million records were accessed.
Kerbs on Security did a really good write up on what to do:
Basically what you want to do now is go to the Equifax website and check to see if you are vulnerable:
Their communication has been a bit shall we say incompetent regarding this hack, but you should assume the worst and do several things:
  1. If you get a positive response, print out the confirmation, and enroll in the credit monitoring offer. You will be able to get a copy of your credit report. The credit reporting agencies will claim that because it says you 'May' have been compromised that you do not count as a victim of identity theft, but it’s pretty safe to assume you are. Remember they are more concerned with charging fees than they are actually protecting your identity.
  2. Go to each credit reporting bureau, Equifax, Experian, Trans Union, Innovis, and place a credit freeze on your account (if you did the above step you will not need to go to Equifax or Trans Union as the TrueIdentity has a freeze function for both).
    1. What is a credit freeze? Well that means that no one can access your account unless you ‘unfreeze it’, so for example if you apply to a job, and they are going to check your credit, you would have to unfreeze it in advance of the check or else they will not be able to access your data.
    2. If you are a victim of identity theft you should be able to get this service for free, hence the need to get a copy of the confirmation
    3. This may take a while to get put in place as the credit reporting agencies concern themselves more with cutting costs than they do following their mandate (as this breach shows)
    4. You will need to get a freeze with every credit reporting bureau
  3. Go to the official free credit report page and get a copy of your credit report here: http://annualcreditreport.com
  4. You should also get a fraud alert placed on all your credit files. You should only need to do this once with Equifax, Experian, and TransUnion, Innovis is separate from the other three so you need to do that with them as well. Pick the first most accessible of the big three credit agency and get a fraud alert placed on your file.
  5. Permanently opt out of all automatic credit and insurance offers by going to www.optoutprescreen.com
  6. Register all your phone numbers with the National Do Not Call Registry: https://www.donotcall.gov

Calling the Agencies

  • If you call any of the credit reporting agencies especially the larger ones such as Equifax and Trans Union, you do not want to talk to the front line staff if they are out of the country.
  • In my experience the staff that has been contracted by the agencies is in place to do no other than sell you things that you should be getting for free.
  • When I called Trans Union at 1 800 680 7289 and picked option 5, then 2 (after entering my zip code) it brought me to an out of country support team.
    • The line connection quality was horrible as it would constantly cut out right when you didn’t need it to. Regardless this call centre was just in place to sell people products, when they didn’t need to be sold stuff. This seems to be par for the course with the likes of Equifax and Trans Union.
    • I finally was connected to someone in the USA and she gave me much more helpful explanations and service and told me to call the Consumer Relations line at 1 800 916 8800 and as soon as I would get in touch with someone request to be connected to an agent in the USA.
If you wanted a great stock pick to short, now would be the time, as the above shows that Equifax is losing the image of secure, the below will show you that their brand has nothing to do with trust either.

Comments

Popular Posts