TechViews News …..
By now, most people have read or been told about the recent Equifax data breach. Unfortunately, it is now considered the largest credit data breach in history. It affects almost half of the entire U.S. population. Chances are, if you live in the U.S. and you have a credit card, you are most likely affected.
Think of Equifax as the invisible arm of finance, reporting your credit history to credit card companies, banks, retailers and lenders — all without your consent.
The amount of personal information stolen is staggering. It includes names, Social Security numbers, birth dates, addresses, and even driver’s license numbers.
The company opened a dedicated website, www.equifaxsecurity2017.com , to help consumers check if any of their information has been affected.
You can also call Equifax’s dedicated customer care number 866-447-7559 to check, but judging by the magnitude of the breach, long wait times are expected.
Additionally, Equifax is offering affected consumers a chance to get a year’s worth of identity theft protection and credit file monitoring for free via its own TrustedID Premier service.
But there are some concerns that using Equifax’s tool and enrolling in its credit file monitoring service.
Should you trust Equifax’s tool?
With Equifax’s tool, www.equifaxsecurity2017.com , the company claims you can access it to check if you are affected by the data breach, is it a good idea to use it?
- First, the tool requires you to provide your last name and last six digits of your Social Security number to initiate the check. Would you really want to hand over more of your info to a company that just experienced the largest credit bureau data breach in history?
- Second, the tool states that “based on that information, you will receive a message indicating whether your personal information may have been impacted by this incident.” The use of the word “may” implies that the tool does not even give a definite answer whether your data was indeed compromised.
Now, if you do want to proceed, just follow the tool’s steps and click “Check Potential Impact.”
Some reports are even saying that the tool will say that you are impacted no matter what name you put in. Although many people are claiming to have seen “not affected” results, feeding it with random names and numbers will always return a “may have been impacted” result.
If the tool reports that you are indeed affected, you will be given a specific enrollment date to complete the sign-up process for TrustedID Premier.
Equifax’s TrustedID’s Terms of Service may take away your right to sue
Now, here’s where it gets a little murky. If you were found by the tool to have been affected by the data breach, you will be offered a chance to use Equifax’s own credit monitoring program, TrustedID Premier, free of charge for one year.
The problem is that if you do enroll, you will have to agree to its Terms of Service. As people began combing through all that legal jargon, they noticed something that was a little sketchy. A clause originally stated that anyone who signed up for the TrustedID Premier program was waiving their rights to join a class action suit against Equifax down the road.
Naturally, this caused a frenzy! However, just recently, the New York Attorney General required that Equifax remove this language from its Terms of Service immediately.
Now, Equifax has updated its website to state:
So, is it safe to sign up with TrustedID?
Even with the revised Terms of Service, most financial security analysts are still hesitant to recommend signing up for this free credit monitoring service since – again – it’s from the same company that just had the worst credit data breach in history.
Additionally, since the wealth of information stolen is extensive, do you think one year of free credit monitoring is enough? Often times, data that’s stolen from companies doesn’t show up again until years down the road. Remember last year’s Yahoo breach? The breach itself happened around 18 months prior to officials discovering the private information posted for sale on the Dark Web.
That’s why many analysts believe the threat of identity theft for those affected in the Equifax breach will surely be lifelong.
Bottom line — don’t bother completing the sign-up process.
So what do I do?
With that said, rather than signing up for Equifax’s free monitoring service, analysts suggest it’s better to put a credit freeze on your accounts.
Navigate on the web to the FTC’s Consumer Information page and put a temporary freeze on your credit reporting. Freezing your credit reporting will make it extremely difficult for an unscrupulous person to open an account under your name.
A credit freeze, also known as a security freeze, allows you to restrict access to your credit reports and scores provided by the three major credit bureaus (Experian, TransUnion and yes, Equifax).
Locking up your credit reports will prevent identity thieves from opening new accounts under your name even when they have managed to steal your personal information.
Since lenders are required to check your credit report before they can approve a new application, a credit freeze can stop fraudulent accounts from being made at your expense. And in the event you need to take out a loan, or apply for credit some place, you can always unlock your reports just as easily.
And the breach isn’t even the worst part.
EquiFax management finally reported the breach to the public on Sept. 7, outlining the discovery of the hack on July 29 and their immediate actions afterward.
I’ll do the math for you…
The company waited six weeks after learning about the breach to tell anyone about it – without even giving a good reason for the delay.
Here’s where things really get rich…
Several Equifax executives made some damning moves that were not covered at all in the announcement.
For instance, they sold nearly $2 million in stock less than a week after learning about the breach:
- Rodolfo Ploder, Equifax’s president of workforce solutions, sold more than $250,000 in stock on Aug. 2.
- Joseph Loughran, Equifax’s president for U.S. information solutions, unloaded stock worth about $685,000 on Aug. 1.
- John Gamble, Equifax’s chief financial officer dumped $950,000 in shares on Aug. 1.
The company said that the sales were just a “small percentage” of what those executives own and claimed that the sellers had no knowledge that the breach had even occurred.
So no one told these executives about the massive hack on July 29?
Or did they know full well and sell off a ton of stock before telling the public?
The jury is still out, but it sounds a lot like insider trading to me.
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews.org Newsletter. A must-read if you are interested in Internet Security.