Tag Archives: cyber crime

1. Equifax – which is one of the country’s big three credit bureaus (along with TransUnion and Experian) recently suffered a significant data breach.

2. In fact, according to the company, the personal data and even some financial records for up to 143 million Americans has been compromised – which amounts to about half of the total U.S. adult population!

3. Equifax (EFX ) is a private company that’s traded on the New York Stock exchange with a mandate is to earn profits for its shareholders, which it did to the tune of over $3 billion in revenues in 2016.

4. Along with TransUnion and Experian, makes money by collecting your financial and demographic information, analyzing it in the form of a credit report, and then selling that data to lenders, banks, mortgage companies, auto dealers, credit card firms, and yes, even marketers.

5. However, although Equifax tracks the payment and credit statistics for nearly every American adult (a small number are what’s called “Credit Invisible”), they don’t seek our permission, nor is there a way to opt out or keep your data private.

6. Equifax’s negligent mishandling of the situation has been highly publicized. The timing, for one, is of grave concern. Reportedly, Equifax knew about the data breach as early as mid-May but didn’t announce the hack publically until July 29.

7. Industry reports point to the fact that the security breach in Equifax’s platform existed for nine years without being fixed, and hackers slowly siphoned off consumer information for months.

8. Signaling that some serious malfeasance took place, three high-level Equifax executives sold shares of their own holdings after the hack was discovered, but before it was made public.

9. These three inside-trading execs, including Equifax’s Chief Financial Officer John Gamble, made $1.8 million from the sales of Equifax stock – before stock prices fell upon news of the hack.

10. By cracking Equifax’s database, the cybercriminals were able to obtain consumer records including names, Social Security numbers, birthdates, addresses and driver’s license numbers – all of the information they need to open new accounts or commit identity fraud.

11. According to credit expert John Ulzheimer, those pieces of data are “the crown jewels of information for credit fraudsters.”

12. Since people’s names, social security numbers, birth dates, etc. never change, the information can be used to defraud and steal from consumers without a shelf life.

13. According to Equifax, the credit card numbers of at least 209,000 consumers were also lost in the hack.

14. Just as concerning, the compromised data may include user names, passwords, security questions and other login information for Internet websites and other financial accounts.

15. In the wake of the breach, two high-level Equifax employees stepped down this week, Chief Security Officer Susan Mauldin and Chief Information Officer, Dave Webb.

16. Shocked by the magnitude of the breach and the revelation that Equifax hid it from the American people, Equifax stock plummeted, falling from $142 per share to $92 as per the time of this writing.

17. Both the FBI and the Federal Trade Commission have initiated investigations into the hack, as well as possible Equifax impropriety. Additionally, the state attorney general of Massachusetts is suing the credit giant, and class action suits are also springing up by the day.

18. So what is Equifax doing to try and remedy the problem? The credit firm has set up a special website where consumers can log in and see if their data was included in the 143 million stolen by hackers.

19. However, you need to enter your last name and social security number to access their website – which is questionable considering the circumstances.

20. Equifax is also extending the offer of free credit monitoring service, called “TrustedID Premier,” for a year to those affected.

21. TrustedID Premier includes credit monitoring of Equifax, Experian and TransUnion credit reports, a credit freeze for Equifax accounts, identity theft insurance, and a monitor to see if someone is trying to sell your social security number on the internet.

22. This may sound sufficient, but critics argue that Equifax isn’t completely forthright about their help. For instance, once the year offer expires, the service is no longer free but costs $19.95 per month. (Consumers actually have to enter their credit card number just to enroll in Equifax’s “free” year-long monitoring service.)

23. It’s been slammed as a back-door way for Equifax to reduce their liability, too. Buried within the fine print when you sign up for TrustedID Premier was a release of liability, renouncing your rights to later sue Equifax or participate in any class action suit.

24. Lambasted in the media and pressured by consumer rights groups, Equifax quickly softened the language of this release to “the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cyber-security incident,” as well as allowing consumers to opt-in.

25. So what should you do now?

Don’t wait until your financial accounts are hacked or your identity stolen until you act. In fact, we can almost ensure that there are more big data hacks coming, since 65% of Fortune 100 companies still use that same processing framework (called Apache Struts) that was so easily hacked at Equifax.

The best thing to do is to be proactive, starting with checking your credit reports in detail (not just score).

From there, we recommend utilizing these tools to protect your identity and finances:

Credit monitoring

Whether you take advantage of Equifax’s offer or use a trusted third-party service, credit monitoring will keep tabs on your credit report for signs of fraud or impropriety.

Fraud alert

Establish fraud alerts with each of the three major credit reporting agencies, Equifax, Experian and TransUnion, as well as alerts for each of your credit and debit cards.

Credit freeze

A credit freeze goes a step beyond fraud alerts in protecting you, which locks your credit files. No new accounts can be opened in your name without going through a security protocol, and only companies that you already commonly do business with will be able to make charges on your cards.

Change your passwords

It’s a good time to go through and change your passwords, for all Internet sites as well as banking, credit, and financial services. Make sure these are secure, not based on your address, birthday, name, or any personal information, and stored in a safe place.

***

In this extraordinary time of confusion and risk, we’re happy to provide you the information and tools you need to protect your credit – and your family’s financial future. Feel free to contact us anytime for a no-cost credit consultation.