Discussions of Mormons and Mormon life, Book of Mormon issues and evidences, and other Latter-day Saint (LDS) topics.

Saturday, September 09, 2017

Provident Living Just Got Harder, Courtesy of Equifax: Some Steps You Can Take (Hint: You Need a Credit Freeze)

Equifax is one of three large credit agencies that provide a valuable public service. They collect, gather, and store vast amounts of information about you and your purchases and payments, all without your consent and with no opt-out feature, thus providing a vital central source of information for the benefit of the community -- the hacker community, the spy community,  the organized crime community, and the financial services community (not necessarily mutually exclusive communities).

Equifax, like some of the communities they serve, sometimes has certain "issues" that might affect us. Issues like gross incompetence in protecting the sensitive data they collect without our permission. Issues like failing to take appropriate corrective actions. Issues like failure to act swiftly when there is a hacker attack.

You may have just learned that 143 million consumers just had their personal records hacked at Equifax. You learned it this week. Equifax executives learned about it on July 29 when the breach was discovered. One of the largest and potentially most harmful data breaches in history, one that most likely involves you and your data, addresses, many credit card numbers, social security numbers, and almost anything an identity thief might want. About half of Americans are now at risk for identity theft--actually about 2/3 of all Americans with a credit history.

This hacking attack had been going on for over two months before Equifax, with their horrific security, finally noticed the attack. Hackers had been progressively going deeper and deeper into their system. Ten weeks of probing, downloading, stealing, before Equifax woke up.  They failed to learn, for this was the third time in 16 months that Equifax has been hacked (other attacks were earlier in 2017 and in May 2016). Why so slow? And why was the response so slow when they found out?

Oops, my mistake, there was a swift response. The breach was discovered on July 29, a Saturday. It probably was shared internally among top executives by Monday, July 31. Then on the next two days, Aug. 1 and 2, right after  Equifax discovered this devastating attack that surely would result in heavy selling of their stock, 3 top executives at Equifax acted swiftly to protect, uh, their own interests as they sold $2 million of their sharesAccording to CNBC, "Chief Financial Officer John Gamble Jr., workforce solutions president Rodolfo Ploder and U.S. information solutions president Joseph Loughran, sold $2 million of Equifax stock on August 1 and August 2, ensuring that those shares would not face the pummeling that Equifax stock might face once the news broke out (down 13% right after the news -- is that all? no serious pummeling?).

Back in the good ol' days, this kind of thing might have been called "insider trading" and was strictly illegal. People would go to jail for it -- yeah, imagine that, it really happened! Real jails, even. But avoiding legal nuisances and being free to act as you wish seems to be the primary benefit of being a real insider with strong inside connections to the people supposedly in charge of enforcing what we used to call "the law." Per CNBC, Equifax has admitted that these executives sold "a small percentage" of their shares but insists that they really, really didn't know anything about the data breach. Nope, not a thing.

Perhaps those executives really don't know squat about their business. Perhaps just being an "information solutions president" doesn't mean you have access to actual information such as IT knowledge. Maybe it was just lucky timing, all a coincidence. Yes, it could be. But to me it seems like there should be a serious investigation and some bullet sweating here.

Over a month after discovering the massive attack, Equifax leaders finally decided it might be good to let the victims know what was happening to their data. Not like there's a need to hurry or anything, right? There was also a very fitting apology from the elites, issued directly from the mouth of Equifax CEO Richard Smith, who kindly took the time to say, or have his secretary say, “I apologize to consumers and our business customers for the concern and frustration this causes.” There you have it. There might be some frustration down the road as you, say, lose all your assets and find your life ruined, but know that Equifax understands that this can cause "concern" and has apologized. Check.

Simon Black of SovereignMan.com suggested a better apology:
Due to our utter incompetence and failure to learn from recent mistakes, we totally screwed 143 million people who never even consented to us monitoring them. And rather than even let them know right away, we quietly took care of ourselves first. We have that little respect for the public.
But let's not quibble over the ideal wording. The elites have done their duty with a standard apology and have gone back to business as normal. But for the rest of us, now what?

There are some steps you can take now to protect yourself. The most important one, though, will be to get a credit freeze on your account to stop criminals from opening accounts in your name.

First read CNET's "A guide to surviving the Equifax data breach (without Equifax's help)."  Also see the CNET story, "Equifax data breach: Find out if you were one of 143 million hacked." You can get started in protecting yourself by going to Equifax's page for one year of their weak "Trusted ID" program of credit monitoring. Enroll for that service here: https://trustedidpremier.com/eligibility/eligibility.html.  You can get the "Trusted ID" service for one year this way (but the stolen data will be used against you for many years, even decades to come, as Clark Howard wisely warns). Enter your last name and the last 6 digits of your social security number to get in line to enroll (how ridiculous that you can't enroll in one step!). If you get a response that says "Based on the information provided, we believe that your personal information was not impacted by this incident," don't trust that because it has been shown to be unreliable (what, something unreliable at Equifax?). Assume you have trouble and continue to enroll.

Clicking on the "enroll" button will give a date on which you can come back and continue enrolling. Snazzy, eh? I love what advanced programming skills can achieve. Please carefully note the enrollment date it gives you and go back on or after that date to try your luck in enrolling.

Obviously, Equifax believes that there's nothing urgent about this whole security business thing and that fear-mongering buzzword, "identity theft." And Trusted ID boils down to trusting the company who snatched and released all your private data to now somehow protect you from identity theft. Well, don't depend on that, but if it's really free for a year, might as well get it. It adds a level of security to your records and some form of insurance but doesn't begin to solve all the problems. You can also enroll relatives who aren't computer literate. (If you don't know their social security number, just ask any local hacker to check Equifax records for you, or give your relative a call to get the last six digits. And then, for good measure, lecture them for giving even part of their social security number out over the phone, given all the people who are probably listening these days.) 

For real protection, freezing your credit accounts, which we did long ago, is a smart step. This makes it very hard for a thief to open a credit card account in your name (also hard for you to open new credit card accounts, but still possible). Clark Howard thinks Equifax's Trusted ID is a waste of time and on his page, "Equifax breach: How to protect yourself from what’s coming next," recommends this instead:
The only way to truly protect yourself is with a credit freeze.

Lets say your information was exposed and criminals do try to open new lines of credit in your name — well, they won’t be able to if your credit file is frozen.

A credit freeze seals your credit reports and provides a personal identification number (PIN) that only you know and can use to temporarily “thaw” your credit when legitimate applications for credit and services need to be processed. So even if criminals try to use your info, they won’t be able to actually do anything with it.

And this goes for anyone, not just those impacted directly by this breach.

How to protect your identity: Take these 2 steps

1. Sign up for Credit Karma’s free credit monitoring: Go to creditkarma.com to sign up for a free account and you’ll get access to free credit monitoring. If they notice any suspicious activity, you’ll get an alert. Plus, Credit Karma also gives you free access to your credit scores and reports, as well as tips on what factors are impacting your credit.

2. Freeze your credit with all three main credit bureaus: By freezing your credit files, you can prevent criminals from using your information to wreak havoc on your financial life. Even if your info was not exposed by the Equifax hack, this is the best way to protect your identity and your money.

Check out [Clark Howard's] Credit Freeze Guide to learn how to freeze your credit with each main agency.
Please get a credit freeze.

The impact of this data breach on American lives could actually end up being greater than Hurricane Irma. Once hackers take your identity, you might as well have a hurricane rip your home to shreds, it can be that painful and costly.

Meanwhile, carefully examine your credit card activity for unusual charges and also get a free credit report to see if there are unexpected events happening like accounts with late fees or something that you never opened. You can also sign up for a free 90-day fraud alert. Details on all that are provided in the second CNET link above (here).

Our critics charge that Mormonism is all about money, which is not true. But having all your money stolen makes it a lot more difficult to enjoy certain aspects of life related to our religion, like having a home for family home evening, a vehicle or bus pass to go to church, food for food storage, a suit for that missionary you are sending off, and so forth. You can still get buy, but I'm hoping you will avoid unnecessary loss and be in the position of being able to generously help others with your resources. Get a credit freeze and be safe.

For those of us who already had a credit freeze in place, one legitimate question is this: did the hackers also access the PINs or passcodes that can be used to override a credit freeze when a customer wants to open another account? If so, then I might have a problem. I'll try to find out. If you know, please tell us. Meanwhile, I hope regulators will investigate Equifax for insider trading and the gross negligence in allowing this breach, catching it so slowly, and not alerting the victims promptly. And may consumers be given the ability to opt-out of such services that make us and our identity sitting ducks.

8 comments:

Sherm said...

Naturally, Equifax, at least in my state makes money on the freeze. It's not much, $3, but it ought to be free to everyone given their negligence.

Anonymous said...

Good post. I would add that for now at least one might want to beware the Terms of Service. Some are saying that Trusted ID's TOS prohibit enrollees from participating in a class-action suit. The question of whether this forced arbitration clause applies to Equifax and Trusted ID, or only to Trusted ID, has yet to be cleared up to my satisfaction; for more info see here and here---especially the updates.

-- OK

Anonymous said...

P.S. This article is also interesting. It contains the following reportorial gem:

On Thursday night, I entered my last name and the last six digits of my Social Security number on the appropriate Equifax web page. (They had the gall to ask for this? Really? But I digress.) I received no “message indicating whether your personal information may have been impacted by this incident,” as the site promised. Instead, I was bounced to an offer for free credit monitoring, without a “yes,” “no” or “maybe” on the central question at hand.

By Friday morning, this had changed, and I got a “your personal information may have been impacted by this incident” notification. Progress. Except as my friend Justin Soffer pointed out on Twitter, you can enter a random name and number into the site and it will tell you the same thing. Indeed, I typed “Trump” and arbitrary numbers and got the same message.


-- OK

Anonymous said...

I am going to take financial advice from a Mormon apologist.

Jeff Lindsay said...

Anon @ 10:06, it's a shame you'd let your religious biases blind you to the need to protect yourself from identity theft. Hope you don't have a problem, but the risks are real.

Anonymous said...

I'm shaking in my financial boots, Jeff.
It doesn't help that you say one thing and there's news from several other sources that either contradicts or muddies what you've claimed.
Hey! Just like Mormon apologetics!

Steve said...

Really? Equifax had over 140 million accounts stolen. These accounts have everything one needs to open a line of credit anywhere. You don't need to consider the source to know that getting a credit freeze is the prudent thing to do whether you are an atheist, Born Again Christian, Hindu, Jew, Catholic, Mormon, etc.

Steve

Anonymous said...

Jeff, you'll probably be interested in this:

https://www.bloomberg.com/news/articles/2017-09-18/equifax-stock-sales-said-to-be-focus-of-u-s-criminal-probe