Are you a person in 2017 with a credit report? Oh, that’s half the American population? Well, your personal information was stolen from Equifax, the credit reporting agency. What’s that, you say? You aren’t a customer? Doesn’t matter.
“The breach lasted from mid-May through July,” wrote Seena Gressin, attorney at the Division of Consumer & Business Education at the Federal Trade Commission Friday. “The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the U.K. and Canada too.”
Equifax offered a year of free credit monitoring with TrustedID Premier. The fine print was cause for concern.
Equifax, way in over its head, scrambled to put out fires.
So, what can be done? Also in the FTC statement, Gressin advised:
• Check your credit reports. (In a dark twist, they suggest using Equifax, along with Experian and TransUnion.)
• Consider placing a credit freeze on your files.
• Monitor your existing credit card and bank accounts closely.
• If you decide against a credit freeze, consider placing a fraud alert on your files.
• File your taxes early.
An interesting thing happens when you click on the Equifax website’s “Potential Impacts” tab and type in the last six digits of your Social Security number and your last name. Following a tip I saw on the Twitter account of Zack Whittacker, security editor for ZDNet at CBS, I entered the numbers as “123456” and the last name as “Test.”
“Based on the information provided, we believe that your personal information may have been impacted by this incident,” read the message on the website after receiving this information.
You can literally enter anything. (Also, why should they be trusted now?) Not a great sign. Nor is the way Equifax security freezes are confirmed.
“Equifax security freeze PINs are worse than I thought,” wrote journalist Tony Webster on his Twitter account. “If you froze your credit today 2:15pm ET for example, you’d get PIN 0908171415. Verified PIN format w/ several people who froze today. And I got my PIN in 2007 — same exact format. … It’s just a timestamp of when you made the freeze: MMDDYYHHMM.”
No wonder Equifax was hacked.
If you were worried about Equifax bigwigs, don’t be.
“Three Equifax senior executives sold shares worth almost $1.8 million in the days after the company discovered [the] breach,” reported Bloomberg’s Anders Melin. “The trio had not yet been informed of the incident, the company said late Thursday. ... Regulatory filings show that on Aug. 1, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2.”
As I wrote in my Jan. 22, 2014 column, “My name is my name,” my wife, Ash, and I already have had our identities stolen during the Target breach. So, I may be a little desensitized at this point. But, do we all change our identities at once now? Who stole the information? How? And who is going to punish these executives?
Rob Burgess, Tribune city editor, may be reached via email at email@example.com.