Equifax security breach

Banking and Saving strategies, maximizing interest rates, budgeting, GICs, HISAs.
Post Reply
User avatar
Peculiar_Investor
Administrator
Administrator
Posts: 13267
Joined: 01 Mar 2005 14:52
Location: Calgary
Contact:

Equifax security breach

Post by Peculiar_Investor »

Another company has been hacked -- Equifax says 143 million U.S. consumers may have been affected in cyberattack - Business - CBC News
Additionally, Equifax also found unauthorized access to limited personal information for some Canadian and U.K. residents. The number of people affected in that part of the security breach was not disclosed.

"Equifax will work with U.K. and Canadian regulators to determine appropriate next steps," the company said, adding that it has "found no evidence that personal information of consumers in any other country has been impacted. "
Time will tell if personal information of Canadian consumers has been impacted.

The G&M is reporting that Canadians affected by Equifax security breach - The Globe and Mail (apologies for the link to their new beta site, it doesn't appear possible to opt out of the beta).
The company established a website, equifaxsecurity2017.com, where people can check to see whether their personal information may have been stolen. Consumers can also call 866-447-7559 for more information.

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," Equifax chief executive officer Richard Smith said in a statement. "I apologize to consumers and our business customers for the concern and frustration this causes."
But wait, it gets better worse.
The Globe and Mail wrote:Three Equifax executives insulated themselves from that downturn by selling shares worth a combined $1.8-million just a few days after the company discovered it had been hacked, according to documents filed with securities regulators.

The sales, executed on Aug. 1 and 2, were made by: John Gamble, Equifax's chief financial officer; Rodolfo Ploder, Equifax's president of work-force solutions; and Joseph Loughran, Equifax's president of U.S. information solutions. Bloomberg News first reported the divestitures.
More on the story from Bloomberg can be found at Consumers Struggle to Get Answers From Equifax After Massive Hack - Bloomberg

As could be expected, lots of discussion of the topic on the Bogleheads forum in Equifax customer information leak.
Imagefiniki, the Canadian financial wiki New editors wanted and welcomed, please help collaborate and improve the wiki.

Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
User avatar
Peculiar_Investor
Administrator
Administrator
Posts: 13267
Joined: 01 Mar 2005 14:52
Location: Calgary
Contact:

Re: Equifax security breach

Post by Peculiar_Investor »

A bit surprised there hasn't been more discussion on this topic. Perhaps Canadians don't feel they are impacted based on the information that has been made available. If so, a few words of caution, Equifax faces mounting pressure after data breach as CAA reveals 10,000 clients hit | CBC.ca
CBC wrote:Equifax Canada is facing intensifying calls for transparency on its massive cyberhack as the Canadian Automobile Association informs thousands of its members that their data may have been compromised and frustrated consumers ask questions about why they're being treated worse than their U.S. counterparts.
That seems to contradict an earlier story Equifax hack said to affect only Canadians with U.S. dealings
CBC wrote:Equifax Canada's customer service agents are telling callers that only Canadians who have had dealings in the United States are likely to be affected by the massive hack announced last week.

The credit monitoring company's call centre staff say that Canadians who have Equifax accounts in the U.S. could be at risk of having their data compromised, such as those who have lived, worked or applied for credit south of the border.
Imagefiniki, the Canadian financial wiki New editors wanted and welcomed, please help collaborate and improve the wiki.

Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
User avatar
SoninlawofGus
Veteran Contributor
Veteran Contributor
Posts: 1284
Joined: 21 Aug 2007 12:10
Location: Ottawa

Re: Equifax security breach

Post by SoninlawofGus »

So customers that signed up for identity protection were the ones who got burned? I sure am glad that I did not sign up for identity protection, so my identity has been protected. :roll:

On a related topic, why is it that Canadians cannot put a security freeze on their Equifax/TransUnion accounts, while Americans can do that? I was driving through New York State last weekend listening to public radio -- they were advising people to do this if they had concerns. Not possible up here.
User avatar
AltaRed
Veteran Contributor
Veteran Contributor
Posts: 33398
Joined: 05 Mar 2005 20:04
Location: Ogopogo Land

Re: Equifax security breach

Post by AltaRed »

Are you sure that is what was meant? What you can do, including in Canada, is put a security alert on your Equifax credit file such that no new entity can access your credit file information without your consent. I did that with the Home Depot breach. I got a call some months later from Equifax saying a certain CC company wanted access to my credit file. I gave them the okay because I had applied for a new CC from that company.
Imagefiniki, the Canadian financial wiki The go-to place to bolster your financial freedom
User avatar
SoninlawofGus
Veteran Contributor
Veteran Contributor
Posts: 1284
Joined: 21 Aug 2007 12:10
Location: Ottawa

Re: Equifax security breach

Post by SoninlawofGus »

AltaRed wrote: 15 Sep 2017 17:37 Are you sure that is what was meant? What you can do, including in Canada, is put a security alert on your Equifax credit file such that no new entity can access your credit file information without your consent. I did that with the Home Depot breach. I got a call some months later from Equifax saying a certain CC company wanted access to my credit file. I gave them the okay because I had applied for a new CC from that company.
Yeah, that's an alert. In the States, you can do an actual freeze.
User avatar
patriot1
Veteran Contributor
Veteran Contributor
Posts: 4883
Joined: 28 Feb 2005 03:53

Re: Equifax security breach

Post by patriot1 »

AltaRed wrote: 15 Sep 2017 17:37 What you can do, including in Canada, is put a security alert on your Equifax credit file such that no new entity can access your credit file information without your consent. I did that with the Home Depot breach.
I thought consent was always required to do a credit search. Are you saying that in fact the default is that anyone can access your credit file without obtaining consent?

What's the difference between Equifax and a Mafia protection service? The Mafia delivers on the protection. :x
User avatar
AltaRed
Veteran Contributor
Veteran Contributor
Posts: 33398
Joined: 05 Mar 2005 20:04
Location: Ogopogo Land

Re: Equifax security breach

Post by AltaRed »

patriot1 wrote: 16 Sep 2017 08:53 I thought consent was always required to do a credit search. Are you saying that in fact the default is that anyone can access your credit file without obtaining consent?
From a legitimate source, one gives authorization when one applies for credit in advance. But a nefarious source won't do those niceities. As long as they get enough 'illegal' info they bought on the Internet (or from a hack), they have the data to make a credit file request. Equifax has no basis to dispute a request from a 'vendor' if the right data is submitted.
Imagefiniki, the Canadian financial wiki The go-to place to bolster your financial freedom
Joebaba
Contributor
Contributor
Posts: 222
Joined: 07 Nov 2016 12:36

Re: Equifax security breach

Post by Joebaba »

Hey AltaRed,

You said you put a security alert on your Equifax credit file sometime in the past.

Can someone do that for free? What was the process? Did you phone? write? or can you initiate it online somehow?

Thanks,

Joe
gobsmack
Contributor
Contributor
Posts: 447
Joined: 04 Sep 2015 13:16

Re: Equifax security breach

Post by gobsmack »

Joebaba wrote: 16 Sep 2017 23:01 You said you put a security alert on your Equifax credit file sometime in the past.

Can someone do that for free? What was the process? Did you phone? write? or can you initiate it online somehow?
I think this is what he meant: https://www.consumer.ftc.gov/articles/0 ... raud-alert

Keep in mind that the Equifax breach actually happened at the beginning of the summer but it was only disclosed to the public now.
User avatar
kcowan
Veteran Contributor
Veteran Contributor
Posts: 16033
Joined: 18 Apr 2006 20:33
Location: Pacific latitude 20/49

Re: Equifax security breach

Post by kcowan »

I think this link describes the options available to Americans:

https://www.consumer.ftc.gov/articles/0 ... it-freezes
But a response from AR would clarify what is available for Canadians.
For the fun of it...Keith
User avatar
AltaRed
Veteran Contributor
Veteran Contributor
Posts: 33398
Joined: 05 Mar 2005 20:04
Location: Ogopogo Land

Re: Equifax security breach

Post by AltaRed »

Based on what Keith posted, I'd call it a Fraud Alert. It was the Home Depot hack where HD paid for one year of monitoring. IIRC, that included the option to place a Fraud Alert on my credit file. I have only vague memory but I think I called Equifax to put this in place and it didn't cost me anything. I'd suggest those that are interested simply call Equifax Canada and/or Trans Union(?) to find out how that is done. I suspect they will ask if you believe you were a victim of a hack to do this, but I don't think it is a prerequisite.

My experience is Equifax is impossible to get a response from online so I think it is best to simply phone them and talk to them. They may try to sell you their monthlyl monitoring service where they 'monitor' the Web for the sale of your personal information, amongst other things. I don't think you have to pay anything though for a Fraud Alert on your file.
Imagefiniki, the Canadian financial wiki The go-to place to bolster your financial freedom
gobsmack
Contributor
Contributor
Posts: 447
Joined: 04 Sep 2015 13:16

Re: Equifax security breach

Post by gobsmack »

I would suggest a Fraud Alert as well (see my link above).

If you try to freeze your credit file, Equifax will charge you a fee. You will be rewarding their incompetence by buying a credit freeze from them. In exchange for the fee, you will get a PIN that can later be used to unfreeze your credit file. The PIN will be stored in their super secure serves so you know you are safe. :lol:

I think the Fraud Alert is a better choice then the credit freeze. I've done it in the past when I was living in the US and I never had to justify why I was placing a Fraud Alert on my file.
planB
Contributor
Contributor
Posts: 153
Joined: 16 Mar 2013 19:23

Re: Equifax security breach

Post by planB »

Thanks all - good info. I will look into putting a fraud/freeze on my credit file (I'm still in the US).

Note the IRS is conducting identity verification checks to help with fraud. I was notified this year that my tax return would not processed until I called in and vertified some info relating to past and present returns.

The Equifax mess looks like an Arthur Andersen level event to me.
User avatar
AltaRed
Veteran Contributor
Veteran Contributor
Posts: 33398
Joined: 05 Mar 2005 20:04
Location: Ogopogo Land

Re: Equifax security breach

Post by AltaRed »

Do you mean a 'fraud alert' with Equifax in the USA? Or in Canada? AFAIK, they operate independently.

FWIW, I think I may have a 'residual' credit history in the USA from my last ex-pat assignment AND because I still retain a US domiciled credit card. When I went to the Equifax USA link and put in my last 6 digits of my SSN, the response was 'no indication that my information had been compromised'.
Imagefiniki, the Canadian financial wiki The go-to place to bolster your financial freedom
Joebaba
Contributor
Contributor
Posts: 222
Joined: 07 Nov 2016 12:36

Re: Equifax security breach

Post by Joebaba »

Thanks AR,

Joe
planB
Contributor
Contributor
Posts: 153
Joined: 16 Mar 2013 19:23

Re: Equifax security breach

Post by planB »

AltaRed wrote: 17 Sep 2017 13:15 Do you mean a 'fraud alert' with Equifax in the USA? Or in Canada? AFAIK, they operate independently.
Sorry I meant the US. Most of my financial activity is currently in the US and I think the risk is higher on the US side. I have had fraudulent charges on my US debit card, credit card and company card. I don't use my debit card for purchases anymore.
thegov
Contributor
Contributor
Posts: 114
Joined: 02 Feb 2009 20:09

Re: Equifax security breach

Post by thegov »

I've had those security alerts on both Equifax and TransUnion since the Home Depot and Peoples Trust events.
They're supposed to last 7 years.
They are there - kind of -- tacked onto a sub-comment on the file.
They don't show up if you're using creditkarma or the like.
When I applied for a CC about 2 years after this, there was no reference to it at all -- no phone calls to check anything unusual -- so I don't know how effective they are.
Okanagan
Contributor
Contributor
Posts: 179
Joined: 22 Oct 2008 17:35
Location: BC - Okanagan Valley

Re: Equifax security breach

Post by Okanagan »

thegov wrote: 18 Sep 2017 18:06 I've had those security alerts on both Equifax and TransUnion since the Home Depot and Peoples Trust events.
They're supposed to last 7 years.
They are there - kind of -- tacked onto a sub-comment on the file.
They don't show up if you're using creditkarma or the like.
When I applied for a CC about 2 years after this, there was no reference to it at all -- no phone calls to check anything unusual -- so I don't know how effective they are.
I had an alert placed on my account after the Peoples Trust event some 3-4 years ago and everytime I applied for a credit card I either had to phone in to find out what happened to my application or I received a phone call from the cc company requesting further validation....so I would say it works, at least in my case....it was sort of annoying so I had them removed from both Equifax and Transunion earlier this year as there had been no issues during the 3-4 prior period.
User avatar
Descartes
Veteran Contributor
Veteran Contributor
Posts: 1856
Joined: 03 Nov 2008 09:59

Re: Equifax security breach

Post by Descartes »

And the hits just keep on coming.. :lol:
Hackers reportedly altered Equifax's credit report assistance page so that it would send users malicious software disguised as Adobe Flash.
http://www.ctvnews.ca/business/equifax- ... -1.3629779

Bunch of monkeys.
"A dividend is a dictate of management. A capital gain is a whim of the market."
thundarr
Contributor
Contributor
Posts: 13
Joined: 12 Oct 2017 16:19

Re: Equifax security breach

Post by thundarr »

Descartes wrote: 12 Oct 2017 15:58 And the hits just keep on coming.. :lol:
Hackers reportedly altered Equifax's credit report assistance page so that it would send users malicious software disguised as Adobe Flash.
http://www.ctvnews.ca/business/equifax- ... -1.3629779

Bunch of monkeys.
Just saw this now on a US site. So this also effects Canada too huh?? I had always figured Equifax's problems were solely American related (every new story i read about it a while back kept indicating it was an American-specific attack). Now i have to do even more serious investigation into my accounts because this is rediculous. Anyway, thanks for the link.
Post Reply