Equifax Settlement after Massive Data Breach

An Equifax settlement has finally been reached – nearly two years after their massive data breach. The company has agreed to a global settlement with the Federal Trade Commission and the Consumer Financial Protection Bureau. The settlement includes a Consumer Restitution Fund totaling up to $425 million to help people affected by the data breach and another $175 million going to all 50 U.S. states and territories.

Padlock with Identity Theft Theme
Nearly 148 Million Records Exposed!

TOTAL INEPTNESS

It was in September of 2017 that Equifax, one of the largest consumer reporting agencies in the world, suffered a data breach that affected roughly 148 million consumers – nearly half the U.S. population.

Equifax’s failure to maintain and update their security system is what caused this preventable breach. Despite knowing about a critical vulnerability in its software, Equifax failed to fully patch its systems. The breach went unnoticed for 76 days.

This epic breach enabled hackers to penetrate Equifax’s systems and exposed the private data of 56% of American adults. Breached information included Social Security numbers, names, addresses, birthdates, credit card numbers and some driver’s license numbers too.  It was, and still is, the largest and most damaging breach of highly sensitive consumer data.

RESTITUTION FUND – JUST A MERE $2.87 – PER VICTIM!
Equifax Settlement
Barely A Slap On The Wrist!

The Equifax Settlement includes a Consumer Restitution Fund totaling up to $425 million that will go to consumers who can demonstrate that they were financially harmed by the breach.  $300 million is dedicated to addressing consumer redress. However, if the $300 million is exhausted, the fund can increase by up to an additional $125 million. The company must also offer up to 10 years of credit monitoring services to those affected by the breach. If you don’t want the credit monitoring service, you may be able to opt for a $125 cash payment, unless they run out of funds. You can’t get both!

Furthermore, Equifax has agreed to take several additional steps to assist consumers who are either facing ID Theft issues, or who have already had their identities stolen. It includes making it easier for consumers to freeze and thaw their credit and making it easier for consumers to dispute inaccurate information contained in their credit reports.

Additionally, the Equifax settlement requires the company to maintain sufficient staff dedicated to assisting consumers who may be victims of identity theft. For at least seven years, Equifax will provide free assistance to victims via their Identity Restoration Services. In other words, if you discover there was misuse of your personal information, call the settlement administrator at 1-833-759-2982 and you will be given instructions for how to access Equifax’s free Identity Restoration Services.

WHAT DO I NEED TO DO NOW?

Equifax is offering FREE Credit Reports for ALL U.S. Consumers. Starting in January 2020, all U.S. consumers can get 6 free credit reports per year for 7 years from the Equifax website. That is in addition to the mandatory free credit report everyone is entitled to each year from each of the three credit bureaus that you get from going to www.AnnualCreditReport.com

To find out if you were one of the over 147 million victims of Equifax’s data breach and an eligible class member, call 1-833-759-2982 or you can click here

*NOTE: If you wish to file a claim, you must file your claim by January 22, 2020.

Visit the Federal Trade Commission’s website for info on How to File a Claim

Read a previous article I wrote about the Equifax Breach to learn how it all came about. And Here for Part Two of that article.

SYNTHETIC IDENTITY THEFT

According to the Federal Trade Commission, 80 to 85% of all identity fraud stems from Synthetic Identity Theft. Fictitious identities are created when an Identity thief creates a fresh new identity using elements of valid and/or fabricated forms of personal information.

As an example – a thief with a stolen valid Social Security number will combine it with a fake name, address and date of birth to create a brand new identity.  Because a valid Social Security # is used, there is no actual victim or true identity behind this false combination of identity elements.

Synthetic Identity Theft

 

Once Created – The Mischief Begins!

The merger of this real and fake personal data is then used to commit criminal, medical or financial fraud. Once an ID thief creates a new synthetic identity, they will attempt to apply for loans, credit or a job; get medical services, obtain cellphone service or even use the synthetic ID if they get arrested.

Remember that this newly created identity still contains your social security # as the main component and source of reference. Therefore, it becomes part of a fragmented or sub-file to your main credit file.

Additionally, fraud alerts, credit freezes and credit monitoring services will not indicate that anything is amiss. These usual protective measures do not stop Synthetic Identity Theft.

Unfortunately, the massive Equifax data breach, reported in September of 2017, exposed the valid social security numbers of nearly 148 million Americans. Realize also that those stolen social security numbers have already been purchased by criminals on the dark web – in underground black markets. Unfortunately, you cannot change your social security number!

 

What are Banks and Credit Card Companies Doing to Combat This?

Financial institutions understand the need to use any and all tools available to stop synthetic identity theft. They’re using advanced analytics, device intelligence and monitoring of underground websites. Credit Bureaus utilize tools that are able to detect when identity elements appear to be used inconsistently. They have developed analytical scores that help them determine whether a Social security # and identity belong to the right person.

A new federal law should also make it easier for creditors to verify ownership of a Social Security # with the Social Security Administration – which should help them verify that credit applicants actually exist.

 

THERE’S NO SILVER BULLET – BUT THESE STEPS MAY HELP

  • Only use an identity theft monitoring service that includes dark web monitoring. The service will check for personal identity elements, such as a SSN, that may have been exposed in a recent data breach.
  • It’s still worth placing a credit freeze with all three of the credit bureaus. Credit Freezes are now FREE in all 50 States as of September, 2018. Here’s is a previous article of mine explaining how to place a freeze
  • Get your free credit report at annualcreditreport.com from one of the three credit bureaus and check to see that there hasn’t been any unauthorized accounts opened.
  • A child’s SSN is often used to create Synthetic ID Theft. So, be sure to also place a credit freeze for your minor children as well.
  • National databases hold the key to discovery of Synthetic ID Theft. The DMV, insurance companies, data brokers, employers, prison or police records may all contain synthetic identities that include your social security number. Use a credit monitoring service that checks national databases.

 

Synthetic identity theft is a complicated and growing problem because it’s hard to detect and prevent this type of fraud. Once these synthetic identities are created, they become ‘verifiable’ identities and can therefore pass traditional security checks.

Unfortunately, it’s going to be up to you to be ever diligent if you want to protect yourself in the age of rampant fraud and deception.

FREE CREDIT FREEZES COMING SOON!

FREE CREDIT FREEZES – Coming Soon!

Thanks to a newly enacted bill, sometime in September, consumers can take advantage of Free Credit Freezes. Because a credit freeze needs to be placed with each one of the three credit bureaus, the new law will help save consumers some money.

Free Credit Freezes
Freeze Your Credit Files ASAP!

The legislation was added as part of the Dodd-Frank bank deregulation bill, passed by Congress earlier this year. The law allows consumers to either place, lift or remove a credit freeze absolutely free of charge.

Before this new law, depending on which State you lived in, consumers had to pay between $2 and $10 to place a freeze. The only way a consumer could get a no-cost credit freeze was if they could prove they were a victim of identity theft.

Brought On By Equifax Breach

Following the Equifax data breach, the advice given by most experts was to place a separate credit freeze with all three of the credit bureaus. You may recall, the Equifax breach exposed the personal data of 148 million Americans. Because social security numbers were exposed in that breach, placing a credit freeze was a consumer’s first line of defense. A credit freeze protects a victim’s credit account by virtually locking access to it. This prevents crooks from applying for credit, using your stolen social security number.

Companies would never approve a loan or a credit card application unless they are able to do a credit check – to see if you are creditworthy. Once a freeze is in place, companies are prevented from checking or viewing your credit file. Therefore, placing a credit freeze protects a consumer from criminals trying to get credit in their good name. Keep in mind that if you yourself wants to apply for credit, you will need to temporarily lift your credit freeze, so that the lender can gain access to your credit file.

NOTE: There’s a difference between a credit “Lock” and a Credit “Freeze”!

Equifax has been offering free credit “Locks” for life as part of its response to their massive data breach. But consumers should be aware that credit “Locks” are NOT the same thing as placing a credit freeze. Credit Locks don’t offer the same consumer protections. They are virtually just an agreement between you and Equifax that can be subject to changes down the line.

Trans Union and Experian also offer their own versions of credit “Locks”. Warning: there are fees involved! Anna Laitin, the director of financial policy with Consumer’s Union recommends freezes rather than credit locks because the rules for credit freezes are established by law. “Consumers will know what they’re getting with a freeze”, she said.

~ See an article I wrote about Credit Locks vs Credit Freezes

CHILD ID THEFT

Children have become a prime target of identity thieves. A million American children became victims of identity theft last year at a cost of 2.6 billion dollars in total losses to the families. Once a thief is able to get identifying information on a child, such as the child’s Social Security number, they can open a credit report on behalf of the child and obtain credit in the child’s name. Fortunately, a provision in the new law also allows for parents or guardians of children under age 16, to set up a credit report and then freeze it at no cost.

What about Fraud Alerts?

Another benefit of the new law also extends the time limit on fraud alerts.  A fraud alert is usually placed to notify the credit bureaus if a consumer suspects they might be a victim of identity theft.  Fraud alerts require businesses to verify an application for credit before giving approval. Originally, a fraud alert was only good for 90 days and had to be renewed again every 90 days for the alert to remain on a consumer’s credit file. The time limit has now been extended from 90 days to a full year.

So, if you haven’t already placed a credit freeze, once September rolls around, you may want to take the advice of experts and place one for FREE!

Please read a previous article of mine if you want to learn more about How to Place a Credit Freeze.

EVERY YAHOO CUSTOMER HIT BY 2013 BREACH

Way back in 2013, Yahoo had 3 Billion customers worldwide – who had a user-account with them. ALSO – way back in the month of August 2013, every single Yahoo customer was affected by a historical data breach. Yes, EVERY SINGLE Yahoo customer was affected in that 2013 breach, totaling 3 Billion accounts!

Every Yahoo Customer
DO YOU YAHOO?

Additionally, Yahoo was hit by another breach in 2014, which they said affected around 500 million of its customers. This breach is believed to be a separate incident from the 2013 breach. In March of this year, the Dept. of Justice indicted four people in connection with the 2014 breach – two Russian spies and two hackers.

It is unclear who was behind the 2013 breach, but the stolen data was up for sale on the dark web shortly afterwards. The dark web is an underground murky network, only accessible through special software, where criminals buy and sell their stolen data.

The compromised information included names, emails, phone numbers, birth dates, encrypted (hashed) passwords, security questions and the answers to those security questions. The stolen passwords were hashed, which is a form of encryption. It will therefore, be more difficult for crooks to crack them.

Although no financial information was stolen from every Yahoo customer, the info that was stolen is more than enough data for any criminal to use, for purposes of identity theft AND account takeover. 

Yahoo will be sending out notices to the additional affected accounts. Following their prior hacking revelation, Yahoo required password changes and invalidated un-encrypted security questions, in order to protect user info.

WHAT CAN YOU DO ABOUT IT? 
  • ALWAYS use unique passwords for each of your accounts. It is never a good idea to reuse the same passwords. Also, change your passwords periodically.
  • Make your passwords long, complex and hard to crack. Use sentences or phrases. Mix it up with numbers, symbols and upper & lower case letters.
  • Use two-factor authentication on all your important accounts. A code will be sent to your phone or email before you can successfully login to your account.
  • Beware of fake targeted emails that claim to be from Yahoo. These fake emails appear to be legitimate and will contain links and/or attachments designed to lure you into clicking on or opening them up. You’ll end up infecting your computer if you do!
  • Information you post on social media, coupled with what’s available via pubic records, makes it easier than ever for crooks to guess your security questions. So, use nonsensical answers to security questions instead of the actual real correct answer. For Example: Question: Mother’s maiden name – Answer: Pizza. Be absolutely sure to keep a record of those nonsensical answers you used, you may need them for future reference.

SONIC Breach- 5 Million Debit & Credit Card Info Stolen

The recent Sonic Breach reported by the fast food chain was a breach of their card processing system. The Sonic Breach resulted in the theft of 5 million credit and debit card information. The chain has more than 3,500 locations in 44 states. At the time of this writing, Sonic did not disclose the number of its restaurants that were potentially affected.

The stolen card data included the zip codes of the card holders!

The fact that zip codes were included as part of the stolen information, makes the resale of this information more valuable.

The zip codes allow a criminal to know exactly which geographical area the card originated from. This in turn, helps the criminal avoid making their purchases look suspicious; by only using the card to make purchases in the cardholder’s local geographical area.

Sonic Breach of Card Info

The information from the Sonic breach is already being sold on the Dark Web, which is the part of the Internet where criminals go to purchase stolen data. The card data will fetch a price of about $25 to $50 each, depending on the type of card (debit or credit) and the card limits available.

It seems like almost every week we hear news of another data breach. Your personal information is only as safe as the companies entrusted to protect it.

The Sonic Breach could have been totally avoided had Sonic updated their processing equipment to accept the more secure EMV chip cards. Instead, they’re still using the old style magnetic-strip for their card processing.

WHAT CAN YOU DO TO PROTECT YOURSELF
  • Avoid making purchases at retailers who have not yet switched to the new EMV system.
  • If you used a credit or a debit card at a Sonic restaurant in the last 6 months, be sure to carefully monitor your accounts for any sign of fraudulent purchases.
  • If you discover any fraudulent purchases on your credit card bill, notify your credit card company. In the case of a DEBIT card, be sure to notify your bank immediately, to prevent the money in your checking account from getting completely wiped out.
  • Debit cards do NOT have the same consumer protections as credit cards. Therefore, in the future, refrain from using your debit card except at an ATM. If your debit card gets stolen or skimmed, you could lose all the money in your checking account if it is not timely reported to your bank. Also, the funds in your checking account will be frozen while the bank investigates, denying you access to your account during the process.

Until all businesses switch to the newer and safer EMV chip cards, we will unfortunately see more and more breaches like this one.

It is up to you to remain ever vigilant!

EQUIFAX BREACH EXTREMELY DAMAGING

Why is the Equifax breach extremely damaging? Because the typical information required to prove your identity is now in the hands of the bad guys!

YOU CANNOT HIDE YOUR HEAD IN THE SAND AND THINK YOU’LL BE IMMUNE! 

An identity thief will go to great lengths to dig up your personal identifying information (PII) so they can impersonate you and then commit ID theft. This Equifax breach has already completed that part of the job for them.

Remember that 145.5 million Americans (over ½ the U.S. population) have had their PII stolen! Your information will likely be auctioned off on underground websites to opportunistic criminals, across the planet. Armed with your PII, a criminal can do a lot of damage to your identity, your good name and your financial records!

equifax breach extremely damaging
ARE YOU ANGRY YET??? YOU SHOULD BE!!!

How is the Equifax breach extremely damaging? Let’s count the ways… 

  1. Pretexting – Criminals will use your PII to convince your bank, credit card company, utility or phone service to make changes to your accounts. Your PII gives them the ability to change your email address, PINS, passwords, direct deposit info, phone # and home address. They’ll even change the answers to your secret questions – all in their quest to gain access to private information or to lock you out of your own
  2. Tax ID Theft: File fake tax returns to get large refunds.
  3. Credit Fraud: Open new lines of credit in your name (personal loans, auto loans, mortgages, new credit cards).
  4. Counterfeiting: Create fake ID’s like driver’s licenses, passports, insurance cards, etc.
  5. Criminal ID Theft: Use your ID to give to police if they get arrested.
  6. Medical ID Theft: Create medical insurance cards to get medical services or commit insurance fraud.
  7. Employment ID Theft: Use your PII to get a job and collect a paycheck.
  8. Financial ID Theft: Open bank accounts in your name and pass around bad checks.
  9. Malware/SPAM: Infect your devices with Malware by sending SPAM emails or texts, purported to be from Equifax. SPAM emails and texts are designed to lure you to click on links or open attachments that infect your devices and turn them into ‘bots’.
  10. Spoofing/Phishing: Imposter phone calls from Equifax employees or clickable links that lure you onto a fake Equifax website. Offers of free credit monitoring services or class action lawsuits, designed to phish for additional info, like your credit card number

YOU MUST LEARN WHAT TO DO TO PROTECT YOURSELF! YOU MUST BE PRO-ACTIVE AND EVER VIGILANT!  AND PLEASE – PASS IT ON…

READ MY PREVIOUS EQUIFAX BREACH ARTICLE TO LEARN WHAT YOU NEED TO DO.

 

EQUIFAX BREACH UPDATE

HERE’S AN EQUIFAX BREACH UPDATE

Equifax announced last week that they suffered a data breach that may have affected 143 million (Updated to 145.5 million) of its customers. Social Security numbers, names, addresses and even some Driver’s Licenses and credit card numbers were breached.

If you add this Equifax breach to the other 700+ data breaches this year, (as of June 2017), chances are that your personal information has already been exposed.

The sheer size of this recent breach is so large and the potential harm so great, it makes sense to assume the worst!

Equifax Breach Update
143 Million Records Exposed!

Equifax has launched a tool to let you know if you’ve been affected by this breach. Go here: https://www.equifaxsecurity2017.com/potential-impact/  You’ll need to provide your last name and the last six numbers of your Social Security number. Alternatively, you can call them at 888-548-7878.

If you were impacted, Equifax is offering free credit monitoring via its own company – TrustedID Premier.  However, you won’t be able to enroll in it immediately.  You will be given a date when you can return to the site to enroll.  Equifax will NOT send you a reminder, so mark the date on your calendar to enroll. The deadline to sign up for credit monitoring expires November 21st.

Under pressure from N.Y. Attorney Eric Schneiderman and others, Equifax has now removed the waiver of your rights to participate in a class action suit as a condition of accepting their free credit monitoring.  Because they have now removed this clause, in their terms of agreement, I now advise that you sign up for the free credit monitoring service, ASAP!

A reminder that you have a right to a free copy of your credit report, once a year, from each of the 3 credit bureaus. There is the only federally authorized website to get your free report. Go here to get your free report: https://www.annualcreditreport.com/index.action

What you should do is stagger those requests among the three credit bureaus, by only requesting one of them every 4 months. That way you will have viewed your credit report, for free, 3X during the year.

TIPS:  The advice from my previous article is much the same.

  • Place a credit freeze with all 3 credit bureaus, ASAP. Equifax has now offered to waive the fee to place a credit freeze on their site. You’ll still have to pay the small fee to place a freeze with the other two.
  • In addition, get copies of your credit reports to see if there’s anything on them that might be an indication that you have already been a victim. Remember although this breach was announced last week, the breach actually happened a few months ago.
  • Be sure to monitor ALL of your financial accounts for any signs of trouble or inaccuracies.
  • Use two-factor authentication and set up spending alerts on your credit cards.
  • Watch out for Phishing Spam emails from Equifax Imposters trying to lure you into clicking on links regarding this breach. DON’T fall for it!

You can learn how to report and recover from identity theft by visiting FTC’s website:  http://www.identitytheft.gov  or by calling them at 1-877-438-4338.  The FTC provides information on how to protect yourself after a data breach.

Here are the online links and phone numbers of each of the 3 credit bureaus to place a credit freeze.

 

EQUIFAX DATA BREACH – EPIC AND INTRUSIVE

The recent Equifax Data Breach is Epic. It ranks among the largest and most intrusive cybersecurity breaches in history!  

Equifax Inc. said its systems were struck by a cyberattack that may have affected about 143 million U.S. customers of the credit reporting agency. 

UPDATE:: This figure has now been increased to 148 million customers affected

The credit-reporting service discovered the intrusion between May and July of this year. This latest Equifax Data Breach intrusion has jeopardized names, addresses, Social Security numbers, birth dates and even some driver’s license numbers and credit cards.

The CEO said in a statement that “it strikes at the heart of who we are and what we do”.  But apparently, talk is cheap – as this is the third time Equifax has had a breach in less than two years. Additionally, another major credit bureau Experian, had also suffered a large data breach that impacted and exposed millions of records of Americans.

Equifax Data Breach
YOUR IDENTITY IS AT RISK!

Credit Bureaus make piles of money by compiling incredible amounts of sensitive detailed dossiers on consumers and then selling that information to marketers.

 

Therefore, it is unfathomable why a company like Equifax, who is responsible for compiling and safeguarding so much sensitive data, have shown themselves to be such terrible stewards of that data.

Regardless of whether your information was compromised, Equifax is offering everyone the option to enroll in their in-house credit monitoring service – TrustID Premier –  owned by Equifax.

 

 

Typically, the way these ID Theft Protection Service arrangements work is the credit monitoring is free for a period of time (usually one year) and then, consumers are pitched to purchase additional protection once their free coverage expires.

 MY ADVICE:

  • Place a Security Freeze (aka Credit Freeze) with all 3 credit bureaus instead. Do this ASAP for all family members!
  • Be sure to check and monitor your credit report often. To do so – go to annualcreditreport.com  for your free federally authorized credit report.
  • Monitor all financial accounts and billing statements for any suspicious activity.
  • Watch out for SPAM Phishing emails in which scammers will entice you to click on tainted links or open attachments in emails regarding this data breach.

P.S. There was a news story in Bloomberg yesterday indicating that three top Equifax executives sold millions of dollars worth of stock during the time between when the company says it discovered the breach and when it notified the public and its investors. The executives reportedly told Bloomberg they didn’t know about the breach when they sold their shares. A law firm in NY has already announced it is investigating potential insider trading claims against Equifax. To be continued…

Verizon Data Breach

Verizon Logo

This most recent Verizon Data Breach affected between 6 to 14 million of its customers. The compromised data included names, addresses, email addresses and PINS. Fortunately, only those who called customer support in the past six months were affected.

How It Happened:

The privacy of your personal data is only as good as the company that is responsible to protect it. In this most recent Verizon Data Breach, the culprit was a third party vendor, Nice Systems, who handles their customer service. Customer data was inadvertently stored in a misconfigured security setting. It was available on a cloud storage area – that anyone could access.

What You Should Know:

The worst thing about this breach is that PIN numbers were compromised. Armed with a PIN number, a hacker can easily gain access to a customer’s account. As a result, a miscreant can change the password and other settings in the breached account. They would also likely cut off access to the real account holder.

Furthermore, just like passwords, people tend to use the same PIN number for more than one account. Consequently, anytime the same PIN number is used on another account, those accounts could also become compromised.

TIPS – If you were affected by this Verizon Data Breach…

First: Immediately change your PIN number on your Verizon account.

Second: If you used the same PIN number on any other account, change it and be sure to assign a unique different PIN number for each of them.

Third: Watch out for emails, that although they may appear to be originating from Verizon. They may be fake emails that Phish for further information about you. Many of these emails contain a link that you are enticed to click on. Always ignore and delete any emails with seemingly urgent messages – that lure you into clicking on a link. Always remember, that no legitimate company will provide a link that asks for personal information in an email.

Warning: Never click on any links in unsolicited emails, unless you are 110% sure the email is legitimate. Always verify, verify, verify.