Equifax Breached

Sky-Knight

Sky-Knight

Well-Known Member
Reaction score
5,661
Location
Arizona
Please use the following link, it will take you to a web site where you can use your last name and the last 6 of your SSN to see if you were one of the 143 million Americans that had information stolen in this breach.

https://www.equifaxsecurity2017.com/potential-impact/

Normally I don’t freak out about this sort of thing, but 143 MILLION PEOPLE have been negatively affected by this breach. It’s going to take ages to clean up, and the information stolen is catastrophic, names, addresses, SSNs, phone numbers, bank account numbers, imagine everything on your credit report in the wrong hands!

This sort of thing makes me wonder why I don’t drink.

You’ll want to spread this around too, with almost half our population on that list, people need to know and get ahead of this.
 
The thing is, unless they reissue the numbers this will follow those exposed around for the rest of their lives.
IMO, time to replace the SSN system entirely, its just so flawed (from what I can see as an outsider).

Its used as an identifier as well as a password in some places. Thats like having your password the same as your username.
 
Last edited:
Bryce W said:
The thing is, unless they reissue the numbers this will follow those exposed around for the rest of their lives.
IMO, time to replace the SSN system entirely, its just so flawed (from what I can see as an outsider).

Its used as an identifier as well as a password in some places. Thats like having your password as your username.
Click to expand...
Does Austrailia have something similar to SSN or do you have something completely different or just go by name/ date of birth, etc?
 
Slaters Kustum Machines said:
Does Austrailia have something similar to SSN or do you have something completely different or just go by name/ date of birth, etc?
Click to expand...
We dont have anything similar. We have a Tax File Number which is probably the closest thing. Its used for income tax purposes, superannuation and welfare. Its against the law to use it as a national identification number like a SSN though.

Our healthcare is on a different system called a Medicare number.
 
Last edited:
Oh no... it's against the law to use the SSN for identification as well, in fact nothing other than the Social Security Office is authorized to use it.

The law just isn't enforced because, reasons.
 
Bryce W said:
We dont have anything similar. We have a Tax File Number which is probably the closest thing. Its used for income tax purposes, superannuation and welfare. Its against the law to use it as a national identification number like a SSN though.

Our healthcare is on a different system called a Medicare number.
Click to expand...

How are credit reports or similar things run there? What (theoretically) uniquely identifies you as YOU for those purposes?
 
mraikes said:
How are credit reports or similar things run there?
Click to expand...
There is an interesting read on how Australia scores credit verses the US. Looks like we were mostly negative scoring (like you are neutral unless you had black marks against your credit), but that appears to be changing: https://www.finder.com.au/how-countries-score-credit

mraikes said:
What (theoretically) uniquely identifies you as YOU for those purposes?
Click to expand...
The systems are largely decentralized. Healthcare is a medicare number, tax is a Tax File Number etc.. If I wanted to get a credit card for example, I'd just need a few forms of ID. Photo ID, a bill or something to prove I live at that address etc..
I believe thats pretty much it. Other Aussies might have something to add.
 
BTW - If you follow the link the Ts & Cs say you loose access to any class action suits or other independent legal filings you may have and must submit to the Equifax private arbitration in the future instead of legal action. In other words, you sign off any rights you have against Equifax just to see if you need to have rights against Equifax. The state's attorneys are going crazy.....
 
Sky-Knight said:
Oh no... it's against the law to use the SSN for identification as well, in fact nothing other than the Social Security Office is authorized to use it.

The law just isn't enforced because, reasons.
Click to expand...

That wasn't always the case. In fact, the US Government encouraged its use as an ID for years and things like Military ID and Student Loans were tied to it. Yet the law has always stated that it isn't an ID. Yay bureaucracy!
 
mraikes said:
How are credit reports or similar things run there? What (theoretically) uniquely identifies you as YOU for those purposes?
Click to expand...
It's a system where you must have "100 points of identification."
Example, to open a bank account you must supply enough ID to get 100 points:
drivers license =20 points,
a tax file number = 20 points,
an ABN = 20 points,
a recent utility bill = 10 points, etc, to a total of 100 points.
It's very different if you apply for a home or car loan, or personal loans over a certain amount. There's a lot that goes on (re checks on credit history) in the background (as pointed out in @Bryce W 's link) that you don't see.
 
How many conflict occurrences could there be using their last name and the last 4 (or even less) of their SSN for this look up?
I feel like providing 6 out of the 9 numbers within the SSN is like me confirming that "Hey, I am confirming that this is my SSN and I am aware that my SSN was stolen, so please, I beg you don't cause me any harm!"

Also, when clicking the verification button, it takes you to this: https://trustedidpremier.com/eligibility/eligibility.html, who basically could be anybody.

No good intend for the end user. Just making you sign up for some other crap service from where other hackers could steal your info.

What a joke.
 
This is a blatant disregard of responsibility. This company should be on the hook indefinitely for the affected consumers or sued out of existence.

On their website they released this information today:
"We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638."

This vulnerability has been known and added to a popular IDS/IPS system since March 2017.
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
https://snort.org/advisories/talos-rules-2017-03-07-3-7-2017
They say the unauthorized access happened from May-July.
Why they had a system with this amount of data accessible from it, running a publicly accessible service (obviously) unprotected and unpatched is just a big middle finger to basically 45% of the US population.
 
This company is rediculous. I wanted to freeze my account, so nobody takes credit out in my name because they cannot tell me whether or not my personal information was impacted.

upload_2017-9-14_7-59-3.png


I try to process the request online apparently they cannot process it:

upload_2017-9-14_8-0-11.png


Upon trying again several times, later I get a different message telling me their system doesn't work to go away and bother the other credit reporting agencies whose phone numbers they included!

upload_2017-9-14_8-1-58.png



Everything works flawlessly online in seconds with the other Credit Reporting Agencies. Later I try the automated system via phone and upon being hung up on a few times by the automated system eventually freeze me report.

Then with no warning whatsoever it blabs out a 10-digit PIN needed to unlock my report. Of course, it says it like an auctioneer selling something. Then it says the reference number at normal talking-speed. It asks, "Say, 'REPEAT" to repeat this message," so I do that. It says, "Thank you for using Equifax automated blah blah. <hangs up>"

Doing some checking, to recover my PIN, I now have to write them and mail them via the Post Office including all my personal information and multiple forms of ID. What a bunch of B.S.

I think they need to be forced into settling a class-action lawsuit with 140-million Americans.
 
You must log in or register to reply here.

Similar threads

D
[WARNING] Medusa Ransomware Attack on Milano Salon
Replies
8
Views
630
HCHTech
HCHTech
Metanis
[TIP] Automatic updates to digital wallets!
Replies
1
Views
290
britechguy
britechguy
HCHTech
GoDaddy again - Outlook error 7ita9
Replies
3
Views
182
callthatgirl
callthatgirl
callthatgirl
Forms missing in New Outlook
2
Replies
21
Views
1K
Sky-Knight
Sky-Knight
thecomputerguy
Adding EDR to my stack and how to sell it.
Replies
6
Views
827
Sky-Knight
Sky-Knight
Back
Top