You can’t protect yourself from the Equifax breach

TidBITS:

Late last week, news broke of a massive data breach at Equifax, one of the three major credit rating agencies. Equifax may have lost private information, including Social Security numbers, for up to 143 million U.S. consumers, which would be over half of the adult, bank-account-participating population of the country.

Here is how to understand your risk and best live with the exposure.

As always, when Mogull writes/speaks, I listen. Good article even with the sour note at the end.



  • James Hughes

    I’ve done all I can. I froze all my information at all 4 agencies and enrolled in the alerts as well. I have two factor authorization whenever it is available as well as any alerts my bank or credit cards offer.

    I think the government should either allow anyone to change their SS number or better yet, switch to a randomized number system that is generated using a 2 factor authorization system. Something has to change and soon. Luckily as Rich mentions i the article, plenty of politicians have been impacted as well, a great motivator indeed.

    • GS

      I did all that as well. Changing the SS number wouldn’t help as it is still linked back to the original. The fact that these agencies were allowed to store all the information that identifies us, yet not required to secure it beyond what they felt like, is absurd. No matter the security protocol, it fails at the human level, where the customer service representative gets conned into making changes to all your carefully planned measures. It will always be a tradeoff between security and convenience, for both the consumer and the business. Personally I would love to have the ability to opt-in to a system requiring Touch ID (or Face ID) via a device in my possession for any transaction that needs to be certain it is me.

      • James Hughes

        “Changing the SS number wouldn’t help as it is still linked back to the original” I wasn’t aware of that. So then, what good does it do to change your SS# if you are a victim of domestic abuse or identity theft?

        I agree, I always place security above ease of use. You get used to it after a while and I get worried when some institutions don’t offer enough security.

        • GS

          It can help, as long as their data isn’t breached. I would always assume it will be. Per SS: When we assign a different Social Security number, we do not destroy the original number. We cross-refer the new number with the original number to make sure the person receives credit for all earnings under both numbers.

  • SP_Jon_M3

    There are two other pieces of advice that I received that I’ll pass on. That is to setup accounts on both the Social Security Admin and IRS sites before someone else does for you.

    I’ll post the links here, but I understand if you don’t want to use them. You can at least reference them to try and find the pages directly to create the accounts.

    https://www.ssa.gov/myaccount/ https://www.irs.gov/payments/view-your-tax-account

  • bdkennedy

    My mom used to work for Equifax 20 years ago and she always complaining how they were a bunch of fucks. Paying for credit protection is the equivalent of blackmail and now most of those people that paid for it are screwed anyway.

  • Curmudgeon

    States control what the credit rating agencies charge to put a freeze and to unfreeze. With this mess I hope my state gets around to making it free to freeze and unfreeze credit. Soon.