I would not doubt a class action lawsuit results from this, and I'd be very surprised if Elizabeth Warren didn't pursue congressional action against them (although not officers of the company unfortunately).
And then I'll get six months of free credit monitoring from Equifax? Oh boy!!1!
More seriously, this is a breach big enough that Equifax should honestly no longer exist as a company. So call it $100/incident, and I'm happy. Other agencies would still exist, and, although they're just as terrible, it might get them to kick their asses into high gear to fix their security.
Maybe, the suggested demise of Equifax, the extreme perpetrator of neglect in this particular case, should lose the ability to print money, much like Symantec and other ssl cert issuers (identity certifies) for their recklessness; perhaps that doesn't go far enough.
Maybe the whole commercial enterprise of credit reporting (and identity verification) needs to be dramatically reworked in a more modern, sane design, with different governance and oversight.
I went there and used the site and guess what? It doesn't work. It just said 'Thank You!' and gave me an enrollment date. It gave me no info as to if I was one of the people affected.
Likewise, WTF. I thought you were joking but nope, it returns this text:
-----
Thank You
Your enrollment date for TrustedID Premier is:
09/13/2017
Please be sure to mark your calendar as you will not receive additional reminders. On or after your enrollment date, please return to faq.trustedidpremier.com and click the link to continue through the enrollment process.
Even better, they ask for your last name and the last six digits of your SSN to even check your potential impact. The problem is that the first three digits of your SSN are derived from your state of birth, so the last six give up basically the entire thing. http://www.ssofficelocation.com/social-security-number-prefi...
No Evidence of Unauthorized Access to Core Consumer or Commercial Credit Reporting Databases
Company to Offer Free Identity Theft Protection and Credit File Monitoring to All U.S. Consumers
September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.
Did that https work for you? For me it redirects to plain http and then OpenDNS blocks it as a phishing site. Why are they using such a scammy looking domain, anyway? Why not just host it on their main site?
Edit: I'm abroad and just tried through a VPN and it worked. Don't know why I tried without it ...
More seriously, this is a breach big enough that Equifax should honestly no longer exist as a company. So call it $100/incident, and I'm happy. Other agencies would still exist, and, although they're just as terrible, it might get them to kick their asses into high gear to fix their security.