General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsAmateur Equifax Respsonse ,....
According to an article at ARS Technica
,...the website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.
Meanwhile, in the hours immediately following the breach disclosure, the main Equifax website was displaying debug codes, which for security reasons, is something that should never happen on any production server, especially one that is a server or two away from so much sensitive data. A mistake this serious does little to instill confidence company engineers have hardened the site against future devastating attacks.
It was bad enough that Equifax operated a website that criminals could exploit to leak so much sensitive data. That, combined with the sheer volume and sensitivity of the data spilled, was enough to make this among the worst data breaches ever. The haphazard response all but guarantees it.
MineralMan
(146,286 posts)takes you to a third party website. I demurred on that. It's a very, very clumsy way to handle this, indeed.
MLAA
(17,277 posts)But after the I am not a bot test it just stalls. Anyone else have this problem? I am using my iPad.
hlthe2b
(102,225 posts)after the uproar towards Target's comparatively brief delay in notifying customers of a breach that was far less significant in terms of information accessed than this, that Equifax is not getting absolutely roasted. Where is the uproar? They learned this more than a month ago!
CurtEastPoint
(18,639 posts)Unfreeze if you are applying for credit. THis way no one can open crap in your name.
Start here: http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/
customerserviceguy
(25,183 posts)I did it with all three, including Equifax, even though I know I can't trust those motherfuckers.
customerserviceguy
(25,183 posts)Destruction of Equifax.
Let Transunion and Experian see what will happen to them if they fuck up badly. Credit bureaus have the most sensitive information on people, it should be protected at least with military-grade security. Also, you can have redundant layers of security to require several people's usernames and passwords to be able to get at information.
How can we accomplish this? I'm going to write to every one of my creditors and practically demand that they do not send information to Equifax, nor should they ever pay Equifax for a credit report ever again. If we can turn this into a movement, it will be unstoppable.
Creditors bear some of the heaviest costs of cyberfraud, as most consumers are protected from it by probably law, and at least customary practice. Creditors have every reason to punish Equifax for having lax security, and if together we drive them out of business, it will surely be a wake-up call for the other two bureaus to spend whatever it takes to stay in business.
I strongly suggest that any Facebook posts, Twitter tweets, or other electronic communications be as devoid as possible of political language, this is an issue that hits all of us, whichever way we vote. I hope somebody's started a petition with the White House to have Trump see this and get a bit of outrage for it, face it, every silly ass thing he says gets press coverage, whether it's deserved or not.
panader0
(25,816 posts)oppressedproletarian
(243 posts)I was just reading about (sorry don't remember where). Apparently buried in the fine print, is a provision that by accepting the free credit monitoring one agrees to arbitration and gives up their right to participate in any class-action suit. Maybe they have changed this by now but don't know.
Also the article pointed out that 1 year of credit monitoring is not enough.
Besides freezing your credit, one can also get a free credit report from each agency once a year--spread out every 4 months-- thus doing your own "credit monitoring" (of a sort).