Is anyone concerned about the Equifax leak of personal information...including social security numbers? I have not had any debt for the last ten years and only use a debit card. I am not sure that I understand the degree of exposure risk or the details of how it all works, but it would seem that no one is exempt from the risk of identity theft and because the information includes social security numbers, it is more serious and different in nature than some of the hacks like Home Depot and Target. The solutions Equifax have offered look mostly bogus and the fixes I've run across are cumbersome. This is probably the most informative information I've found so far.

https://www.nytimes.com/2017/09/08/your-money/identity-theft/equifaxs-instructions-are-confusing-heres-what-to-do-now.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news

I've gotten so used to these types of things should I just ignore them anymore. That's probably not the best plan but I can't live on high alert every day.

I think it's a very serious security issue, and hope it will lead to a better security architecture for our personal information.

Right now the entire system is flawed, based on "shared secrets" that aren't really secrets at all, less so now that Equifax has made it trivial to harvest the whole list.

I've gotten so used to these types of things should I just ignore them anymore. That's probably not the best plan but I can't live on high alert every day.

+1

(and where is the government in all this - at least they shouild be cracking down hard on Equifax/ Oh right looks at who is in charge - shippest of biggest fools ever to sail the ship of state ever - never mind ....)

(and where is the government in all this - at least they shouild be cracking down hard on Equifax/

"Cracking down hard" still doesn't address the problem that now the social security number and associated other personal identification of pretty much every adult American is now in the hands of criminals, and that the entire basis for identification verification used in this country is now worthless.

"Cracking down hard" still doesn't address the problem that now the social security number and associated other personal identification of pretty much every adult American is now in the hands of criminals, and that the entire basis for identification verification used in this country is now worthless.

well no but then punishing crimes doesn't always undo them either. Perhaps this stuff never should have been left up to unaccountable companies in the first place. Or they should have been very tightly regulated at any rate.

well no but then punishing crimes doesn't always undo them either.

What crimes did Equifax commit?



Perhaps this stuff never should have been left up to unaccountable companies in the first place.


Seems a bit early, and incorrect, to maintain that Equifax is "unaccountable". There may well be torts cooking in ovens as we speak. I'd certainly at this point read very carefully the fine print in any "benefit" or "remedy" they offer up - I'd expect to see liability releases hidden in there.


Or they should have been very tightly regulated at any rate.

What regulations are they subject to now?

What "tighter" regulations would prevent this sort of incident? How would they be implemented/enforced?

DH and I are both on the list of "probably compromised," but yawn. My data has been compromised all over the place, but it honestly hasn't impacted us much. It seems like we've established enough good credit behaviors over our lifetimes that when we say, "no, we did not order a piano," they believe us and no piano is delivered anywhere.

I don't see a practical way to do anything, and I suppose the odds of someone singling one person out of the other 120 million people are small. It just seems like a quantum leap worse than someone having your credit card information and trying to make purchases or withdrawals. I could imagine that once a person has you name, address, and social there are a multitude of identity theft schemes that could be more damaging.

I don't see a practical way to do anything, and I suppose the odds of someone singling one person out of the other 120 million people are small. It just seems like a quantum leap worse than someone having your credit card information and trying to make purchases or withdrawals. I could imagine that once a person has you name, address, and social there are a multitude of identity theft schemes that could be more damaging.

I'm just glad that the broker that holds the bulk of my sorta-liquid assets uses biometrics, and requires a voice communication in addition for some transactions.

I mean, someone could still kidnap me and force me to Do Things, but I lock out my accounts when I'm travelling in Dark and Scary places.

There are other vulnerabilities to their scheme, but they are pretty action-movie-villain. For most any security protocol, the weak spot is the human factor....

Personally I'm considering locking down my credit reports. Having a credit card stolen is no big deal. Having my social security number stolen is a whole different story.

An article I read today (don't know the accuracy) said that you can sign up for the equifax credit monitoring and still opt out of their assholish arbitration agreement by sending them a snail mail letter. Details in this link: https://www.valuepenguin.com/2017/09/what-you-should-now-do-about-massive-equifax-data-breach

I could imagine that once a person has you name, address, and social there are a multitude of identity theft schemes that could be more damaging.

And this is what bae is trying to point out. The media should be SCREAMING about what a disaster this is. A whole lot of people are going to eventually realize how mofo serious this is only after they get royally and truthfully f'ed. A new credit card number is easy to get. A new social security number it not possible. Let me repeat, if your SSN has been stolen it will NEVER BE SECURE AGAIN. You will spend the rest of your life struggling with this issue.

You will spend the rest of your life struggling with this issue.

It's not that bad.

On my Black Hat mailing list, the following simple steps are suggested to protect your identity/security, moving forward:

- change your social security number
- change all your previous and current addresses
- change your previous phone numbers
- change your mother's maiden name
- change the amounts and institutions of all previous paid-off loans
- change all employers you may have worked for in the past
- change the names of all the people you may have married in the past
- grow up in a different town, and change the names of your elementary and middle school
- your high-school sweet-heart, change her name
- buy different cars in the past, especially your first one

There are a few more, but you get the idea.

Personally I'm considering locking down my credit reports.

This is a very very very very good thing to do.

We locked our credit some time ago. Hubby also monitors our credit cards. He has electronic notification of all transactions. Previously he had used $100 for notifications but many problem transactions can be as low as $1 so he changed that to all.

Note, in Indiana it apparently is a law that they cannot charge for this service.

Please explain what is meant by "locking down one's credit report". This is the first that I have heard of it.

I just read an article about this and thought it was a good idea. I locked my credit report with Experian for $5, no issues. Then I went to Equifax. They put the lock in place with no fee (leading me to believe it's free as a remedy because my data was compromised), but then they didn't show me my PIN. Instead I got a message "couldn't open PDF". I tried again to get to the site but it only give me options to lift the lock. So if I ever need to apply for credit I won't be able to because I don't have the PIN to temporarily lift the lock. I feel like I just made things worse for myself. Since I don't have hours to sit on hold and probably not get to a live person anyways I am writing them a letter complete with screen shots telling them they need to fix this or I am going to the appropriate governmental authorities. I will wait to see the upshot of that before doing anything with Transunion.

I hope this problem kills Equifax as a company. If no one used them anymore it wouldn't matter but everything from job applications to homeowners insurance is tied to these credit reports.

I understand that Equifax will be monitoring the compromised accounts for one year. Heads Up to the crooks: wait 366 days before using data. <Just kidding.>

Please explain what is meant by "locking down one's credit report". This is the first that I have heard of it.

https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

Here's the lowdown on it. Basically you have to lock each of the three credit bureaus separately. They can charge for this, although some states regulate the amount. They give you a PIN which you have to use to "unlock" it, which they also charge for each time you unlock it. Anytime you want to open up new credit anywhere you have to ask which credit bureau they will be getting a report from and then unlock that bureau for a few days until the report is run, and then relock it. It's a hassle, which is why I've never done it, but it will prevent anyone from successfully using your identity. Brian Krebs, one of the main journalist/bloggers on cyber security locked his a few years ago and shortly after that he was targeted by cyber criminals trying to open up fake credit accounts for him. He ended up getting a couple dozen declinations from banks as a result. It would have been a huge mess to clean up if he hadn't done the credit lock up before the criminals got started.

Not sure how it works for Canadians, but I assume there's some sort of similar process. I'd look on your version of the FTC's web site for details.

I just read an article about this and thought it was a good idea. I locked my credit report with Experian for $5, no issues. Then I went to Equifax. They put the lock in place with no fee (leading me to believe it's free as a remedy because my data was compromised), but then they didn't show me my PIN. Instead I got a message "couldn't open PDF".

I would half expect them to mail you the pin, to your permanent mailing address, along with the other legal notice stuff. (legal stuff goes through the mail, traditionally)

This whole mess, makes me hear a late neighbor and her daughter about how the SS# was only supposed to be used for social security, and not for ID.
It also makes me appreciate being more of a cash person, then a credit person.

I hope this problem kills Equifax as a company. If no one used them anymore it wouldn't matter but everything from job applications to homeowners insurance is tied to these credit reports.

potentially for jobs yes, but it means also I may never be able to rent another apartment as long as those locks are on for sure, I guess I better get used to being here (eh at least I somewhat like this apartment ..)


Then I went to Equifax. They put the lock in place with no fee (leading me to believe it's free as a remedy because my data was compromised), but then they didn't show me my PIN. Instead I got a message "couldn't open PDF". I tried again to get to the site but it only give me options to lift the lock. So if I ever need to apply for credit I won't be able to because I don't have the PIN to temporarily lift the lock. I feel like I just made things worse for myself. Since I don't have hours to sit on hold and probably not get to a live person anyways I am writing them a letter complete with screen shots telling them they need to fix this or I am going to the appropriate governmental authorities. I will wait to see the upshot of that before doing anything with Transunion.

horrible, thanks for the warning, not that there are any good alternatives, but yea a freeze that can't be unlocked because their software is broken might be worse than no freeze. Trans-union seems to work btw, I think in your case Equifax managed to screw up the freeze as well ....


The media should be SCREAMING about what a disaster this is. A whole lot of people are going to eventually realize how mofo serious this is only after they get royally and truthfully f'ed. A new credit card number is easy to get.

maybe the media should be but the media can't really actually DO anything they can just raise the issue, it's really the government that should be looking into this and seeing what can be done (even if it's just issuing everyone a new SSN, or seeing what to do about potential tax or benefit fraud due to identify theft - but really they should be exploring the whole of the issue - I mean half the country having a credit freeze on really gums of the works of you know the economy ...). But like I said complete maroons are running the place at present so I wouldn't have much hope ... the worst government money can buy and all.

I read in Europe consumers can demand a credit bureau delete all their data and the bureau has to comply.

potentially for jobs yes, but it means also I may never be able to rent another apartment as long as those locks are on for sure, I guess I better get used to being here (eh at least I somewhat like this apartment ..)



horrible, thanks for the warning, not that there are any good alternatives, but yea a freeze that can't be unlocked because their software is broken might be worse than no freeze. Trans-union seems to work btw, I think in your case Equifax managed to screw up the freeze as well ....



maybe the media should be but the media can't really actually DO anything they can just raise the issue, it's really the government that should be looking into this and seeing what can be done (even if it's just issuing everyone a new SSN, or seeing what to do about potential tax or benefit fraud due to identify theft - but really they should be exploring the whole of the issue - I mean half the country having a credit freeze on really gums of the works of you know the economy ...). But like I said complete maroons are running the place at present so I wouldn't have much hope ... the worst government money can buy and all.

The federal government isn't going to do anything about this for a couple of reasons. First, like healthcare, data security is a complex problem and congress's forte is not dealing with complex issues in a meaningful and rational way. Second, the government still, to this day, doesn't really believe in people having truly unbreachable technology. Most people in senior levels of the government, like the NSA, believe that encryption should have a "back door" that the government can access. The history of the government's efforts to thwart encryption, initially by classifying it as a weapon and therefore not exportable, are fascinating. There's a book I'd recommend but unfortunately I can't for the life of me think of its title. Perhaps bae knows the one I'm thinking of. And the #2A reason is that when the government learns of a bug in the security of a system they don't necessarily tell the manufacturer of that software. Instead they often will utilize it for spying purposes.

States, to some degree, have stepped up in the federal government's absence. 47 of them have data breach notification laws. This is less than ideal since the laws differ in the details which makes it somewhat more complicated for a business who has customers from a variety of states. And it also kind of sucks for residents of NM, AL, and SD, the three states that don't have data breach laws.

Today I decided I should probably freeze my Transunion credit file as well and was pleasantly surprised that I can lock and unlock it myself for free and with no waiting period.

The CEO of Equifax and any of the high ranking officers who crash sold shares of Equifax after they learned of the breach of data on July 29th are probably going to be asked to do some explaining.

I checked wih Equifax and learned to my dismay that I was probably compromised. I did apply for a credit freeze with their company through the website. No doubt there was language buried in the acknowledgement that restricts my ability to legally pursue damages but then again, my income quite nicely does the same thing. Perhaps a person like bae could afford to pursuade them of their wrongdoing.

I am going to conference with the wife about freezing all three companies as we have no immediate plans on borrowing. I have tried to unscrew identity theft messes both professionally and personally in the past and it is an enormous headache. Better to try to lock the door instead of try to get the horse back in the barn.

This is truly what you would expect from a third world company and the result just might be large enough to impact any economic growth that might have otherwise occurred. With the two untimely hurricanes , I'm wondering if Russia isn't also controlling the weather.

I did all three for both my husband and me. It took a while, but not awful. Only Transunion charged $5 each and that seems a cheap price if it will stop hours of hassle. Now to change the passwords on the on line accounts....

Oddly, my wife's information was not impacted. Lucky me. Well, I guess I will begin jumping the ditch now that I have come to it alone.

The site said my information was not impacted, but who really knows? I'm considering a credit freeze anyway.

Oddly, my wife's information was not impacted. Lucky me.
Same here. Still trying to figure out that one...

I checked today and mine was impacted, so since I had issues with Equifax's freeze I tried to sign up for their True Identity but they said they have a high volume of requests, it may take days to get confirmation that I am enrolled, I must keep checking my spam folders, and no phone number was provided to call for assistance. The evening news reported they are not responding to interview requests (although their CEO previously said how they respond to the breach and not the breach itself would define them). Nothing they do seems to work.

My letter to them demanding redress went out in the morning's mail. I have no desire to phone their call center in the Philippines.

I checked today and mine was impacted, so since I had issues with Equifax's freeze I tried to sign up for their True Identity but they said they have a high volume of requests, it may take days to get confirmation that I am enrolled, I must keep checking my spam folders, and no phone number was provided to call for assistance. The evening news reported they are not responding to interview requests (although their CEO previously said how they respond to the breach and not the breach itself would define them). Nothing they do seems to work.

My letter to them demanding redress went out in the morning's mail. I have no desire to phone their call center in the Philippines.

Well, it wouldn't surprise anyone that Equifax has combined the response of TrueID with terms of service clauses that shield the company from liability arising from claims based on their own screw up. Basically, if you check if you are at risk on their site, in order to get a response you have to accept their terms which provide for broad immunity and forced arbitration. In other words, the attorneys get the millions of dollars and you get the pennies in the settlement.

They must be preparing for the nuclear option.

This is from the Equifax website:
September 11, 2017

We are committed to keeping consumers updated on the steps we are taking to provide them with the support they need and address any issues they are facing in response to this incident. We recognize that some consumers continue to face challenges and in response we have made the following updates:

1) Adjusted our PIN Generation for Security Freezes
We understand and appreciate that consumers have questions about how a PIN is currently generated for a consumer initiating an Equifax security freeze solution. All consumers placing a security freeze will be provided a randomly generated PIN.

2) Call Center Support
When we recognized that Hurricane Irma could impact some of our call center wait times, we arranged to ramp up agents quickly to replace agents impacted by the storm and updated our website to make consumers aware of the situation.

3) Clarification Regarding Automatic Sign-Up to TrustedID Premier
We are not requesting consumers’ credit card information when they sign up for the free credit file monitoring and identity theft protection we are offering to all U.S. consumers. Consumers who sign up for TrustedID Premier will not be automatically enrolled or charged after the conclusion of the complimentary year of TrustedID Premier.

4) Obvious Link from Equifax.com
To make it easier for consumers to find the website dedicated to providing information about this incident, we have reconfigured our website, www.equifax.com, to feature the link more prominently.

5) Adjusted the TrustedID Premier and Clarified Equifax.com
We’ve added an FAQ to our website to confirm that enrolling in the free credit file monitoring and identity theft protection that we are offering as part of this cybersecurity incident does not waive any rights to take legal action. We removed that language from the Terms of Use on the website, www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident.

We are listening to issues consumers have experienced and their suggestions. These are helping to further inform our actions, and we are now sharing regular updates on this website. Thank you for your continued patience and feedback as we continue to improve this process.

https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do

https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do

Thanks for this clear article.

We were not, apparently, involed in this
equifax hack, but it is still a good idea to freeze credit. This is in my goal list for this month.

Thanks for the links and information above.

I froze Equifax last night. Damned if they're going to get another chance to screw this up. Put a fraud alert on the other two.

I disagree that it's their reaction to this which will define them. That worked for McNeil when some sociopath was opening up bottles of Tylenol and adulterating them. McNeil has no control over what happens on store shelves. Equifax is supposed to provide and (implicitly) protect data. They had ONE job. And they &^#%ed it up. I really hope to see some high-level falling on swords. But I won't put much faith in that happening.

I froze Equifax last night. Damned if they're going to get another chance to screw this up. Put a fraud alert on the other two.

I disagree that it's their reaction to this which will define them. That worked for McNeil when some sociopath was opening up bottles of Tylenol and adulterating them. McNeil has no control over what happens on store shelves. Equifax is supposed to provide and (implicitly) protect data. They had ONE job. And they &^#%ed it up. I really hope to see some high-level falling on swords. But I won't put much faith in that happening.

I don't watch news or read it pathologically like a lot of people in my position but it seems to me that this should have been a news story the size of Enron or the housing bubble. It really has the potential of doing extreme harm...does it not? So if I am in a position of controlling the sensitive information of half the country, doesn't that make me a huge security risk in and of itself? How does three companies get the monopoly on this business? And why can't I opt out, completely?

Checked myself out and not one of the affected ones.

I put a freeze on both my accounts and my husbands...all told, maybe an hour to get it done. Morning show said to check innovis as well, so might do that today. I really MUST get these papers all organized! I will change all my banking passwords, too.

Okay, a stupid question maybe....I went to TransUnion and was funneled straight to the TrueID website which offered "free" credit freeze. When I filled out the infor, at the bottom was a statement acknowledgement that I agreed with the terms and the arbitration clause. What? Funny how that word keeps showing up!

I have an person report now of trouble freezing at Equifax, so the site for freezing credit cards at Equifax is most certainly buggy, sometimes works, sometimes doesn't. The other sites seem to be consistently working correctly. Yea isn't it ironic, the only reasn anyone is even doing this freezing cr@p is because of Equifax and there site doesn't reliably work for it!

Yea isn't it ironic, the only reasn anyone is even doing this freezing cr@p is because of Equifax and there site doesn't reliably work for it!
My guess is that the IT honchos there never figured on so many people trying to freeze their credit at one time and the system is bogged down from the load. Then again, these same honchos apparently never figured on whatever vector the thieves used to steal the data. So let's just say they're not particularly good at their jobs...

I have tried numerous times all three websites for the credit report ....let's just call them honchos SteveinMN.....the honchos websites work about as well as the government Obamacare website did when it was launched. I can't get anywhere. I then went to the annualcreditreport.com website to at least request my free annual credit report and low and behold, it pretty much just shoots you over to the honchos websites and they are brick walls. Now it is ironic that the people they are suppose to serve, can't get the information that they need or block the information so that further harm is minimized but yet nefarious actors can seize anything they want.

Now this breach occurred oh anywhere from two months to six months ago depending the source and yet nothing has been stated as to who or what entity might have gotten the info. There is a stinking skunk in the woodpile here. Someone has already made a pallet load of cash on this.

I am considering mailing to each credit report company a request for a copy of my credit report......hard copy by snail mail.....and a credit report freeze. Certified mail, return receipt .

Now just imagine you do get them to freeze you credit reporting....then you need a thaw so that you can get a house or a car but these honchos are not responding or their websites are frozen.... .wouldnt that be insult to injury?

I have tried numerous times all three websites for the credit report ....let's just call them honchos SteveinMN.....the honchos websites work about as well as the government Obamacare website did when it was launched. I can't get anywhere. I then went to the annualcreditreport.com website to at least request my free annual credit report and low and behold, it pretty much just shoots you over to the honchos websites and they are brick walls. Now it is ironic that the people they are suppose to serve, can't get the information that they need or block the information so that further harm is minimized but yet nefarious actors can seize anything they want.

Now this breach occurred oh anywhere from two months to six months ago depending the source and yet nothing has been stated as to who or what entity might have gotten the info. There is a stinking skunk in the woodpile here. Someone has already made a pallet load of cash on this.

I am considering mailing to each credit report company a request for a copy of my credit report......hard copy by snail mail.....and a credit report freeze. Certified mail, return receipt .

Now just imagine you do get them to freeze you credit reporting....then you need a thaw so that you can get a house or a car but these honchos are not responding or their websites are frozen.... .wouldnt that be insult to injury?

I wonder how many states AG's are getting letters with the same questions your asking?

Now just imagine you do get them to freeze you credit reporting....then you need a thaw so that you can get a house or a car but these honchos are not responding or their websites are frozen.... .wouldnt that be insult to injury?

To rub salt into the wound, I've been reading that the credit agencies may be the bigger risk, but I've seen that the hacked information is basically enough to assume your identity and could include applying for government benefits. One article recommended filing taxes as early as possible just in case someone is going to file a fraudulent return in your name. I could picture an ambitious person figuring out how to access some personal bank and brokerage accounts, but that doesn't seem too likely. I would just guess there is a market for valid socials to sell to undocumented immigrants.

Whether laws were broken, I don't know, but some sort of corrective action to prevent this from happening again is in order.

One article recommended filing taxes as early as possible just in case someone is going to file a fraudulent return in your name.

yes but as anyone who has ever held a taxable investment knows this isn't always possible as even though you are supposed to be given all information by the end of January (which is already LATE for filling early) often this is not the case, and the information one needs to file does not exist ANYWHERE (not in the mail AND not online) yet because it hasn't been created yet (well the actual tax forms haven't, maybe we should all forget about having tax forms to file, and just estimate everything for ourselves. One can always file an amended return I suppose ...). A far more doable course that this non-practical advice, might be to under-withhold, so no refund is possible, at worse you pay a penalty for that.

F@#$ our government you know just F it. They give this utter BS advice knowing full well brokerages don't comply in sending information early. They do absolutely nothing to enforce compliance on their part (but it's all the @## individual's filing a 1040s responsibility, isn't everything, some little person's responsibility?). And far more centrally, as the brokers are somewhat peripheral really, they do nothing to pursue tax fraud, which really truly is completely and entirely on them. I'm sorry but what sorry government do we have that can't adequately pursue fraud on it's own tax filings? I know there is politics behind this but it's all garbage, the IRS should be funded enough to and should take tax fraud seriously period.

I'm thinking the Social Security administration should just issue everyone new numbers and Equifax should pay for the administrative costs. But I suppose that is as likely as Mexico paying for the wall.

I can't get anywhere. I then went to the annualcreditreport.com website to at least request my free annual credit report and low and behold, it pretty much just shoots you over to the honchos websites and they are brick walls. Now it is ironic that the people they are suppose to serve, can't get the information that they need or block the information so that further harm is minimized but yet nefarious actors can seize anything they want.
My last job in Corporate America was in computer performance testing -- determining how well Web sites and applications hold up when they're loaded with users. Interesting detective work (if it hadn't been for the steaming pile of software we were required to use to do the testing)! Anyway, I'm guessing Equifax, Experian, TransUnion, and annualcreditreport.com are bogged down with pretty much every American trying to get there to request and/or put fraud alerts and freezes on their credit reports. Not that that helps you, particularly.

I will note that when I'm trying to get to a very busy Web site I have much greater success trying early in the morning (say, before 9 Eastern Time) or overnight. You may run into maintenance at these sites as they try to bring additional capacity on-line. Or you may simply be competing with fewer users at those times. Either way, it's less frustrating -- or at least you don't have to wait so long to be frustrated. >:(

One more public-service announcement: unfreezing your report (at least at Equifax) requires you keep track of a PIN provided to you when you freeze the report. I printed mine out; the page will go to the safe deposit box. But I also created a PDF of it and stored that file in one of my clouds. Yeah, clouds can be insecure, too, so I chose a better one. But lose that piece of paper and you are ^&#%ed. And I'll be on-line anyway if I need to unfreeze the report.


While I generally am of the "give folks a break" school, Equifax's response to this issue has been abominable -- almost like a kid with his/her hand in the cookie jar (but with much higher stakes). I hope some executive heads will roll over this. I wouldn't mind seeing Equifax disappear under the waves for good. I hope someone puts the fear of god into them. Given who's in charge of that these days, I'm not expecting much.

But what I really hope we pull out of this is to quit using an insecure identification number -- the SSN -- which was never designed for this kind of thing. With today's capabilities, it's possible to come up with numbers which are far more resistant to tampering. Using the SSN is just laziness.

Appreciate the insight.....I'm about at the point where I am pretty much glad I haven't succeeded because frankly, I expect they are expending most of their resources on minimizing their liability, planning an exit strategy for the higher ups that include a golden parachute, figuring out what schmuck is going to be the skapegoat, shredding and burning and deleting all traces of responsibility for leaving the information unprotected, ......well you get the idea.

By now I expect my SSN and related personal information including the name of my first dog, first car, dads middle name, favorite sports team, best man at my wedding, and the length of my penis has been sold at least one hundred times over. So I'll just sit back and hope at least they grease it up first.

As a completely random and somewhat selfish aside, I sell cyber insurance for a living. By some stroke of luck (or prudent underwriting on the part of our national accounts team perhaps...) my employer is not anywhere on Equifax's cyber insurance tower. Word on the insurance street is that the whole tower is pathetically small for their exposure. Somewhere between $70M and $100M, which will get wiped out in no time and be nowhere near what this breach will cost them. My biggest competitor has the primary $15M layer for Equifax. A good friend is the cyber lead in their SF office. It's been really hard resisting the urge to send her a nice congratulations note. This one breach represents approximately 7.5% of their annual cyber premium. :~)

For an idea of what this might ultimately cost, Target's breach which was much less serious since SSN's weren't included, last I read it had cost them around $300M in direct costs and they only had a $100M tower. Before this breach if I had been underwriting the primary layer for Equifax I would have wanted to get somewhere north of $1M premium for a $10M layer. In the current market I'm betting that my competitor didn't even get $1M for a $15M limit. They may not have even gotten $750k for $15M limit. Since the rest of the tower's pricing would be based, at least somewhat, off the primary pricing I can see why my company didn't end up participating.

Lots of carriers have been jumping into the cyber insurance marketplace, viewing it as an easy way to make new revenue since lots of businesses don't currently purchase so it's one of the few true growth areas in the insurance world. This has resulted in a free-fall in the price of cyber insurance. Hopefully this breach will stabilize things at least for a while. Especially as carriers also have to deal with the massive property claims that are undoubtedly coming from the recent hurricanes.

Jp1, it is nteresting that you sell insurance against this type of thing.

Well, apparently the rest of the country is still sleeping or hungover so my early morning query at annualcreditreport went through without a hitch. At least I could verify my credit report and document a baseline for any issues down the road.

Now I have to decide if I want to try the freeze. Hmm.

hard copy by snail mail.....and a credit report freeze. Certified mail, return receipt .






Now I have to decide if I want to try the freeze. Hmm.

Personally, I would still use the old fashioned certified return receipt (must respond within x number of days) thing. (skip all that EULA pile)

Well, if I didn't have a family or a longstanding partnership....I wouldn't concern myself in the least. I would just disappear in the mountains of Vermont or New Hampshire and give my financial advisor my post office box to communicate in case my pension check failed to show at the end of every month. Past that, I don't need any part of the consumer culture.

Jp1, it is nteresting that you sell insurance against this type of thing.

I think so too! I got into this area when we moved to CA 8 years ago. It has definitely worked out to be a good career move for me and the rapidness with which the market is growing and coverage issues change keep things interesting. Our current base policy form is less than 4 years old, but every policy we quote today has probably 20 enhancement endorsements added to it because clients and their insurance brokers are insisting on policies that are that much broader.

My take on the Equifax breach is that the criminals are probably playing a long game with the information. Unlike credit card data which rapidly becomes worthless after a breach becomes public knowledge, the info they've stolen here won't lose value over time. As such I doubt they're doing anything with it now. Everyone is aware of what's up, getting credit monitoring, putting credit freezes in place, etc. But a couple years from now the credit monitoring will have ended and lots of people who initially put freezes on will have gotten tired of the hassle/expense of having to remove the freeze everytime they want to open new credit or even do something as basic as sign up with a new cell phone carrier and will unfreeze their accounts and just not re-freeze them. That's when all these SSN's will start hitting the black market. Personally I plan to pull my credit reports (it's been about 1 1/2 years since I last did this) and put freezes at the big three bureaus, but I don't see urgency to do it now. I'll wait a week or two or three until the hubbub has died down and everyone's sites are working smoothly and then I'll take care of it.

Does anyone other than me find it creepy that this breach makes 143 million or so Americans vulnerable to identity theft the remainder of their lives? This is like having diabetes or HIV or Parkinson's - no cures known but the disease is managed as best as possible. I'm seeing freezing my credit in this way - managing a disease as best as possible. Rob

My take on the Equifax breach is that the criminals are probably playing a long game with the information. Unlike credit card data which rapidly becomes worthless after a breach becomes public knowledge, the info they've stolen here won't lose value over time.

The benefits to them are probably multiple.
All the current financial/credit data, they have had time to sell and make money from. Probably could use some algorithm to determine financial payback (who is worth more for financial, or who is worth more for identity for say, medical fraud), etc. Bang for the buck verse chance of being caught/prosecuted. (another reason not to go public right away. Work with Fed's and try to trace the info)
I would expect that some dead person's ID, could/would be used as a tracker/bait.

Does anyone other than me find it creepy that this breach makes 143 million or so Americans vulnerable to identity theft the remainder of their lives? Rob

100% of us are vulnerable to identity theft for the remainder of our lives, not just the percentage of us that 143 million makes.:+1:

Does anyone other than me find it creepy that this breach makes 143 million or so Americans vulnerable to identity theft the remainder of their lives? This is like having diabetes or HIV or Parkinson's - no cures known but the disease is managed as best as possible. I'm seeing freezing my credit in this way - managing a disease as best as possible. Rob

A more accurate statement would be "Does anyone other than me find it creepy that this breach HAS MADE 143 million of us victims of identity theft, for which we will suffer consequences for the rest of our lives?"

Previously I'd contemplated doing credit freezes. However, to my knowledge my SSN had not been stolen and therefore the hassles outweighed the benefits. That has changed now and I will be putting freezes on all 3 bureaus that they will have to pull from my cold dead hands. The credit bureaus make the freeze process a costly hassle because, frankly, it screws up their business model if lots of people have freezes. What SHOULD happen, but almost certainly won't, is that congress should pass a law freezing everyone's credit and enabling us to pick and choose who we want the credit bureaus to release information to at no cost to the individual.

A more accurate statement would be "Does anyone other than me find it creepy that this breach HAS MADE 143 million of us victims of identity theft, for which we will suffer consequences for the rest of our lives?"

Previously I'd contemplated doing credit freezes. However, to my knowledge my SSN had not been stolen and therefore the hassles outweighed the benefits. That has changed now and I will be putting freezes on all 3 bureaus that they will have to pull from my cold dead hands. The credit bureaus make the freeze process a costly hassle because, frankly, it screws up their business model if lots of people have freezes. What SHOULD happen, but almost certainly won't, is that congress should pass a law freezing everyone's credit and enabling us to pick and choose who we want the credit bureaus to release information to at no cost to the individual.

+1

Unlike credit card data which rapidly becomes worthless after a breach becomes public knowledge, the info they've stolen here won't lose value over time. As such I doubt they're doing anything with it now. [snip] But a couple years from now [is] when all these SSN's will start hitting the black market.
Yup. So Equifax thinks they look like a good Joe by offering me a free year of credit alerts (undoubtedly with requests to re-up for $$ starting six months after the coverage starts). BFD. Criminals smart enough to pull off a heist like this are smart enough to sit on the spoils for a year or two. In fact, I didn't even sign up for their coverage. I'll let the (free) fraud alert and freeze do the talking.


What SHOULD happen, but almost certainly won't, is that congress should pass a law freezing everyone's credit and enabling us to pick and choose who we want the credit bureaus to release information to at no cost to the individual.
I didn't pick these careless yahoos (speaking of breaches) to monitor a chunk of my life. But I don't fool myself -- it could just as well have been Experian or TransUnion who got hit first. Unfortunately, I think the only persons in Congress who see it the consumer's way are Elizabeth Warren and Bernie Sanders. Two people are not enough. I don't expect real change anytime soon.

Does anyone other than me find it creepy that this breach makes 143 million or so Americans vulnerable to identity theft the remainder of their lives? This is like having diabetes or HIV or Parkinson's - no cures known but the disease is managed as best as possible. I'm seeing freezing my credit in this way - managing a disease as best as possible. Rob


It gets into some sort of subjective risk analysis, but grabbing a speculative number out of the air, I suspect that less than half of the people affected will freeze their credit. I could see some sophisticated nasty people making an orchestrated effort to affect our economy with this information. Probably it's just some thugs trying to make money, but I would not rule political motivation totally out.

I would think a company whose bread and butter relies on cyber security would be at the cutting edge of protective software and systems. But no, we find out that information might as well have been stored on a server at the local stop and rob gas station.

Perhaps.....and this is mystery writing stuff.....but perhaps they are feeding us the narrative about the window being open due to lack of due diligence in patching holes......in order to cover up the inside job and the espionage that occurred.

Handmaid's Tale anyone????
Robert Ludlum tale...

A more accurate statement would be "Does anyone other than me find it creepy that this breach HAS MADE 143 million of us victims of identity theft, for which we will suffer consequences for the rest of our lives?"

Previously I'd contemplated doing credit freezes. However, to my knowledge my SSN had not been stolen and therefore the hassles outweighed the benefits. That has changed now and I will be putting freezes on all 3 bureaus that they will have to pull from my cold dead hands. The credit bureaus make the freeze process a costly hassle because, frankly, it screws up their business model if lots of people have freezes. What SHOULD happen, but almost certainly won't, is that congress should pass a law freezing everyone's credit and enabling us to pick and choose who we want the credit bureaus to release information to at no cost to the individual.

First time I ever wished there was a like button for a post!

So now both Equifax's Chief Information Officer and Chief Security Officer have been shown the door. They "retired" which, I imagine, leaves their benefits intact. >:(

Someone on my Facebook feed posted CSO Mauldin's Linkedin profile, noting that she has two college degrees, both in music. That does not bother me tremendously because there are many people in IT and related fields who do not have degrees or degrees in anything close to what they do in IT well and what they have achieved over entire careers. But one commenter on that post noted that the music degrees might mean the Equifax song and dance about what happened likely would be in tune and well-choreographed. :D

Today I saw two companies trying to cash in on tbe breach. Both Experian and Discover are offering to scour the dark web for your SSN for free for Experian as a prelude to trying to sell you credit monitoring services and by Discover if you get their card. Has anyone done this? Does it have any value?

+1

(and where is the government in all this - at least they shouild be cracking down hard on Equifax/ Oh right looks at who is in charge - shippest of biggest fools ever to sail the ship of state ever - never mind ....)

The government has compromised me twice and DH once. Now also compromised by Equifax. Government is paying for security monitoring for a few years. IMO it should be for life since they "leaked."

Today I saw two companies trying to cash in on tbe breach. Both Experian and Discover are offering to scour the dark web for your SSN for free for Experian as a prelude to trying to sell you credit monitoring services and by Discover if you get their card. Has anyone done this? Does it have any value?

Grab a pen and a piece of paper, or go print this on your printer......
0........, now read what you wrote or printed, and write that down. Do you see two zero's? How many copies can you make and in what forms? Does the information change?
Of course they are "scouring" the dark web, as they are hoping to find and charge the hackers (and gain some assemblage of cleaning up). The deed is done, and the value matches what you and what anyone else doing this experiment wrote.

Thank you Toomuchstuff.

I've noticed in my spam-email folder multiple different offers to "check if I was exposed by the Equifax leak, and help me protect my online identity".

None of them of course are from anyone I've ever heard of. And most of them seem to originate from sketchy places.

And they seem to want me to give them all sorts of personal identifying information, so they can "check" for me...

Fun times....

And now this. Equifax has been sending consumers to a fake site to check if they'd been breached...

http://www.businessinsider.com/report-equifax-directed-concerned-consumers-to-a-spoof-site-2017-9

And now this. Equifax has been sending consumers to a fake site to check if they'd been breached...
I want nothing to do with these b------s. As far as I'm concerned the whole company ought to be out of business and money clawed back from the bozos on the executive team. And the other two (three?) credit-reporting agencies audited deeply (I don't for a minute think Equifax is the only donkey in this parade). Absolutely incompetent. :doh:

I want nothing to do with these b------s. As far as I'm concerned the whole company ought to be out of business and money clawed back from the bozos on the executive team. And the other two (three?) credit-reporting agencies audited deeply (I don't for a minute think Equifax is the only donkey in this parade). Absolutely incompetent. :doh:

Exactly, the sentiment that represents the greatest risk of the Credit Rating Agency model. One of the reasons there are so few of them is because the very purpose for which they evolved was to maximize the extension of credit toward as many as possible under the most fair circumstances. This led to the consolidation of local entities that collected information for lenders to search on borrowers so that efficient dissemination of information used to make lending decisions would be centralized. All this made the availability of credit facilitate economic growth.


But when the information collected is not secured from the hands of criminal entities.....well consumer and lender confidence goes out the window and lending becomes a boondoggle. When lending is strangled....the economy suffers. The risks are multifaceted. Not only can fraudulent accounts be created.....now the most advantageous group of victims can be targeted. People with good credit are also people that have the most to lose. Because people with good credit are actively borrowing and paying back as agreed. If those people react like SteveinMN....our whole model for expansion based on easy credit goes down the drain.

We might have to rely on making purchases as we can afford them and not based on our past history of being able to pay off loans coupled with a forecast of future earnings potential. We might have to actually get out of debt. Oh my, what an abhorrent idea!

We might have to rely on making purchases as we can afford them and not based on our past history of being able to pay off loans coupled with a forecast of future earnings potential. We might have to actually get out of debt. Oh my, what an abhorrent idea!
I don't have a philosophical issue with credit. There are things I will want/need to have in my life which I likely never be able to buy in one go. Sometimes using credit is merely a matter of convenience -- flash the card at the point of sale and settle up at the end of the billing period. Restricting credit to a nation in which consumption drives the economic train? I wouldn't mind seeing it. But it's just asking for economic trouble in lieu of some other model.

Aside from the lackadaisical security measures for credit-reporting agencies, though, I do have a problem with credit ratings being used for things as far-ranging as car insurance, apartment rentals, and evaluating job candidates. I believe you get what you measure, and, in this case, they're measuring the wrong thing. You can be freakin' incompetent as a driver but if you've got a good credit rating you're a better insurance risk? Umm, no. Poor credit makes you a poor employee? Hmm, sounds like if you're bloody poor at what you do, you can get a job at Equifax...

I did background investigations for cadet applicants for my department. Part of that...actually a good part of it was a thorough review of credit history complete with interviews of past lenders if there was any sign of delinquency at all. More than one candidate was excluded based on their lack of diligence in repayment.

I did background investigations for cadet applicants for my department. Part of that...actually a good part of it was a thorough review of credit history complete with interviews of past lenders if there was any sign of delinquency at all. More than one candidate was excluded based on their lack of diligence in repayment.


That is also frequently done for security clearances.
I do wonder how the change in system, would effect those of us with little to no credit/credit rating. We are punished now in the form of higher prices on Insurance and such, when at least in my case, (others/coworkers I know) we are more likely to self insure for the small/stupid stuff.

My ex had to go through a credit check when she worked in the securities industry. I get that, in some lines of work, having a good credit history indicates some degree of ethical behavior on the applicant's part. But a credit check to be a computer programmer for non-financial apps? Or to be a health practitioner? Does running a credit check so uniformly answer the right questions? And who does it leave out because there may be no number to fill in the blank?

For many jobs a criminal background check is more appropriate, or if it involves driving a check of driving history.

For many jobs a criminal background check is more appropriate, or if it involves driving a check of driving history.
Agreed. The old "we do that for everyone" protocol strikes again when everyone is subjected to a credit check regardless of its applicability to the situation.

My state attorney general's office sent me a form letter and referred to the FTC. They are the same as the Consumer Protection Financial Bureau for complaint purposes, but they do not assist individual consumers, only record complaints. I filed one but feel it was a waste of time. I will try the Better Business Bureau next.

Equifax finally sent me my PIN, but it is non-random and easily hacked. They are unresponsive on issuing me a new one, deleting my data, or reimbursing me for costs to freeze my report at Experian.

This week I saw on the news that there are also viruses on the Equifax website leading people who go there to have their data further compromised.

I am dreading filing taxes. How can you file early if you have to wait for forms to come in the mail? I guess we could all file online, look how secure the web is!

Well folks, today my wife received a letter from Equifax. Dated October, 13, 2017 entitle Notice of Data Breech. A brief history. When the original cyber security “incident” occurred September 7, 2017 (except we know it was actually July 29, 2017 but Equifax is still quoting the September date)....143 million fellow Americans had their data compromised. A check of the alleged database at Equifax informed me that my information was impacted but not my wife’s.

Now they are informing us that a forensic investigation has determined another 2.5 million additional consumers were impacted....including yes, my wife! This includes her SSN, DOB, addresses and drivers license info. Not to worry though as soon as they figure out if her credit card numbers were impacted they will let us know. And they assure her that the core consumer credit reporting databases have shown no evidence of unauthorized access.

Not to worry. Equifax.....the same people who let this happen.....are offering her a free year of trustedID Premier and they are in the process of developing a service for life.....or until the company declares bankruptcy....that will allow her to access her credit files, lock and unlock them for life.

:doh:

Well folks, today my wife received a letter from Equifax. Dated October, 13, 2017 entitle Notice of Data Breech. A brief history. When the original cyber security “incident” occurred September 7, 2017 (except we know it was actually July 29, 2017 but Equifax is still quoting the September date)....143 million fellow Americans had their data compromised. A check of the alleged database at Equifax informed me that my information was impacted but not my wife’s.

Now they are informing us that a forensic investigation has determined another 2.5 million additional consumers were impacted....including yes, my wife! This includes her SSN, DOB, addresses and drivers license info. Not to worry though as soon as they figure out if her credit card numbers were impacted they will let us know. And they assure her that the core consumer credit reporting databases have shown no evidence of unauthorized access.

Not to worry. Equifax.....the same people who let this happen.....are offering her a free year of trustedID Premier and they are in the process of developing a service for life.....or until the company declares bankruptcy....that will allow her to access her credit files, lock and unlock them for life.

:doh:

Yeah, got that too. Also, compromised twice by the fed government. You are not alone. sigh

Haven't seen anything from EquiLax. My records were affected; DW's were not.

As far as I'm concerned, they're the gang that can't shoot straight. I've not signed up for their credit watch and I have no intention of doing so. They strike me as incompetent enough to burn the tent down as they're trying to build the campfire. >:(

I don't know that it will do any good, but today I filed a complaint against Equifax with the Better Business Bureau out of Atlanta.

Been cleaning up computer files. I noticed I had downloaded a form to request my credit report from EquiLax -- from before the fit hit the shan. Three major credit-reporting agencies and the only site that gave me enough grief to not issue the report on-line was ... EquiLax.

Shoulda known then...

30 days have passed with no response from Equifax to the Better Business Bureau on my complaint.

30 days have passed with no response from Equifax to the Better Business Bureau on my complaint.

Crickets........


https://youtu.be/O5YpUsDsHmk

Recently had a small charge on the credit card I used when dealing with Equifax. Had to cancel card since other fraud charges/purchases were tried. Coincidence?

I emailed Senator Warren's office asking for assistance since I live in Massachusetts.

Where else can I get my free credit report? This does make me a bit cautious.

The Central Source.

Where else can I get my free credit report? This does make me a bit cautious.
The site annualcreditreport.com (https://AnnualCreditReport.com) is legit and provides once-a-year credit reports for EquiLax, Experian, and TransUnion. It's what I use.

I find it troubling how this issue has seemingly gotten little to no investigative reporting.

I got a form email from Elizabeth Warren that she plans to introduce legislation prohibiting fees for placing and removing credit holds and reimbursing consumers for fees incurred in association with this breach. But I am skeptical she will get this bill through, or that Trump with his recent shenanigans with the Consumer Financial Protection Bureau would ever sign it. I think my next move is to ask my state senator and state rep about a possible state law.

Yppej, you're right. As much as I love her there's a 0% chance warren will get that through at this moment. At least until after the 2018 elections. State laws, yes, those might happen.

Steve: I've used that site too for years, and have shared it with many others. Reputable sources have always listed it as the place to go for your free credit reports.

Annualcreditreprt.com was set up by the three credit bureaus in order to comply with the portion of the federal law FACTA that required them to make their reports available to everyone for free. It's as legitimate as anything involving the credit bureaus can be.

I haven't read all of the posts yet, just the first page, so maybe this has been mentioned but...

Clark Howard highly recommends freezing your credit with at least the big 3 credit reporting agencies. That stops people from requesting new credit with your identity. When you want to do something that will require a credit check, you briefly unfreeze it for a period, then refreeze.

http://clark.com/personal-finance-credit/equifax-data-breach-details-what-to-know-to-protect-your-money-identity/

I emailed my state senator today asking him to pass a law to help victims of this data breach.

I am going to remember that phrase “torts cooking in ovens” for future use. I will not credit you, bae, but your words will live on, and that should be reward enough! Haha.

I do like a good turn of phrase.

One woman took a decidedly different approach. She sued equifax in small claims court and got a $600 decision in her favor. Imagine if even just a few thousand people took that approach e havoc it would cause equifax from a defense standpoint.

https://krebsonsecurity.com/2018/06/librarian-sues-equifax-over-2017-data-breach-wins-600/#more-44246

So are folks going for the cash compensation or the 10 years of credit monitoring?

My husband did not do anything and he got a check in the mail last week.

I thought no checks were going out until at least January?

I thought no checks were going out until at least January?

So sorry! I made a mistake. Went and looked at check stub and it was from some other settlement, having to do with a student loan and a bank that handled it.

Went for the cash. I already have credit monitoring and the less I have to do with EquiLax the better I will feel.

I'm going for the cash. Since I froze all three credit bureaus there's nothing to monitor.

And the freeze actually works. I tried to sign up for a Southwest Airlines affiliated card because they were offering a stupid amount of miles and I got a letter a few days later informing me that they couldn't offer me a card because they were unable to access my credit report. I could have unfroze it, had them retry, and then refroze it, but I decided I didn't really need the card or the miles so I just let it go.

In case you were wondering about your Equifax payout, our whole country is run for the benefit of large banks and corporations.

https://arstechnica.com/tech-policy/2020/05/banks-get-their-slice-of-equifax-settlement-individuals-still-waiting/

As an aside, these same corporate interests/donors shut down Warren and got Biden the nomination. Many of them are registered in the state of Delaware and he has always looked out for them.

I ended up going for a report alert rather than a freeze.


Supposedly if someone tries to open a new account they will report that to me.

At least a few Equilax employees should have been hauled into court over that debacle. I'd like to say I'm shocked -- SHOCKED -- that there's no money for anyone but the lawyers and Equilax top brass. But I'm not. Almost makes one wonder the purpose of a class-action suit these days.

Mind-boggling outcome!! What was the point of the class action? I had periodically wondered what the rest of the story was on the Equifax issue so now I know.

I didn't even take them up on their offer of free credit monitoring. They had ONE job and they messed it up. No other chances if I get a say in it.

Almost makes one wonder the purpose of a class-action suit these days.

Make money for the lawyers and typically, the first named plantiff on the suit. While always underestimating the settlement in large cases (half the USA population, the math wasn't there), and pass it on to their customers.

After years of responding to demand after demand for more responses from me, all of which I provided, the Equifax settlement fund denied my claim. Lawyers suck, our government sucks. Everything is for the elites - big corporations, lawyers, lobbyists, big investors including people like the Pelosis, the pharmaceutical cartel, etc. Our whole country is for them. The pandemic shifted wealth from forcibly shut down small businesses and transferred it to Amazon. Ordinary people mean nothing in this country. We are just the serfs who serve those who rip us off and are never held accountable.

What monetary losses have you had? If none, why should you be allotted any compensation? Credit monitoring was offered.

BTW…look up the reasoning of republicans. They are for big business, not the average joe.

I incurred fees to freeze my credit that they are refusing to reimburse me for. I also spent time on the issue which was supposed to be compensated.

What? $10 max to unlock a credit report and how much time did that take? Jeez.

What? $10 max to unlock a credit report and how much time did that take? Jeez.

Corporate shill. You exemplify what is wrong with this country. Big companies are not held accountable and little people are ridiculed and stomped on and bear the costs for corporate malfeasance. There's a continual wealth transfer from have nots to haves. If there's a hell you're going there for justifying this.

Corporate shill. You exemplify what is wrong with this country. Big companies are not held accountable and little people are ridiculed and stomped on and bear the costs for corporate malfeasance. There's a continual wealth transfer from have nots to haves. If there's a hell you're going there for justifying this.

You put more effort into it than it was worth and got yourself all tied up.

You put more effort into it than it was worth and got yourself all tied up.

Yeah, we should all just roll over and take it up the ***.

Credit freezes have been free for a few years now. Both to freeze and to unlock.I’ve had mine frozen for years and without expense unfroze experian when we bought our house and the re-froze it.

I incurred my expenses at the time of the breach when it was not free.

To my surprise I received a check today for $22.82 from the Equifax Breach Settlement Fund.