If you do nothing else, place an initial 90 day fraud alert on your file. This is free and will require lenders to contact you if someone (including yourself) tries to apply for credit. Government info. You only have to do this with one bureau in order for the alert to be placed on all three, and it should take less than 5 minutes:
Just 90 days? I'd rather freeze my credit. I already bought a house and a car. I'm done with needing credit for the foreseeable future. Freezing all 4 accounts (including Innovis, which actually seems like the most competent of the bunch) is the ticket for me.
3 Main Types of Alerts and Length of Effectiveness:
Initial Fraud Alert: 90 days
Active Duty Alert: 1 year
Extended Fraud Alert: 7 years
Extended Fraud Alert Request Form
To place an extended fraud alert on your credit file please send to Equifax – via Fax or US Mail - a valid police report,
law enforcement agency report, or US Postal service report that allege mail theft. In addition, please provide a photocopy
of one item from each of the categories below in order to verify your identification and address. The item you
select from the identity category must contain your Social Security number and the item you select from the address
category must contain your current mailing address.
Why do I need a police report when I have every major newspaper supporting my case?
None of the 3 links work for me. How difficult to save data from a form? I'm appalled by the technical capabilities of these crucial service providers..
Hopefully saving people some time - Equifax is "unable to process" online requests - which they tell you after your submit the form. And Transunion's website for fraud alerts is currently "temporarily unavailable".
I was able to setup a 90 day alert with Transunion using the link you provided. It was a breeze to do so. However I noticed that even though I was already signed in to Transunion website, I had to sign in again.
The other thing I found confusing was that the website for doing this was different from the core Transunion website which was also different for Transunion's TrueIdentity website.
Overall, it's simply been confusing trying to figure out what steps to take and where/how to do them to abate negative effects of this data breach. It feels 'weird'/frustrating spending this amount of time/effort to fix issues which are due to someone else's laxity and when it seems like the responsible party is not doing as much but then I guess this is one sure and hard way to learn the lesson - you can't control what happens to you but you can control how you react to things.
If I'm a criminal who is going to take advantage of the hacked data, and I know everybody is rushing to do the 90 day fraud alert, I'll wait for 90 days before I take action.
I was only able to do transunion and only because I created an account, the others failed numerous times. I hate to do another account giving my information out again but since its likely already compromised whats the worst that could happen?
if none of us sign up for this and then flood the 3 CRAs with real identity fraud incidents, then perhaps they will take things more seriously in the future.
I have spent a very large amount of time over the past few years attempting to correct Equifax's record of my information (all to the now-apparent end of reducing noise in the hacker's data). They somehow had my SSN associated with someone else, leading to a few rejected credit applications.
Equifax customer service reps are very poorly trained. The singular goal of all Equifax employees with whom I interacted was to make me Someone Else's Problem. To that end, they deployed several tactics:
* Telling me I'm calling the wrong Equifax customer service phone number
* Telling me I'm calling the wrong new Equifax customer service phone number
* Telling me to mail in just one more piece of identification
* Telling me they never received snail-mailed documents
* Telling me received snail-mailed documents "were not yet in the system" (over a week after receipt)
* Telling me to fax documents, not mail them
* Telling me the fax number I have is old, wrong, and no longer used
* Telling me the new fax number I have is old, wrong, and no longer used
* Telling me to call the bank providing my credit card, and get them to send my info to Equifax
* Mysteriously hanging up
* Again telling me the identification documents provided were insufficient
Finally I just sat on the phone for several hours with a customer service agent who had not yet discovered the complete lack of consequences for hanging up, asking what additional information would be provided by whatever additional piece of ID they were requesting. It escalated up the supervisor chain a few times, went on hold for half an hour, then I was just suddenly told the problem was taken care of and disconnected.
The problem wasn't taken care of, and the perpetual complimentary credit monitoring service subscription I have from some past data breach other another continued to fail its Equifax enrollment. Finally, a year, later, the problem fixed itself.
Because I hate these clickbait titles: the author plays phone-go-round, calls four numbers, waits on hold a bunch, gets disconnected, and eventually gets transferred to an "agent" that ends up being a busy tone.
All that was accomplished was that he placed an automated fraud alert, even though his original question was whether or not he was affected by the Equifax breach.
Not click bait at all. The article gives all the phone numbers including the "magical" phone number at the end to get the 90 fraud alert ( 1-800-525-6285 ) including the advise to not make any noise on this call.
I am tempted to say I am appalled by the utter disregard these credit reporting agencies have for consumers, but I am not really surprised. Coming from a country with a tradition of public institutions, it is amazing to see private credit reporting agencies in US, because this should be a public service from the Government.
Called the day after the news broke, and successfully setup a fraud alert on my account using a automated phone system in 3 minutes and 44 seconds.
So thrilled with this easy process, I call my Mom/Dad and instructed them to do the same.
About a day later I call again to do the same process for my wife. Got almost to the end (after giving them her SS#), but then something changed ... TransUnion started listing extensive documentation I had to snail mail to them - it took several minutes for this message to play out, after which I received no confirmation that the fraud alert was successfully activated. It seemed as though I was "kicked over" to the identify theft reporting line, because the documents they asked for seemed like something you would send to them, if your identify had already been stolen.
Called Experian immediately after, hoping their system might be working better. Their automated system failed to even start the process - I gave up.
Now my wife is convinced I gave her SS# to some random stranger. FML
TL;DR: TransUnion telephone fraud alert worked on Monday, but now is fucked.
As soon as I heard about this hack (last friday?), the first thing I did was sign up for LifeLock and set up my accounts. LifeLock was being hammered at the time, but I got thru.
When I got home, I then put freezes thru "the big three", then after reading a couple of articles, on Sunday I put freezes in with Innovis and ChexSystems. I also ran my credit report using TransUnion (leaving me with two more runs from the other two during the year).
That's basically all you can do. You can also do this, I suppose:
I've read anecdotes saying that it's legit and good insurance (but LifeLock already offers a similar thing on the level I signed up for).
I guess part of what I am saying is that the story broke, and there was a small rush, but I got in - then when Monday rolled around and the story grew legs - well, we're now seeing DDOS-like failures...
> I could set up a 90-day fraud alert that would force creditors to call me — at a number of my choosing — before agreeing to open any new accounts in my name.
This should be the default, for everyone, for free. If banks don't want to do the bare minimum to verify your identity, the liability for identity theft should be on them and not you.
I'm professionally involved with this, so at this point I'm obligated to say that the following is my personal opinion and in no way representative of my employer.
Banks use a lot of information to correlate and verify customer identity. The process is called KYC, Know Your Customer [0]. The problem is that this process relies on exactly the information present in a database like Equifax's. If they did perform verification calls, they would be using the same information to verify your identity over the phone, meaning that anyone with that same information could still impersonate you.
The problem, as often pointed out, is that much of this information is much more akin to a username than a password, but is often used as the latter. I mean, someone with my drivers license has my name, address and date of birth, which is often enough to verify with most systems that don't keep SSNs.
From a technical perspective, modern cryptography would seem to give us some opportunity here. The downside here is that its usage becomes absolute -- you either have the key or you don't, regardless of the reality of your identity. The reality is that identity is a very hard problem, with many confounding issues.
What is the best way for the American public to start to "escalate" this to the government? It's clearly not even worth getting frustrated trying to deal with Equifax directly, they obviously aren't required to have any accountability to anyone.
Less sarcastically, we need a political reformation focused on effective, pro citizen government, instead of politics focused on holding or reversing the status quo on divisive issues. So good luck.
I really really really wish we would do away with the SSN as the default ID for people. It's just such a really bad system.
It was never designed to be an ID Number and now that's how it is used. We should really go to a different system. I am not a security expert, but I think voting, paying taxes and credit scores would all be much easier than they are now.
Honestly, not sure why people are surprised by this. The company is incompetent and not consumer or customer focused by any means.
Their entire operation is optimized to sell products and services to creditors, with no regard for actual consumers. They are a B2B company. They treat their employees poor, and their call center operations are outsourced to third party firms on a cost-basis whom are poorly trained and purely exist to field consumer contacts as required by law, but not actually resolve any issues.
I truly believe credit reporting agencies need to be heavily regulated and operated as a non-profit consumer institution, similar to the BBB.
Experian's freeze doesn't even work at the moment due to their JavaScript compiled asset getting cut off (unexpected end of input error): https://i.imgur.com/bOGE2Sh.png
- Call membership number
-> makes some noise and then hangs up
- Use their website that they promote in their automated messages
-> when trying to set up an alert, it takes you to a loading page that does nothing (looking at the requests being made in the network tab, it fails to load bootstrap and then just sits there, I am able to download the script it fails to download)
- Call automated fraud number
-> nothing happens after being transferred to their automated alert system, so I hung up
-> called again and waited for a few minutes after being transferred to their automated alert system, finally a voice starts talking asking for info (a dark pattern if I've ever seen one). After going through the process, apparently my info wasn't correct, so they asked me to 'leave a voicemail' with my SSN and DOB, after providing that info, it said they couldn't save my info and to try again, then promptly hung up.
If we "as the product" actually want to do something about Equifax we should call our banks and demand that they cancel any contracts they have with Equifax.
If enough people do that to make it a national issue, Equifax will at a minimum notice, and possibly go out of business (because no bank will work with them) sending a very strong message to everyone who deals with private data.
"We finally got to a point where the system asked for our information in order to set up a 90-day alert. I provided my Social Security number, two phone numbers where I can be reached for verification, and a “please hold while we process your request” message."
What if someone who got a hold of another person's SSN call the number, and gave them a bogus number to contact? Any lender then tries to call the bogus number and they get a "YES, I ALLOW THAT TRANSACTION TO HAPPEN" brings more problems then.
Equifax could have made a system that performs this option and then it would be the person whose SSN has been exposed to provide the authentic number which they can be reached at to alert them of any transaction happening with their SSN number being used.
I think if there was any justice in the USA, a court would declare that the Equifax breach was significant enough that the damage caused is greater than the value of the Equifax company, and the company itself would be taken from existing stockholders and shares distributed among the american public affected by the breach. The company could then continue trading with all proceeds going to the people harmed in the breach, and the employees could then go on to work for the people that they harmed.
Honestly, I would have expected it to take hours. 42 minutes is actually not too bad, I've been on hold with my ISP for longer than that.
To be fair, he didn't get the answer he was looking for, so this could have dragged on much longer if he persisted in the phone-only route. I actually would have preferred that instead.
> I've been on hold with my ISP for longer than that
Sounds like it's time for a new ISP. I get impatient with XS4ALL after more than a minute or two, but then they've been spoiling me with sub-minute answering times for years. They scored extremely well in ratings, I figured they went "well we can do a little less well and save some money". Still great service -- but to come back to your situation, 42 minutes is ridiculous. Snail mail is faster at that point.
[+] [-] voiper1|8 years ago|reply
Suggestion, from https://www.reddit.com/r/personalfinance/comments/6yv4gb/off...
If you do nothing else, place an initial 90 day fraud alert on your file. This is free and will require lenders to contact you if someone (including yourself) tries to apply for credit. Government info. You only have to do this with one bureau in order for the alert to be placed on all three, and it should take less than 5 minutes:
Equifax https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAle...
Experian https://www.experian.com/fraud/center.html
Transunion https://www.transunion.com/fraud-victim-resource/place-fraud...
[+] [-] pkulak|8 years ago|reply
https://www.experian.com/ncaconline/freeze
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo...
https://freeze.transunion.com/sf/securityFreeze/landingPage....
https://www.innovis.com/securityFreeze/index
[+] [-] rrauenza|8 years ago|reply
http://www.equifax.com/credit/fraud-alerts/&
3 Main Types of Alerts and Length of Effectiveness:
Extended Fraud Alert Request FormTo place an extended fraud alert on your credit file please send to Equifax – via Fax or US Mail - a valid police report, law enforcement agency report, or US Postal service report that allege mail theft. In addition, please provide a photocopy of one item from each of the categories below in order to verify your identification and address. The item you select from the identity category must contain your Social Security number and the item you select from the address category must contain your current mailing address.
Why do I need a police report when I have every major newspaper supporting my case?
[+] [-] g051051|8 years ago|reply
Edit: Experian displays a grey screen that says "Loading"
Edit: TransUnion requires I set up an account.
[+] [-] yadongwen|8 years ago|reply
[+] [-] MJR|8 years ago|reply
[+] [-] NearAP|8 years ago|reply
The other thing I found confusing was that the website for doing this was different from the core Transunion website which was also different for Transunion's TrueIdentity website.
Overall, it's simply been confusing trying to figure out what steps to take and where/how to do them to abate negative effects of this data breach. It feels 'weird'/frustrating spending this amount of time/effort to fix issues which are due to someone else's laxity and when it seems like the responsible party is not doing as much but then I guess this is one sure and hard way to learn the lesson - you can't control what happens to you but you can control how you react to things.
[+] [-] post_break|8 years ago|reply
[+] [-] CrendKing|8 years ago|reply
It is better to think from THEIR angle.
[+] [-] okreallywtf|8 years ago|reply
[+] [-] williw|8 years ago|reply
[+] [-] leeoniya|8 years ago|reply
[+] [-] ahelwer|8 years ago|reply
Equifax customer service reps are very poorly trained. The singular goal of all Equifax employees with whom I interacted was to make me Someone Else's Problem. To that end, they deployed several tactics:
* Telling me I'm calling the wrong Equifax customer service phone number
* Telling me I'm calling the wrong new Equifax customer service phone number
* Telling me to mail in just one more piece of identification
* Telling me they never received snail-mailed documents
* Telling me received snail-mailed documents "were not yet in the system" (over a week after receipt)
* Telling me to fax documents, not mail them
* Telling me the fax number I have is old, wrong, and no longer used
* Telling me the new fax number I have is old, wrong, and no longer used
* Telling me to call the bank providing my credit card, and get them to send my info to Equifax
* Mysteriously hanging up
* Again telling me the identification documents provided were insufficient
Finally I just sat on the phone for several hours with a customer service agent who had not yet discovered the complete lack of consequences for hanging up, asking what additional information would be provided by whatever additional piece of ID they were requesting. It escalated up the supervisor chain a few times, went on hold for half an hour, then I was just suddenly told the problem was taken care of and disconnected.
The problem wasn't taken care of, and the perpetual complimentary credit monitoring service subscription I have from some past data breach other another continued to fail its Equifax enrollment. Finally, a year, later, the problem fixed itself.
This company is trash.
[+] [-] micaksica|8 years ago|reply
All that was accomplished was that he placed an automated fraud alert, even though his original question was whether or not he was affected by the Equifax breach.
[+] [-] pm24601|8 years ago|reply
[+] [-] nafizh|8 years ago|reply
[+] [-] josefresco|8 years ago|reply
Called the day after the news broke, and successfully setup a fraud alert on my account using a automated phone system in 3 minutes and 44 seconds.
So thrilled with this easy process, I call my Mom/Dad and instructed them to do the same.
About a day later I call again to do the same process for my wife. Got almost to the end (after giving them her SS#), but then something changed ... TransUnion started listing extensive documentation I had to snail mail to them - it took several minutes for this message to play out, after which I received no confirmation that the fraud alert was successfully activated. It seemed as though I was "kicked over" to the identify theft reporting line, because the documents they asked for seemed like something you would send to them, if your identify had already been stolen.
Called Experian immediately after, hoping their system might be working better. Their automated system failed to even start the process - I gave up.
Now my wife is convinced I gave her SS# to some random stranger. FML
TL;DR: TransUnion telephone fraud alert worked on Monday, but now is fucked.
[+] [-] cr0sh|8 years ago|reply
When I got home, I then put freezes thru "the big three", then after reading a couple of articles, on Sunday I put freezes in with Innovis and ChexSystems. I also ran my credit report using TransUnion (leaving me with two more runs from the other two during the year).
That's basically all you can do. You can also do this, I suppose:
https://www.zanderins.com/idtheft2
I've read anecdotes saying that it's legit and good insurance (but LifeLock already offers a similar thing on the level I signed up for).
I guess part of what I am saying is that the story broke, and there was a small rush, but I got in - then when Monday rolled around and the story grew legs - well, we're now seeing DDOS-like failures...
[+] [-] paulgb|8 years ago|reply
This should be the default, for everyone, for free. If banks don't want to do the bare minimum to verify your identity, the liability for identity theft should be on them and not you.
[+] [-] jdmichal|8 years ago|reply
Banks use a lot of information to correlate and verify customer identity. The process is called KYC, Know Your Customer [0]. The problem is that this process relies on exactly the information present in a database like Equifax's. If they did perform verification calls, they would be using the same information to verify your identity over the phone, meaning that anyone with that same information could still impersonate you.
The problem, as often pointed out, is that much of this information is much more akin to a username than a password, but is often used as the latter. I mean, someone with my drivers license has my name, address and date of birth, which is often enough to verify with most systems that don't keep SSNs.
From a technical perspective, modern cryptography would seem to give us some opportunity here. The downside here is that its usage becomes absolute -- you either have the key or you don't, regardless of the reality of your identity. The reality is that identity is a very hard problem, with many confounding issues.
[0] https://en.wikipedia.org/wiki/Know_your_customer
[+] [-] sushikokk|8 years ago|reply
[+] [-] maxxxxx|8 years ago|reply
[+] [-] zenzen|8 years ago|reply
[+] [-] nlawalker|8 years ago|reply
[+] [-] maxerickson|8 years ago|reply
Less sarcastically, we need a political reformation focused on effective, pro citizen government, instead of politics focused on holding or reversing the status quo on divisive issues. So good luck.
[+] [-] carapace|8 years ago|reply
Call your Representative.
[+] [-] socrates1998|8 years ago|reply
It was never designed to be an ID Number and now that's how it is used. We should really go to a different system. I am not a security expert, but I think voting, paying taxes and credit scores would all be much easier than they are now.
[+] [-] iamleppert|8 years ago|reply
Their entire operation is optimized to sell products and services to creditors, with no regard for actual consumers. They are a B2B company. They treat their employees poor, and their call center operations are outsourced to third party firms on a cost-basis whom are poorly trained and purely exist to field consumer contacts as required by law, but not actually resolve any issues.
I truly believe credit reporting agencies need to be heavily regulated and operated as a non-profit consumer institution, similar to the BBB.
[+] [-] niftylettuce|8 years ago|reply
[+] [-] nawtacawp|8 years ago|reply
[+] [-] XR0CSWV3h3kZWg|8 years ago|reply
[+] [-] link_108|8 years ago|reply
- Call membership number -> makes some noise and then hangs up
- Use their website that they promote in their automated messages -> when trying to set up an alert, it takes you to a loading page that does nothing (looking at the requests being made in the network tab, it fails to load bootstrap and then just sits there, I am able to download the script it fails to download)
- Call automated fraud number -> nothing happens after being transferred to their automated alert system, so I hung up -> called again and waited for a few minutes after being transferred to their automated alert system, finally a voice starts talking asking for info (a dark pattern if I've ever seen one). After going through the process, apparently my info wasn't correct, so they asked me to 'leave a voicemail' with my SSN and DOB, after providing that info, it said they couldn't save my info and to try again, then promptly hung up.
so haven't been able to set up a fraud alert yet
[+] [-] post_break|8 years ago|reply
[+] [-] ars|8 years ago|reply
If enough people do that to make it a national issue, Equifax will at a minimum notice, and possibly go out of business (because no bank will work with them) sending a very strong message to everyone who deals with private data.
Anyone know how to start Viral Activism?
[+] [-] quuquuquu|8 years ago|reply
Different agents on different hotlines bounced him around.
After 30+ minutes, an automated system took his SSN and signed him for a trial. Sort of.
Because they kept getting disconnected from the system, they aren't sure if it actually worked.
Seems Equifax is using the "plug fingers in ears and scream la la la la la" method.
[+] [-] 650REDHAIR|8 years ago|reply
Not sure why you're getting downvoted here.
[+] [-] AngeloAnolin|8 years ago|reply
"We finally got to a point where the system asked for our information in order to set up a 90-day alert. I provided my Social Security number, two phone numbers where I can be reached for verification, and a “please hold while we process your request” message."
What if someone who got a hold of another person's SSN call the number, and gave them a bogus number to contact? Any lender then tries to call the bogus number and they get a "YES, I ALLOW THAT TRANSACTION TO HAPPEN" brings more problems then.
Equifax could have made a system that performs this option and then it would be the person whose SSN has been exposed to provide the authentic number which they can be reached at to alert them of any transaction happening with their SSN number being used.
[+] [-] noddy1|8 years ago|reply
[+] [-] KGIII|8 years ago|reply
[+] [-] distantsounds|8 years ago|reply
To be fair, he didn't get the answer he was looking for, so this could have dragged on much longer if he persisted in the phone-only route. I actually would have preferred that instead.
[+] [-] lucb1e|8 years ago|reply
Sounds like it's time for a new ISP. I get impatient with XS4ALL after more than a minute or two, but then they've been spoiling me with sub-minute answering times for years. They scored extremely well in ratings, I figured they went "well we can do a little less well and save some money". Still great service -- but to come back to your situation, 42 minutes is ridiculous. Snail mail is faster at that point.
[+] [-] ducttape12|8 years ago|reply
... I didn't click the link on principle.