So much for being responsible with your money

The Equifax breach is huge and it may include you.

Miss a single bill payment, and you’re screwed for life. Have your identity stolen from the credit bureau? Too bad… Good luck in keeping your credit score.

And just to terrify me:

1. A small number of Canadians may be affected
2. I just got an email about a credit card statement with a different last name to mine. A credit card that I know I don’t have, and I don’t know if it’s an email error, or if someone is using my email to help steal someone else’s identity, or if I have been in some way comprised. I seriously did not need this.

Usually after something like this they tell you to change your password. Maybe delete your account, as with the Yahoo e-mail fiascos.

Changing your SSN/SIN is something else again, though.

This is an email from a store credit card company that is saying “hey, Samefirstname Differentlastname, your statement is available online.”

That email address has my first name, not my last. It doesn’t look like there was an email breach, but that I got someone else’s email. That is the best case scenario. Worse case is that Differentlastname had her identity stolen and the thieves mined just my email address from somewhere and used it so Differentlastname doesn’t catch on. Worst (for me) is that this somehow gets linked to my credit and all my hard work goes down the drain. I am good about thinking about the worst.

capitalism…yay.

on the plus side, my credit is so bad it’s not like it can get lower.

My credit was screwed back in college thanks to multiple bank fuckups that were out of my hands. An Equifax rep told me once that the only chance I had to improve my credit was to write letters to the heads of various banks to “beg forgiveness”. I did not do that.

I’m in my mid-40s now, own no car or house, and have pretty much accepted that between this breach and my existing credit, that’s how it’ll be, and that’s OK.

I’m in the process of changing my own real world identity - I’ve already changed my phone number, which I’d been thinking about doing for some time, and I’m changing the email address I use for day to day stuff. I can’t change the address for my Google account, but at least I have 2FA with my new phone number. Same with Amazon and a few others. Where possible I’m also moving to use a 2FA key.
One thing that is very relieving is that in the UK your social security equivalent is ONLY used by the government and you don’t need to give it out to any commercial organisations. That in my view is a big mistake the US made - allowing corporations to demand your SS number is a small step on the road to fascism in the form of State Corporatism.

I don’t even need any credit; my only debt is the credit card I pay off each month. I’ve also changed my phone contract to prepay now this makes financial sense. The thought that an organisation that has no business knowing my details may have acquired them and then leaked them is infuriating. (No, I don’t use Facebook or Twitter).

I have frankly always thought that the entire concept of Equifax, Experian, and TransUnion essentially controlling the purchasing power of every American by controlling their credit scores is bizarre and creepy to a bonkers degree. People freak out about Google keeping an eye on their web browsing history but seem to just tacitly accept that there’s three megalithic corporations that know all of your financial details and control magic numbers that determine your financial worth.

From the slate.com article on the incident:

…the company waited a full 39 days to tell its customers they were newly susceptible to identity theft and a whole host of financial crimes. Three days after discovering the breach that would affect millions of customers however, while the company didn’t warn the public, three Equifax senior executives did sell $1.8 million in stock, according to Bloomberg.

“Regulatory filings show that three days later, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 pre-scheduled trading plans”

In Canada your Social Insurance Number (SIN) was intended to be used the same way. Inevitably, everyone and his dog asks for it every time you fill out a form, but since it is illegal to require it, no one says anything if you just leave that line blank. The exceptions are banks and investment companies, which are required to issue slips to the Canada Revenue Agency for any income you may earn. From there, who knows where the information goes. I have no idea if Equifax has my SIN, but it wouldn’t surprise me.

Welp. If my credit gets trashed, I am definitely not paying back my student loans.

Fuck…

I did the first step to check… and they feel I might be compromised.
Excellent.
So glad I’ve not done my taxes for a decade.
Guess I should get on that eh?
/sigh

My data was compromised too. So irked. I kinda want to tell my spouse to check if he’s been compromised but I did the foolish thing and impetuously signed up for credit monitoring, not knowing that I’d waive my rights to legal recourse for damages. I want him to find a lawyer or join a class action suit and get some money out of these “durrr what are sensitive assets? what’s an attack surface? Why can’t ALL Murricans be happy with this real good socializing risk and privatizing profits scenario, not just the ones who voted in late stage crisis capitalism?”

ETA: First-step enrollment does NOT waive rights to arbitration! Only completing the enrollment by verifying ID and activating Credit Monitoring I learned this by calling Equifax itself today. I mention this in case others made it to Step One, but didn’t yet receive a response in email by Equifax, and were now freaked about being beholden to a no-arbitration clause.

Forget priests and kings, when do we get to strangle bankers (and their ilk) with entrails?

Huh I haven’t finished my enrolment… maybe I will hold off and talk to the CRA instead…

I’m not signing up. Want to be ready for that class action suit that’s coming.

soon, my friend, soon…

These are the people who are supposed to enable the banks not to lend irresponsibly.
Barbed wire would be better.

How is this not insider trading? People should be going to jail for this.

Yeah. A big difference is that many of us choose to have a Gmail account and a Facebook account because we get something out of it. And since we have accounts, if there’s a breach somewhere, we can login and change our passwords and to some degree control the information there and who has access to it. (Though not total control.)

But we never signed up for accounts with these credit bureaus. We get nothing out of them. Presumably I could fill out a bunch of forms (giving up more personal info) and pay to influence the information in them and who has access to it, but why should I have to?

From what I’ve read elsewhere the secure response to this (equivalent to changing all your passwords after a big password breach, or getting your debit card reissued after a breach) is to fill out forms at each of the credit bureaus and tell them to freeze your reports. Then (presumably) no one else can run a credit check on you and issue loans or whatever in your name. But if you then want a loan, credit card, to rent a new apartment or apply for a job, you have to pay a fee to the credit bureau to have them temporarily unfreeze it (which presumably allows anyone to access the info during that timeframe) and make sure that the person doing the check does it within the allotted timeframe.

That seems backwards to me. The default should be that they only issue information to people that I’ve authorized to receive it, and they should pay me a fee for selling my info. That should be obvious. But that’s not going to happen.

Even if the credit reports are frozen, after the breach all the data that was breached is still out there and can be used for other purposes. Things that have nothing to do with credit or the credit bureaus.