MSE News: Got an Equifax letter saying you were hacked? The helpline's struggling...

keiran

keiran wrote: »

I've just got my letter
they say all this info has been accessed:-

- name and address
- date of birth
- username and password
- secret question and answer
- first and last 4 digits of my credit card

I am astounded.
These credit reference agencies are entrusted with our most sensitive, privileged and confidential data, and of all parties, must understand the huge importance of data.
On top of that, we have no choice in their obtaining and maintaining this data.

How then did their systems allow this breach?
How then are they not liable, personally to me, for that breach?

It's chickenfeed to give me free access to my own report which they hold

Should not there be an imperative for substantial damages and for heads to roll?

I've just had the most surreal experience
I decided to take up Equifax Protect and telephoned the Filipino centre. The letter said it would take 15 minutes. The lady asked me questions on my report (I have a very substantial report as I use a lot of financial services - 0% balance transfers, bank switching offers, etc). I am certain I answered correctly. She said I had to send in ID documents... I went ballistic

So Equifax allows hackers and criminals unimpeded access to my confidential and privileged information, and yet it makes me go through hurdles to access my own report!

I thought it would be incumbent on Equifax to make this process as smooth and stress-free as possible. Instead of this, they are making me do more work in the face of their incompetence.

I have raised a complaint, for what it's worth.

Are others being asked for ID documents to be sent?

If any fraud does occur due to this hack, will Equifax be liable and cover all costs?

stmartinsdiver

Upon receipt of the letter advising me my data had been stolen I called Equifax and surprisingly got answered immediately. The discussion was a little painful as I had to spell my name several times and neither of the agents I spoke to could say it (Ian is obviously not in the list of familiar names to Filipinos). I was then asked to confirm my address and DOB so they could send me a copy of my credit report by post - They failed to understand my sense of humour when I asked what was being achieved by answering their 'security' questions as if I was the perpetrator of the theft then I'd know all the answers. I also pointed out that I could see that my phone number was wrong from the last 4 digits that were quoted which meant I could have been refused credit as the numbers would not have matched. They did however, understand the irony in offering me services 'to protect my data'.

pollypenny

keiran wrote: »

I've just had the most surreal experience
I decided to take up Equifax Protect and telephoned the Filipino centre. The letter said it would take 15 minutes. The lady asked me questions on my report (I have a very substantial report as I use a lot of financial services - 0% balance transfers, bank switching offers, etc). I am certain I answered correctly. She said I had to send in ID documents... I went ballistic

So Equifax allows hackers and criminals unimpeded access to my confidential and privileged information, and yet it makes me go through hurdles to access my own report!

I thought it would be incumbent on Equifax to make this process as smooth and stress-free as possible. Instead of this, they are making me do more work in the face of their incompetence.

I have raised a complaint, for what it's worth.

Are others being asked for ID documents to be sent?

If any fraud does occur due to this hack, will Equifax be liable and cover all costs?

I had the same experience and wrote a letter of complaint. I just had an apology and an offer to refund CIFAS fees if I sent the extra, sensitive information! No chance!

vertex

!!!!!!! Just tried filling in their online form for Equifax Protect and it doesnt work!! It keeps saying "Username already in use" no matter what I input!!! What a bunch of cowboys!!!!!!!!

[Deleted User]

Vertex - try a different browser, it could be that their useless site can't handle whatever one you're using.

I put in a complaint... got an interesting reply...

"I am sorry to learn that you’re unhappy about how Equifax have responded to the cyber security incident in May 2017."

And that I need to contact them on 0800 090 2229 to determine if I've been impacted or not (they'll need Full Name, DOB & Previous addresses).

"Further to your comments, we will be happy to see [set/sign??] you up on Equifax Protect regardless of whether you have been impacted."

They then gave me a unique reference number to quote. Not sure how much use it'll be, but it's a freebie and they hold more than enough data on me, so I'll see what I get with it!

langstroth2

I'm a bit surprised at some saying they hadn't heard of Equifax or Experian or dealt with them, but i guess if you've never had a passing interest to find out how credit scoring works why would you. Data is shared between all sorts of organisations. If you've applied for any sort of credit anywhere chances are your details will have been passed to the above two for checking. Doesn't excuse what's happened at all, but perhaps we as consumers need to get a bit more clued up on how our data is being used, usually to provide a risk profile to a company we've asked for a service from; but also to sold to push adverts at us (for stuff we probably don't want).

vertex

Ive registered with Equifax Protect. They have my details anyway, so thought Id at least make use of their free offer.

My friend uses noddle.co.uk, and when someone used her card for a fraudulent payment she was phoned immediately and they blocked the payment. So Im thinking of registering with Noddle too. Is this overkill if Im already registered with Equifax?

RG2015

vertex wrote: »

Ive registered with Equifax Protect. They have my details anyway, so thought Id at least make use of their free offer.

My friend uses noddle.co.uk, and when someone used her card for a fraudulent payment she was phoned immediately and they blocked the payment. So Im thinking of registering with Noddle too. Is this overkill if Im already registered with Equifax?

Most people register with all three. The third one being Experian which is free via the MSE Credit Club. It is not at all overkill because not all banks use all three, particularly for searches which is always the first sign of any fraudulent activity.

andromedean

I received the letter a couple of days ago about a breach back in June. So I registered with Equifax using their free offer.

Today, I received my first alert from WebDetect which scans for evidence of fraudulent activity on the web. Unfortunately, they now expect me to change every password I have on the Internet to complex combinations of characters, It's taken me years to familiarise myself with a few of them, and I often get those wrong.

If I press on Alert data it provides part of my Email address and part of a password like nothing I would ever use! Do I spend the next week changing passwords into a form so I will never remember them?

Has anyone else used this and received similar alerts? Surely they must have had my data 6 months ago and I'm not aware of anything untowards happening.

It claims my social media footprint is low, but my social media risk is high, yet my Twitter and Facebook sites have no public information available. However, two other names have popped up, Gravatar and Klout which I've never heard of. The first seems to be linked in some way to Wordpress, so I have closed that account. The other seems to be linked to an old Twitter account I've long since closed and can't even access myself! My risk rating remains high however. Any ideas where I can find what site they are referring and how it can remain high?

andromedean

‘A disingenuous attempt to limit liability’
Once customers signed up for the free service, many were perturbed to find in the small print a clause that prevented them from suing Equifax or entering into a class-action lawsuit.

“It’s a disingenuous attempt to limit liability,” Peterson said. “For individuals affected by this we recommend not signing up with Equifax monitoring services,” Pollard said.

https://www.theguardian.com/technology/2017/sep/08/equifax-hack-credit-social-security-helpline-response-criticism

Does this apply to British customers? Presumably we have a cooling off period and can decide not to take up the service, then the condition doesn't apply?