Up to 143M US consumers exposed in Equifax hack, could impact iPhone buyers

AppleInsider

U.S. credit scoring agency Equifax has admitted that hackers gained access to the data of 143 million Americans earlier this year, something that could be particularly relevant to people in Apple's iPhone Upgrade Program.

Hackers had access to files between May and July of this year, though the problem was only discovered on July 29, Equifax said. In addition to names, birthdays, and addresses, other compromised data includes driver's license and Social Security numbers. About 209,000 people had credit card numbers stolen, and 182,000 had documents used in disputes taken.

The situation is being investigated by both the FBI and a security firm hired by Equifax. Those worried they may be affected can visit equifaxsecurity2017.com to check, but the company is asking for the last six digits of a person's Social Security number, and not necessarily giving any confirmation other than when they can enroll in planned protection service, which will be free for a year for anyone who signs up by Nov. 21. People can separately ask to have their credit reports frozen.

Apple's U.S. loan partner for the iPhone Upgrade Program is Citizens Bank, which is believed to perform at least some credit checks with Equifax. The situation could also impact iPhone buyers in general, since carriers like AT&T and Verizon also perform checks on postpaid subscribers.

It may be vital that people check whether they were impacted, because the compromised data could be used to gain access to things like bank accounts and medical records.

The iPhone Upgrade Program costs at least $32.41 per month after an initial purchase, but guarantees a new iPhone once a year after a trade-in, and includes AppleCare+. It could see a rush of people this year, given the "iPhone 8's rumored $999-plus pricetag.

nht

Well that's pretty bogus...you need to wait for an "enrollment date" to enroll for their identity theft protection.  Im guessing they hope you forget to do so.

SoundJudgment

If they don't tell you that your name *WASN'T* involved in the attack the moment you make inquiry... then your name ***WAS*** involved in the breach. You will only be given the chance to enroll in their monitoring program Free for a year...and told nothing more about it. In other words... no news is bad news.

arybaryba

nht said:

Well that's pretty bogus...you need to wait for an "enrollment date" to enroll for their identity theft protection.  Im guessing they hope you forget to do so.

Pretty ironic that a company that few, if any of us actually do business with and charged with telling the banks that we're "credit worthy" is involved in such an enormous screw up. You're absolutely right though. They DO hope you'll forget. They even tell you to make a note to sign up, because you won't get another notice reminding you to do so. Then on top of that, as SoundJudgment points out, all you get is a "yup, you're screwed" without any additional information and a year of monitoring, is ridiculous. You're data is out there forever. This is way worse than Target, Home Depot, etc.

magman1979

I would tell people NOT to go to that new Equifax 2017 site, as it's going to be responsible for even more data theft:

https://arstechnica.com/information-technology/2017/09/why-the-equifax-breach-is-very-possibly-the-worst-leak-of-personal-info-ever/

I can't believe their incompetence! Also, AI should update this article to tell people NOT to go to that new site, review above link for background...

anton zuykov

arybaryba said:

nht said:

Well that's pretty bogus...you need to wait for an "enrollment date" to enroll for their identity theft protection.  Im guessing they hope you forget to do so.

Pretty ironic that a company that few, if any of us actually do business with and charged with telling the banks that we're "credit worthy" is involved in such an enormous screw up. You're absolutely right though. They DO hope you'll forget. They even tell you to make a note to sign up, because you won't get another notice reminding you to do so. Then on top of that, as SoundJudgment points out, all you get is a "yup, you're screwed" without any additional information and a year of monitoring, is ridiculous. You're data is out there forever. This is way worse than Target, Home Depot, etc.

It would be nice if there was...I don't know...a lawsuit from 10-20M "clients".

robjn

I checked my info and got a notice saying they did not believe my data was compromised and an optional button to register for protection, I was given a 9/14 registration date for the protection service.

5 mins later, we checked my wife's details, she was automatically given a 9/13 registration date and WAS NOT TOLD ANYTHING ABOUT WHETHER HER DATA WAS AT RISK.

These scumbags don't have the balls to tell people their data was likely compromised - just keep them guessing.

anton zuykov

robjn said:

I checked my info and got a notice saying they did not believe my data was compromised and an optional button to register for protection, I was given a 9/14 registration date for the protection service.

5 mins later, we checked my wife's details, she was automatically given a 9/13 registration date and WAS NOT TOLD ANYTHING ABOUT WHETHER HER DATA WAS AT RISK.

These scumbags don't have the balls to tell people their data was likely compromised - just keep them guessing.

I just checked mine, and it said they believe my personal info was at risk. So, they do tell if that is the case.

lkrupp

Hopefully there will be a massive class action brought against Equifax. We should be compensated for the fear, uncertainty, and doubt this we will have to deal with. If our identities are stolen Equifax should be forced to fix it and compensate us even more. We're not dealing with some retailer who's data was hacked. This is one of the largest credit reporting agencies in the world and has data on us that no retailer would ever have. Equifax needs to pay dearly for its incompetence. The CEO can start off by resigning. Imagine the financial carnage this will cause. You want to buy a new car, or home, or iMac Pro, and your credit rating is in shambles.

anton zuykov

lkrupp said:

Hopefully there will be a massive class action brought against Equifax. We should be compensated for the fear, uncertainty, and doubt this we will have to deal with. If our identities are stolen Equifax should be forced to fix it and compensate us even more. We're not dealing with some retailer who's data was hacked. This is one of the largest credit reporting agencies in the world and has data on us that no retailer would ever have. Equifax needs to pay dearly for its incompetence. The CEO can start off by resigning. Imagine the financial carnage this will cause. You want to buy a new car, or home, or iMac Pro, and your credit rating is in shambles.

CEOs already started... by selling whole bunch of stock last month, that is, between the day they could have potentially known about the breach and before the day the breach was announced.. And, of course, that stock dump was not a part of any investment plan... Yeah, just a coincidence, you know. Just three high level guys decided to dump a lot of shares for no reason.

lkrupp

anton zuykov said:

lkrupp said:

Hopefully there will be a massive class action brought against Equifax. We should be compensated for the fear, uncertainty, and doubt this we will have to deal with. If our identities are stolen Equifax should be forced to fix it and compensate us even more. We're not dealing with some retailer who's data was hacked. This is one of the largest credit reporting agencies in the world and has data on us that no retailer would ever have. Equifax needs to pay dearly for its incompetence. The CEO can start off by resigning. Imagine the financial carnage this will cause. You want to buy a new car, or home, or iMac Pro, and your credit rating is in shambles.

CEOs already started... by selling whole bunch of stock last month, that is, between the day they could have potentially known about the breach and before the day the breach was announced.. And, of course, that stock dump was not part of any investment plan... Yeah, just a coincidence, you know. Just three high level guys decided to dump a lot of shares for no reason.

And the claim is that those execs had not been informed of the hack when they sold. Like we're supposed to believe that and say, well okay then. 

bloggerblog

This reminds me of OPM's breach of 2015. They too wanted us to enroll in a program right after their system got compromised. 
The irony!

nht

I now have a freeze at Experian, Equifax and Innovis.  Trans Unions Freeze page evidently just fell over because of the load.

gatorguy

lkrupp said:

Hopefully there will be a massive class action brought against Equifax. We should be compensated for the fear, uncertainty, and doubt this we will have to deal with. If our identities are stolen Equifax should be forced to fix it and compensate us even more. We're not dealing with some retailer who's data was hacked. This is one of the largest credit reporting agencies in the world and has data on us that no retailer would ever have. Equifax needs to pay dearly for its incompetence. The CEO can start off by resigning. Imagine the financial carnage this will cause. You want to buy a new car, or home, or iMac Pro, and your credit rating is in shambles.

While everyone here has been wringing their hands for ages over a search giant and ads, I've been consistently trying to get folks to pay attention to the true data-brokers selling our information for profit who know so much more about us than any search provider and are far more dangerous to our personal privacy.. Even worse Equifax isn't the largest of them. 

baconstang

Oh, and then there's this...http://www.rawstory.com/2017/09/busted-equifax-forces-hacked-customers-to-waive-right-to-sue-in-exchange-for-using-its-credit-service/  

That's even if you just ask them if you were hacked!

nht

DO NOT SIGN UP FOR THIS.  Get a credit freeze instead.  By enrolling your agree not to sue Equifax and it's only for a year of free service at Equifax's own monitoring company.  In essence you will end up paying Equifax for the pleasure of guarding you from their own data breach next year and not have the option of suing them.

I'm hoping my initial enrollment request doesn't count.  SCUMBAGS!

https://trustedidpremier.com/static/terms

boltsfan17

baconstang said:

Oh, and then there's this...http://www.rawstory.com/2017/09/busted-equifax-forces-hacked-customers-to-waive-right-to-sue-in-exchange-for-using-its-credit-service/  

That's even if you just ask them if you were hacked!

Wow, that's absurd you waive your rights just to check if your information was stolen. 

linkman

Three of their top-level executives sell over $1.8 million in Equifax stock in unscheduled transactions 3 and 4 days after the company discovered the breach and they claim they hadn't been notified of the breach yet? One of them was the CFO. They apparently didn't ask Martha Stewart for advice before selling.

Soli

nht said:

DO NOT SIGN UP FOR THIS.  Get a credit freeze instead.  By enrolling your agree not to sue Equifax and it's only for a year of free service at Equifax's own monitoring company.  In essence you will end up paying Equifax for the pleasure of guarding you from their own data breach next year and not have the option of suing them.

I'm hoping my initial enrollment request doesn't count.  SCUMBAGS!

https://trustedidpremier.com/static/terms

^^^ READ ^^^

Soli

boltsfan17 said:

baconstang said:

Oh, and then there's this...http://www.rawstory.com/2017/09/busted-equifax-forces-hacked-customers-to-waive-right-to-sue-in-exchange-for-using-its-credit-service/  

That's even if you just ask them if you were hacked!

Wow, that's absurd you waive your rights just to check if your information was stolen. 

That's some bullshit. That can't hold up in court since we have a right to know.

Unfortunately, I didn't see these posts before I checked to see if my info may have been compromised and was given a future enrollment date.

SpamSandwich

Never mind the iPhone, we're talking about nearly half of the US population.

And let's not even mention that a number of Equifax executives sold all their company stock before announcing this, there is going to be a long list of arrests.