Credit details of 143 million US Citizens comprimised

[jasonvp]

32 minutes ago, Tao said:

but these are tricks to get people agree to be subject to binding arbitration and giving up their rights to be a part of a class action suit.  I would not make any agreements with Equifax, and simply make requests under PIPEDA.

There's a sneaky opt-out clause in Equifax's agreement, at least here in the US.  You can sign up for their service (which is only for 1 year, and will cost you annually afterward) and then immediately send them snail mail.

Right to Opt-Out of this Arbitration Provision. IF YOU DO NOT WISH TO BE BOUND BY THE ARBITRATION PROVISION, YOU HAVE THE RIGHT TO EXCLUDE YOURSELF. Opting out of the arbitration provision will have no adverse effect on your relationship with Equifax or the delivery of Products to You by Equifax. In order to exclude Yourself from the arbitration provision, You must notify Equifax in writing within 30 days of the date that You first accept this Agreement on the Site (for Products purchased from Equifax on the Site). If You purchased Your Product other than on the Site, and thus this Agreement was mailed, emailed or otherwise delivered to You, then You must notify Equifax in writing within 30 days of the date that You receive this Agreement. To be effective, timely written notice of opt out must be delivered to Equifax Consumer Services LLC, Attn.: Arbitration Opt-Out, P.O. Box 105496, Atlanta, GA 30348, and must include Your name, address, and Equifax User ID, as well as a clear statement that You do not wish to resolve disputes with Equifax through arbitration. If You have previously notified Equifax that You wish to opt-out of arbitration, You are not required to do so again. Any opt-out request postmarked after the opt-out deadline or that fails to satisfy the other requirements above will not be valid, and You must pursue your Claim in arbitration or small claims court.

With that, I'd recommend sending it certified so you have record of someone signing for it.  You won't have record of someone actually reading it, but receiving it is enough.

 

 

[Tao]

3 minutes ago, jasonvp said:

There's a sneaky opt-out clause in Equifax's agreement, at least here in the US.  You can sign up for their service (which is only for 1 year, and will cost you annually afterward) and then immediately send them snail mail.

 

 

With that, I'd recommend sending it certified so you have record of someone signing for it.  You won't have record of someone actually reading it, but receiving it is enough.

 

 

Yeah I saw that, but couldn't see Equifax's strategy there.  It seems a bit suspicious.

Either way my statement for Canadians to simply make requests via the provisions in our privacy laws still stands...at least until I hear differently from the Office of the Privacy Commissioner.

[jasonvp]

For folks here in the US:  this isn't something that's going to "blow over" as someone mentioned earlier.  If your data was pulled from Equifax, it's out there.  And it's not going to stop being "out there."  The recommendation of having a credit freeze is the right one.  The charges are different per state, and remember that it merely prevents a credit check.  That's it.  But that's enough.  The damage that can be done with the data stolen from Equifax is destroying your credit by taking out a loan in your name and not paying anything back.  They're not going to empty your bank account out.  They're not going to run up your credit cards.  Nothing like that.

 

They'll "just" destroy your credit rating.  Which may not seem like a big deal to younger folks.  But it is a big deal.  Specially as you get older.

[dfsdfgfkjsefoiqzemnd]

All the more reason to get rid of that stupid credit score system.

[vanished]

3 minutes ago, Captain Chaos said:

All the more reason to get rid of that stupid credit score system.

As I said earlier, the necessary changes are a lot deeper and more complex than that.  But, at the very least, there needs to be a system of identification that only works once, like a digital signature or something so that a leak would basically be meaningless

Spoiler

 

 

[AresKrieger]

Well I've never heard of Equifax before this thread so I think I may be in the clear, so long as it doesn't own Well's Fargo or something

[Lurick]

2 minutes ago, AresKrieger said:

Well I've never heard of Equifax before this thread so I think I may be in the clear, so long as it doesn't own Well's Fargo or something

It's a credit score company pretty much, they are one of three that determine if you're worthy enough to get anything with credit.

Wells Fargo is it's own company, for now, until another scandal breaks out, lol.

[vanished]

So... where exactly is this leaked data?  Is there just like a huge spreadsheet or something we can get a link to? lol

seems that would be the easiest way to check if you're affected  

[Tao]

7 minutes ago, Ryan_Vickers said:

As I said earlier, the necessary changes are a lot deeper and more complex than that.  But, at the very least, there needs to be a system of identification that only works once, like a digital signature or something so that a leak would basically be meaningless

  Reveal hidden contents

 

 

Under PIPEDA we have tools that can be used in this case to prevent bad credit due to identity theft.

First off PIPEDA has a clause for you to be able to submit corrections to your personal information.

However, in order to collect your personal information in Canada, you must give your consent.  I would argue that if Equifax has personal information on you in which you didn't give your consent for them to collect, you could file a formal complaint with the privacy commissioner to have them delete it.  I can't be 100% sure that that would be the outcome, but the Office of the Privacy Commissioner would compel them to fix the situation.

Basically if someone commits identity theft, they can't give your consent to report back information to Equifax.

[vanished]

3 minutes ago, Tao said:

Under PIPEDA we have tools that can be used in this case to prevent bad credit due to identity theft.

First off PIPEDA has a clause for you to be able to submit corrections to your personal information.

However, in order to collect your personal information in Canada, you must give your consent.  I would argue that if Equifax has personal information on you in which you didn't give your consent for them to collect, you could file a formal complaint with the privacy commissioner to have them delete it.  I can't be 100% sure that that would be the outcome, but the Office of the Privacy Commissioner would compel them to fix the situation.

Basically if someone commits identity theft, they can't give your consent to report back information to Equifax.

So basically in Canada, no agency will let someone do a thing without your consent, even if they have your personal info?  Well, what counts as consent?  If they think they're you, does just saying "yes" over the phone or something count?  Because then that would be kind of useless.

[Tao]

6 minutes ago, Ryan_Vickers said:

So... where exactly is this leaked data?  Is there just like a huge spreadsheet or something we can get a link to? lol

seems that would be the easiest way to check if you're affected  

It is probably held privately for now, probably going to be sold or something like that. Probably a while before it is posted publicly.

[AresKrieger]

6 minutes ago, Lurick said:

It's a credit score company pretty much, they are one of three that determine if you're worthy enough to get anything with credit.

Wells Fargo is it's own company, for now, until another scandal breaks out, lol.

I only said that given my credit card runs through them, I hope my family's credit card info hasn't randomly been given to these clowns since I've never checked my credit, also as far as credit scores are concerned I find them to be borderline criminal due to the practices of the people running them.

[Lurick]

Just now, AresKrieger said:

I only said that given my credit card runs through them, I hope my family's credit card info hasn't randomly been given to these clowns since I've never checked my credit, also as far as credit scores are concerned I find them to be borderline criminal due to the practices of the people running them.

Yah, I've never directly dealt with them but my info might have been compromised still so you never know. Just be sure to keep an eye on your credit for a while

I do think the credit scores system is stupid though.

[Tao]

41 minutes ago, Ryan_Vickers said:

So basically in Canada, no agency will let someone do a thing without your consent, even if they have your personal info?  Well, what counts as consent?  If they think they're you, does just saying "yes" over the phone or something count?  Because then that would be kind of useless.

You misunderstand my meaning.  Organizations can be tricked and think that they have your consent by someone committing fraud.  Legally though, you can go back and say "No, you never had my consent" and must comply with the law.  The law of Agency is what is at play there.  The law should work in a similar way in the us.  

The difference is that our regulator of private information can compel private organizations to comply with our law.  I would assume that any information collected without consent would be compelled to be deleted.  In this case, Equifax or other credit bureaus could, in theory, be compelled to delete bad credit reports generated as a result of identity theft.

[vanished]

Just now, Tao said:

You misunderstand my meaning.  Organizations can be tricked and thing they have your consent by someone committing fraud.  Legally though, you can go back and say "No, you never had my consent" and must comply with the law.  The law of Agency is what is at play there.  The law should work in a similar way int he us.  The difference is that our regulator of private information can compel private organizations to comply with our law.  I would assume that any information collected without consent would be compelled to be deleted.

Ah, I see.  So basically when this happens:

29 minutes ago, jasonvp said:

[...] The damage that can be done with the data stolen from Equifax is destroying your credit by taking out a loan in your name and not paying anything back.  They're not going to empty your bank account out.  [...]  They'll "just" destroy your credit rating. [...]

You can just go to whoever and be like "nah actually that wasn't me" and get it fixed?

[Tao]

13 minutes ago, Ryan_Vickers said:

Ah, I see.  So basically when this happens:

You can just go to whoever and be like "nah actually that wasn't me" and get it fixed?

Yes.

Normally this can be done (in theory) via a defamation law suit.

However provision 4.3 and 4.9 of Schedule 1 of PIPEDA outlines needing consent, and needing to make corrections when proof to the contrary is provided.

http://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-11.html#h-26

This is enforced by making a formal complaint through the Office of the Privacy Commissioner.

[vanished]

11 minutes ago, Tao said:

Yes.

Normally this can be done (in theory) via a defamation law suit.

However provision 4.3 and 4.9 of Schedule 1 of PIPEDA outlines needing consent, and needing to make corrections when proof to the contrary is provided.

http://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-11.html#h-26

This is enforced by making a formal complaint through the Office of the Privacy Commissioner.

It just makes me think ... either:

a) That would work, but then, companies/etc. should be doing a better job verifying identify and consent in the first place so that even with your info people can't do things on your behalf, rather than having it so that you have to go through this correction process after the fact, or 

b) This wouldn't work

[Tao]

8 minutes ago, Ryan_Vickers said:

It just makes me think ... either:

a) That would work, but then, companies/etc. should be doing a better job verifying identify and consent in the first place so that even with your info people can't do things on your behalf, rather than having it so that you have to go through this correction process after the fact, or 

b) This wouldn't work

Yeah it is a good question.  I had a provincial court judge as a teacher for one of my business law classes, and he tried to show the difference of how the law works on paper, and works in reality.  The way PIPEDA seems to be written effectively makes credit bureaus illegal in Canada unless you give them consent.  Personally I have never had any communication with Equifax, so I am currious what they have on me.

Another option though is that you can notify Equifax that you revoke your consent (if you had ever given it to them in the first place) to collect your personal information.  There could be consequences to this from Equifax though.
 

[Jito463]

This is really making me consider getting Lifelock.  I've considered it before, but I had already done enough to screw up my own credit rating that it didn't seem important.  Now, though......

[Tao]

3 minutes ago, Jito463 said:

This is really making me consider getting Lifelock.  I've considered it before, but I had already done enough to screw up my own credit rating that it didn't seem important.  Now, though......

What happens when their security is breached?

[vanished]

8 minutes ago, Tao said:

Yeah it is a good question.  I had a provincial court judge as a teacher for one of my business law classes, and he tried to show the difference of how the law works on paper, and works in reality.  The way PIPEDA seems to be written effectively makes credit bureaus illegal in Canada unless you give them consent.  Personally I have never had any communication with Equifax, so I am currious what they have on me.

Another option though is that you can notify Equifax that you revoke your consent (if you had ever given it to them in the first place) to collect your personal information.  There could be consequences to this from Equifax though.
 

I have to wonder if even if you've never heard of them or dealt with them directly, that the terms and conditions on something else might include something that counts as consent

[Tao]

Just now, Ryan_Vickers said:

I have to wonder if even if you've never heard of them or dealt with them directly, that the terms and conditions on something else might include something that counts as consent

Yeah I have wondered that as well.  I haven't had any contracts along those lines for a while.  Also under PIPEDA, you can't just 'yadah yadah' consent buried deep in a contract.  It requires "knowledge and consent".

[Jito463]

9 minutes ago, valdyrgramr said:

I don't have a credit card, so this doesn't hurt me.  I never needed to do a check through them.

This isn't about a credit card, it's about credit rating.  If you've paid for anything on credit (internet bill, utilities, rent, etc), then you have a credit score.  Also, even if you've never used your credit rating, it doesn't mean someone else can't open an account under your name and screw up your credit score.

9 minutes ago, Tao said:

What happens when their security is breached?

Well, their whole point is monitoring to stop fraud.  Their CEO even publicly posted his personal SSN, because their job isn't security, it's monitoring.  If someone opens up an account under your name, you get alerted and then you can have them stop it if it's fraudulent.

 

Of course, now I'm starting to sound like a commercial.  

[Jito463]

1 minute ago, valdyrgramr said:

I pay rent in cash which covers utilities too as well as net.    So, using a debit instead of credit equates to a credit score?

It doesn't matter how you pay, the fact is that you're building credit just by having an apartment and paying rent.  Credit =/= credit card.

[vanished]

Just now, valdyrgramr said:

What if you rent from family?  Does credit still get built?

Think of "credit" (credit score) like a history of trust.  If they see you've had bills and paid on time a lot, the trust goes up and your credit score goes up, meaning people will be willing to lend you more.  Having a credit card you use responsibly is the best way to build this imo but it can be done other ways.