
As Equifax Amassed Ever More Data, Safety Was a Sales Pitch - tim_sw
https://www.nytimes.com/2017/09/23/business/equifax-data-breach.html
======
paul7986
Things I’ve learned thru this that I’ve found appalling...

1\. Freezing your credit is meaningless thru Experian. You or anyone can
obtain your freeze pin using your personal now public info via their tool
[https://www.experian.com/ncaconline/freezepin](https://www.experian.com/ncaconline/freezepin)

2\. If you freeze your credit with Experian they send you a letter in the mail
saying you will no longer receive credit cards offers for five years. Also
that they notified Equifax and Transunion to halt any and all offers to be
sent to me. WOW who are these people the mafia? I just wanted to freeze my
credit thru them.

~~~
g051051
Freezing your credit means no company can get access to your credit history.
If credit companies can't pre-screen you, you won't get any credit card
offers.

~~~
tylersmith
That's a great side effect. If you need a credit card you can solicit one
yourself.

~~~
g051051
Yes, exactly. I put a promotional block on my file over 20 years ago, and the
number of credit card solicitations went to zero. It's never stopped me from
obtaining credit whenever I wanted it, though.

~~~
dmoy
Wait how do you put a block on? I'd love to stop receiving cc offers every
other week.

~~~
AFNobody
[https://www.consumer.ftc.gov/articles/0148-prescreened-
credi...](https://www.consumer.ftc.gov/articles/0148-prescreened-credit-and-
insurance-offers)

There you go. Enjoy.

~~~
dmoy
Awesome thanks!

------
blfr
_Equifax persuaded more than 7,000 employers to hand over salary details for
an income verification system_

How? Is it all from the Talx acquisition?

If not, that is impressive. For many companies payroll is the most or even
only really sensitive information.

~~~
makmanalp
Aren't there laws against releasing payroll data without the consent of the
employee?

~~~
PretzelFisch
Part of a Talx order is the employee giving their consent.

~~~
KGIII
I know this is going to be movie. I can't decide if it will be drama, mystery,
action, or comedy. At this point, I'm expecting someone to go on a shooting
spree or commit a murder-suicide.

Seriously, Hollywood screenwriters couldn't have come up with a plot this
complicated. My favorite part is often overlooked. Earlier this year, they
lobbied to remove what few rights we have in case of breaches/losses of PII.
As in, they lobbied to not be held accountable or have to give notice in case
they were breached. I think that was back in May of this year. There has been
so much new information, I can no longer keep track.

If this were a movie, it would suck - because it's too far-fetched and
unbelievable. If someone were telling me this story, and I didn't know better,
I'd assume they were lying. It has almost reached the point where it is
comedic.

~~~
PretzelFisch
Just wait for Fannie Mae's "day one certainty" initiative( starts later this
year) services like Formfree's accountchek (you to provide them with your
login info for all of your asset accounts so they can verify it for your
lender) will be required in order to get a mortgage or refinance.
<sarcasm>What could possibly go wrong with this service.</sarcasm>

------
austenallred
Safety was _the_ pitch. That’s literally the only thing the company does.
Gathers and stores information for you to access when you pay.

------
orange_county
Seems like the credit and banking industry is so dependent on the credit
bureaus. Is there a way we can have credit cards, loans and mortgages without
the need of centralizing pii data?

~~~
ams6110
Sure, we could all pay interest rates that are based upon some amalgamated
average risk profile, so you end up subsidizing deadbeats who don't pay their
debts.

~~~
stnaoent23nt
As someone who pays their credit card off in full every month, that would be
fine with me. I never pay interest.

~~~
bigheadpercoli
It's not only about credit cards. Mortgages, car loans, working day loans,
etc. as well

------
quuquuquu
Nice. Equifax also has our employment history, our tweets, our salary info,
and sells us protection from the risk they create.

Love it, man. Pretty soon I won't have a job anywhere because of some
erroneous data Equifax reports in their background check of me.

I guess my principal source of income in the future will be recycling cans!

~~~
tylersmith
Not Equifax, but Experian advertises that they "scan the dark web" for your
person info which means either they're lying (hopefully) or they're actively
contributing to the personal information market by buying information from
criminals to see if their customers' data is present.

These credit agencies are nothing but harmful for the majority of consumers.

~~~
quuquuquu
I saw this commercial too. Utter lunacy. I am not even surprised anymore-
these corporations have the green light to do whatever they want. Only wrist
slaps for punishment if they do truly heinous things.

Houses wouldn't be so expensive if nobody had access to credit. Nobody would
be betting with 5-7x their yearly income.

~~~
keganunderwood
The only good solution is life in prison for the CEO and the board. Fines will
not work. We need to fix incentives at the top.

~~~
colejohnson66
Fines would work if they were a substantial amount instead of what they are
now. Look at the EU fining Google $2.7 _billion_. If the fine is more than the
amount made doing something illegal, companies would think twice.

~~~
keganunderwood
While fines can help ethical people make the case that they should do the
right thing, I am afraid it isn't enough.

What I'm talking about isn't the actual data leak but rather what equifax did
or did not do before and after the leak. That is the real crime here. I don't
see the CEO and the board facing prison which means we need to change
something.

~~~
RhodesianHunter
The CEO and Board should face prison if and only if it can be proven beyond a
reasonable doubt that they broke the law.

We're a nation of laws, not pitchforks.

~~~
keganunderwood
> We're a nation of laws, not pitchforks.

We are a nation of what we choose to be laws and right now it feels like we
are a nation where there's no responsibility for the people at the top.
Plausible deniability has gone too far. As with everything in life, we need to
seek balance and the balance is making sure the board and the CEO have an
incentive to ensure the organization isn't systemically violating the spirit
of the law.

We are a nation of laws but laws aren't something we got from the mountaintop.
We need to tweak things sometimes.

~~~
RhodesianHunter
> We need to tweak things sometimes.

This means creating new laws.

------
otakucode
Naive question: Why would credit reporting companies resist allowing consumers
to freeze their credit? I would think, if anything, it provides them another
data point and does not otherwise affect their business at all. Is there
something I am overlooking?

~~~
hn_throwaway_99
Credit reporting agencies make the VAST amount of their money by giving your
reports to companies that ask for it, _even if unsolicited by you_. Putting a
credit freeze kills this ability to make money off you without your knowledge.

In fact, I think one way to do more consumer-safe credit reporting is to make
it so that agencies are _ONLY_ allowed to give a person's report to that
particular person. When a person applies somewhere for credit, they would need
to ask a credit agency for their report, and then give it to a prospective
lender (the report would be cryptographically signed). That way you at least
control who has access to your information.

------
mtgx
I believe Equifax is even a certificate authority as I saw it in the root
certificate list of a Xiaomi Android 6.0 phone.

------
dba7dba
Equifax was advertising an opening for DevOps engineer right around the hack
took place.

------
blondie9x
Third paragraph, scraping, not scrubbing.

------
gm-conspiracy
Project Mayhem?

~~~
lwansbrough
Seems like the easiest way to do this would be to use all the data from this
breach to create a massive amount of noise in the credit system, making it
virtually impossible for people working for these companies to do their jobs.

------
chewz
Fiat currency is based on trust.

With so many security breaches around does it mean that currency is losing its
value rapidly? Is a dollar on a credit card worth less post-Equifax?

~~~
ams6110
Fiat currency is actually based on the ability of the government, ultimately,
to take assets from citizens at the point of a gun.

~~~
thesagan
A bit of both, really. Users of fiat money have to trust the government's
effective use of force in supporting the transactional utility of the
currency.

Examples of this sort of failure might be a hyperinflation scenario.
Governments could try to place controls on wages or prices, but might (and
will likely) still fail. Many historical examples of it.

~~~
comex
Force helps, but all that’s really necessary for a fiat currency to have worth
is for users to trust that it will remain reasonably scarce. Example: Bitcoin.
In the case of traditional government-issued currencies, you’re trusting in
humans rather than an algorithm, and that trust can be broken (which is what
happens in a hyperinflation scenario), but it still exists in normal
scenarios.

(And even Bitcoin’s value is in part based on trust in government -
specifically, that various governments won’t ban it. A ban might not be 100%
effective but would clearly decrease its utility and thus its value; recent
events wrt China are a small-scale demonstration.)

~~~
gaius
_all that’s really necessary for a fiat currency to have worth is for users to
trust that it will remain reasonably scarce_

... and that other people will accept it in exchange for goods and services.
Scarcity alone is no guarantee of that. For the vast, vast majority of people
Bitcoin is literally worthless - the only thing you can do with it is attempt
to convert it into real currency so you can actually use it for something. And
they would rather you did that rather than trying to fob them off with a bunch
of numbers.

