On the other hand, these things always settle out of court, and Equifax certainly won't settle the suit for more than they're worth.
I said it elsewhere, but I think the right response is to opt out of the class, and sue for $1000 in small claims court. If ~15% of the class does this, they are out of business, and lawyers don't get a dime of the $1000.
Also, I'd love to see a new non-profit website that automated the paperwork.
The cost of pursuing each claim individually would usually be sufficiently high as to make pursuing a claim unviable. The behavior would remain uncorrected, and the injured parties would receive neither compensation nor the knowledge that the behavior has been altered or eliminated. Nobody wins in that situation.
And while it's almost inevitable that discussions about class action suits will involve complaints about the lawyers fees, that's not really fair. Mass tort litigation is complex and involves significant investments of time and resources on the part of the attorneys involved. Especially if they actually make it to trial. It might seem unfair at first glance, but it enables the class to access the legal system and justice where it otherwise would not. They may be imperfect, but they're a hell of a lot better than the alternative and have had a profound positive impact on our society.
That was exactly what they were supposed to be about. The way it usually works out, however, is that the lawyers don't really negotiate on the same side of the table as the class and the class members end up with very little. The lawyers, however, get their fees.
That's why everybody gets pissed about it.
There are other legal remedies to force a change of behavior. If the lawyer wants to use my name (as a class member) for leverage in the suit, he or she should be representing me. The class action is something that is supposed to be for the class members' advantage- working as a group for legal remedy. The tradeoff is you don't get as much legal remedy as you may have had you footed the entire bill and risk of a lawsuit yourself. But some of the negotiated remedies are, indeed, a joke.
No, they really aren't, because as the parent says class actions are appropriate where the harm to each individual class member is small, but the small harm is spread out to many people. You as an individual were not harmed much, so you as an individual would not collect much even if you went it alone and recovered 100%. Litigation doesn't (generally) yield more than the harm you suffered.
Besides, if you want a lawyer to represent your interests alone, then you are free to not join the class and pursue your own individual case with the lawyer(s) of your choosing.
According to the U.S. Supreme Court, the “principal purpose” of class actions is “the efficiency and economy of litigation.” The Court has also noted other justifications for class actions, including:
the protection of the defendant from inconsistent obligations;
the protection of the interests of absentees;
the provision of a convenient and economical means of disposing of similar lawsuits; and
the facilitation of the spreading of litigation costs among numerous litigants with similar claims.
Fewer people than most realize are actually able to do this. Good lawyers don't generally take contingency cases, and if the case is even remotely involved, fees quickly reach to six figures.
Perhaps worse is the stress. Once initiated, you have virtually no control over the process, and it can take over your life. The motions and counter-motions, delays and hearings will wear you down. If the adversary is much better-funded, then they can make it nearly unbearable.
The legal system is not what most people imagine, especially those who flippantly threaten to sue. You have to go through an action (or be close to someone who is) to really get that. Engaging is stressful and costly and, unless you're a combative type with deep pockets who just loves to fight, you'll likely feel like you lost, no matter the outcome.
This, as much as anything, is why class actions are so prevalent.
If you're paying them they're representing you. If they spend a single client's or their own time building a case, they're not representing you. They are representing your class. If you want to be represented, opt out and hire a lawyer.
The lawyers are getting their fees to pay for the service of causing class-action suits to happen. Even if the remedies for a class member are a joke, the amount the company pays is, supposedly, not a joke (and yes, a good amount of that is probably paying those lawyers), and that's supposed to be a deterrent for other companies who are thinking of making the same mistakes.
Whether this works out in practice is debatable, but the current system is coherent in theory.
No, it isn't better than the alternative. The alternative is to have regulators selected and overseen by elected officials regulate the behavior of companies. We instead of a system of regulation by self appointed ad hoc lawyer-regulators negotiating settlements they think will get past the judge overseeing their case and allow them to collect a fee.
The latter is perhaps better than nothing, but it isn't better than the alternative which happens to be in place in the rest of the developed world.
The self-appointed lawyer regulators at least have an incentive to do their jobs: they get a bunch of money.
That is why I have plenty of competition for Internet Access and Net Neutrality is vigorously enforced
That is why the FTC routinely issues fines for False Advertisers for all the false claims that are made daily in ads
That is why there are plenty of bankers in jail for crashing the economy in 2007,
Government regulation is grand
Paraphrasing, we are currently getting the regulation we deserve - good and hard.
The system was always a plutocracy and will always be.
Of course it's fair. It's not like the members of the class get to shop around for cheaper lawyers. The class gets shit either way, they just have to decide if they hate the company more than the lawyers that charge the obscene percentages. And you can't make any kind of cost argument because a billion dollar case isn't anymore complex than a million dollar case. The whole point of it being a class is that it impacted everyone the same so the dollar figures don't change the complexity.
This case is typical: https://www.paymentcardsettlement.com/Content/Documents/Orde.... $5.7 billion settlement, about $500 million in attorneys' fees, or less than 10% of the fund. $160 million worth of time invested by the attorneys to get to that point.
> And you can't make any kind of cost argument because a billion dollar case isn't anymore complex than a million dollar case.
That's not true at all. Big dollar value cases involve either large harms to relatively fewer people, or relatively small harms to large numbers of people. The former kind of case often involves complex subject matter, such as financial transactions, medicines, etc. The latter kind of case often involves a very diverse class and complex issues of causation and damages. Consider the TicketMaster lawsuit: the basic theory of damages is that class members would not have purchased the tickets had they known that TicketMaster was marking up things like UPS charges. Well, clearly lots of class members would have purchased the tickets anyway. Coming up with a realistic damages model in that scenario is difficult. Furthermore, in big consumer class actions like that you've got class members in fifty states with fifty different sets of laws.
>$5.7 billion settlement, about $500 million in attorneys' fees, or less than 10% of the fund. $160 million worth of time invested by the attorneys to get to that point.
How often to private retained attorneys get $320 million in pure profit. Additionally the 'time invested' already has income for all of the involved lawyers.
The fact that it requires so much expertise and money to "access the legal system" in this way is in itself incredibly unfair and unjust. It's a completely broken system.
The real damages here are going to be to the banks and credit card companies that will have to absorb the costs of all the fraud.
As to the Ticket Master case, you can read the complaint yourself and see if $5 or so per class member settlement value was reasonable: http://www.ticketfeelitigation.com/docs/Fourth_Amended_Compl.... The theory was that TicketMaster didn't disclose that it was marking up fees for things like UPS delivery and order processing, and that if customers had known they wouldn't have ordered the tickets. That's a weak damages theory, because customers don't care about line items they care about the bottom line. Either they'll pay $X for the tickets or they won't. Unsurprisingly, that weak damages theory lead to a small per-class-member settlement.
Are credit card companies now in the habit of reimbursing consumers for the considerable time and headache required to sort out fraudulent charges caused by insecure data storage practices in the credit reporting agencies that the credit card companies contract with?
There are numerous reports of identity fraud causing a significant amount of trouble for the consumers involved, and as far as I know, not a one of them has ever received a letter beginning, "We're sorry for the time and trouble you went through to clear this up", with an attached check.
The hassle will be convincing all those companies that you do not in fact owe them thousands, and there is no automatic protections for these types of harms.
It's not a "habit", it's the law. It doesn't matter how the fraudulent charges came to be. If a person disputes a charge and has evidence to show it's fraudulent, then by law the credit card company has to investigate, and deal with it.
It also makes business sense. CC companies make a ton of money with legal transactions, and an anti-consumer, pro-fraud reputation would cost them customers.
> There are numerous reports of identity fraud causing a significant amount of trouble for the consumers involved, and as far as I know, not a one of them has ever received a letter beginning, "We're sorry for the time and trouble you went through to clear this up", with an attached check.
Why would the bank or credit card company send a check? Presumably they're not the one who committed the crime, so why should they cover the damages?
I've had my identity stolen, and it was a PITA to clear up, but the bank and credit companies were reasonable about it, IMO. In a case like this, where it's easy to point at the Equifax breach and say, "See? This is how they got my info.", it's probably even easier to clear up, though I'm sure it's still a hassle.
I'm not sure how much I'd want someone to pay me for an hour of my time. Clearing up identity theft can take many hours. Those are hours I can spend bugging the missus, or even bugging you folks.
I am clearly not to blame for their data exfiltration. Who is going to pay me for my time? What is my time worth to them?
This is all theoretical. My credit has been frozen for a long time. It has been that way since the OPM hack. However, for the sake of expression, I point out that my time is pretty valuable to me. Those who steal my time are worse than those who would steal my property. I can insure my property, I can not replace my time.
Last month my auto registration sticker didn't show up in the mail after renewing it. A trip to the county clerk, then the sheriff's office to file a report, then back to the clerk to get another sticker took almost two hours. Stopping by the local bank to change my address after the online system locked my account for two incorrect password attempts took 90 minutes. 6 phone calls after a cancelled auto insurance policy made an auto draft the next month. My coworker has a pile of kids, two with medical issues, it seems like his wife has a part time job dealing with medical billing issues.
Most of these rambling examples aren't the fault of the organizing institution (unlike the Equifax leak at hand), but in the end individuals are bound by those institutions' organizational practices in their pursuit of normalcy. I don't know how it could be implemented or enforced, but at a certain point it feels like individuals should be compensated for suffering organizational incompetence or negligence.
Which gets me to my response:
Cherish that time. I don't care about longevity, I care about maximum value. I may be content to die today, but I'm not content wasting time on something that is forced on me.
I don't regret much, but I do regret my time that was wasted by others. As I look back, I see do many situations where I could have disallowed that while still getting the same eventual outcome.
For instance, in a past life I may call up to question a charge on my cable bill. Now that I have more money, I don't waste my time on such nonsense. If the cable company wants to charge me an extra $20 for no reason, they can do so, because it's not worth my time to call them up and get shuffled between departments for 2 hours.
But the time it takes on the phone to talk to an agent, review your records for legit vs illegit charges, etc. are not reimbursed, which is what they were on about.
> Why would the bank or credit card company send a check?
I think we're talking Target writing the check. Which they didn't exactly volunteer to do, but was covered in the class action at least: https://targetbreachsettlement.com/mainpage/CommonlyAskedQue...
Fraudulent charges on a credit card are the least of my concerns. This opens us up to a lifetime of identity theft and insecure accounts of every sort. I'm not even sure how they can approach remedying the problem. Coordinate with the SSA to get 150 million people new SSNs at the least.
There is mo way to even estimate the damage as some devious ways of it harming us may not even exist yet.
Scifi story idea:
Far future. Life extension possible. The government will provide it free (if you want it) - one time only though - when you are near the end of your first life. Upon extension, this technology also turns the clock back to renew you to 20 years old.
You're 78 years old, frail, ready to kick it, but decide to do the extension. You go into the clinic. Give them your information, etc.
We're sorry, you've already been rejuvenated before. We can't help you, unless you want to pay $$$$$$ for us to go ahead with the procedure.
The solution, whatever it is, does not include anyone continuing to pretend that the SSN is now or has ever been suitable for any purposes other than for tracking government benefits managed by the SSA, and possibly also for tax filings with the IRS.
... and all of the other government benefits, programs, or mandated activities, many (all?) of which demand your SSN. Are you even sure that the credit industry, i.e. banks, originally misused SSNs? I wouldn't be surprised if they were required, by the government, to use them, precisely because it is the closest thing to an official "unique identifier".
Some people also might be concerned with not receiving their SS benefits either, which isn't entirely far-fetched given that others might now be using it for nefarious purposes (like trying to collect their SS benefits).
I read something somewhere else (maybe on a different HN thread, maybe here?) that this was changed in 2000 for something called "red flag laws", IIRC.
So yeah - it is required.
There's no such thing as loosing your ssn because it is already public.
No one will be paid for their time wasted over ID theft resulting from this breach. That's what "made whole" would mean to me.
The extent of the potential damages here isn't limited to credit card fraud. Having your SSN leaked along with your name, date of birth, every recent address you've had, etc. opens you up to a lot of other attack vectors.
Furthermore, credit reports can often inadvertently contain information that relates to one's medical history - you can request that this information be obscured or sealed in your report if you find it, but that means that certain medical information is also within the scope of the potential leak.
The government is clearly of the opinion that they can and should prosecute people for leaking information which could cause possible harms.
I’m clearly not a lawyer, but these scenarios seem pretty similar to my untrained eye.
I've been through quite a bit of training and held my clearance for years. I was a victim of the OPM hack. Well, I guess I still am a victim. Mens rea doesn't really apply when handling classified material/data. If it is accidental AND you report it properly, it's not jail - you are so losing your job, however. You also lose your clearance. It has been a while, but I'm pretty sure you lose it forever.
This is not true at all. They simply reverse the charges. Businesses who accepted the fraudulent transaction(s) are on the hook for it. Anyone who runs a business and handles credit card processing can confirm this.
It does seem like any penalty for something like this should severely impact the ability of the company to operate though.
I suppose a $0 way to penalize them severely would be to force Equifax to allow individuals to opt out of having Equifax store information about them. Lots of people would do so without understanding that it might impact their ability to get a loan, but so what.
Maybe the USA needs everyone to have a new ssn and ban with very strict penalties is use by any one other than the state and then only for highly restricted usages as it is in the UK
While it doesn't solve the "papers please" aspect:
1. Card holds biometric data of person, plus PIN. Card is the only thing that holds this.
2. All card does is output "yes or no" if you are you.
3. You have or use a reader for authenticating who you are. The reader takes you biometric data (fingerprint scan, face scan, or something else), and has you enter your pin. It takes this info, hashes it, compares to the stored info, and outputs the "yes" or "no" answer.
Very basic thing here. 3-factor, and the data about you is never stored anywhere, and the card/reader combo does the rest. The data about you never leaves the card (in fact, it can't - it would be write only for that data).
We have all the technology to do this today. What we don't have is the will. So it won't be implemented.
I'm not saying the above is perfect - but it is 3-factor (what you are, what you have, what you know), and that is what is needed most. The information stays with the owner on the card. All transactions can only be done with the card on-hand to prove you are you. You can change the PIN at will, maybe even the biometric data - but both are write-only, and can't leave the card. The card can read in data (an image for the biometric data, and the code for the PIN), but all it does is hash that together, compare it to the stored hash, and output a yes/no.
I'm not saying the above is perfect, and I am sure I have forgotten something. But it - or something like it - is what we ultimately need. But we won't get it. Ever.
Also, notice the other subtle dependency that was introduced with the PIN only kept on the card - the PIN might as well not exist.
This is all known. The issue isn't how to design a security system. The issue is the fly by the seat of the pants lack of security with deadline driven products. Those products only appear to implement a feature set and really don't work, just appearing to work in order to achieve the release exit criteria of a minimum viable product. This gets compounded by products hardly ever revisiting their earlier phases, choosing in this case to add new web features instead of hiring a security team.
IANAL, but can't you only sue for actual damages not hypothetical damages? According to this  your identity with SSN is only worth $30 on the black market. To get $1000 out of them you'd probably need to have your identity actually stolen and prove it was stolen from Equifax.
Perhaps reasonably ask for 3 years of monitoring, so $980
But those aren't actual costs incurred yet.
This breach, I suspect, makes that less likely to be true. After all, one of the few reasons a new SSN can be issued to someone who has one is “A victim of identity theft continues to be disadvantaged by using the original number”.
Credit real time monitoring should be an entitlement for those whose data is being collected.
This would cost them a fortune.
Doesn't help for all the other issues this will cause, though.
I guess treble damages are not called "punitive" but they're also not "actual".
That said, I've never tried it, so it's possible my understanding is wrong.
Once in normal court, you would need to hire a lawyer, and they would just find some local representation. At this point, you would probably withdraw the case because it isn't worth that investment.
But suppose you kept going. Their local council is going to proxy their attempts to change venue to where they are located. Unless you had a really compelling argument, they would probably win the change of venue. Now you need to find another lawyer somewhere else, and it is probably an expensive locale like New York or LA where they have a firm on retainer. Still want to push the case? Me neither.
By all means, try the small claims route. But don't think for one second that it is a slam dunk.
Alabama: Must file in municipality where the other party (defendant) resides
Alaska: Easy to move to regular court
Arizona: Easy to move to regular court
Delaware: Cannot be used for punitive damages (basically this)
Indiana: Easy to move to regular court (If I am reading it right)
Michigan: Easy to move to regular court
New York: Must file in municipality where the other party (defendant) resides
Oregon: Basically must file in municipality where the other party (defendant) resides. Easy to move to regular court
You can't even dispute $15/month, since that's how much Equifax charges for their identity protection, so that must be how much it's worth since they caused these damages.
That makes it more like $7200 in damages, not including the cost of money over time, inflation, etc.
For the rest of your life
You could create a system that'd help you file SCC complaints quickly, but to have it detailed enough to pass the defendant lawyer's complaints about the deficiencies in your documents would be difficult.
The size of that problem, however, decreases with the narrowness of the subject matter you want to cover/make claims about. If it were a 'Sue Equifax For The 2017 Data Breach' service, then it might work (the whole point about class actions being that they're similar - commonality, typicality etc - enough)
Corporation or other legal entity — A corporation or other legal entity (that is not a natural person) can be represented by a regular employee, an officer, or a director; a partnership can be represented by a partner or regular employee of the partnership. The representative may not be an attorney or person whose only job is to represent the party in small claims court. An attorney may appear to represent a law firms as long as that attorney is a general partner of the law firm or is an officer of the corporation. However, in both instances, all the other members of the partnership and all the other officers of the corporations have to be attorneys as well.
I sat on a jury in TX where a couple was suing an insurance company, and the insurance company wasn't represented by an attorney. It was really strange, because the first thing the gentleman does is stand up and spend 5 minutes explaining how he isn't an attorney but he regularly represents the insurance company for smaller claims (it was something like $20k IIRC). Then for the remainder of the next hour and a half or so he stumbled around with arguments against the couples slick lawyer. I guess the guy probably lost most of his cases (?) but its worth it to the insurance company to spend a few hundred bucks getting this guy to show up unprepared for an hour or two in the odd chance he could save them $20k every few dozen cases.
I think states usually allow a regular employee of the corporation to appear, though.
Obviously, the small claims court procedures may vary according to jurisdiction, so you'll have to at least check your state's website before running down to the clerk with filings in hand.
It must be a regular staff member or manager.
I did not check how many states have a law like that.
This has all the forms and a link to what to do with them: http://www.courts.ca.gov/9744.htm
Give me a service and I'm ready to pay.
SCC is not hard, it's cheap, and it's designed to be easy to do and not require legal assistance to do so.
There's usually no enforcement of penalties in small claims court.
Don't speak on something if you don't know what you're talking about.
the only difference is a giant corp can simply say "hey sorry we didn't pay earlier" when if a consumer tried to do that we would have more penalties placed upon us.
Whose wages? If you win against Equifax, Equifax isn't getting a wage. Equifax is paying wages, but you didn't win a suit against its employees. You won against the corporation.
place a levy on their bank account
Seems like your best bet. However, this might be complicated, depending on how they've distributed their assets. Quick, can you tell me the name of the bank, the account number and the exact name on the account?
placing a sheriff in their area of business
Seems to me that Equifax might just keep draining your account through continued fees.
submit to a collections agency
I suspect this might be satisfying in its symbolism, but not necessarily effective against Equifax.
Seems like good advice.
perpetuating this mindset that the average consumer is too weak to do anything to these corporations and individuals who hurt them through the court system is nonsense and needs to be avoided. From the article posted below (where my other comment is):
"Allen then reported to a local branch of the bank with sheriff’s deputies, who he instructed to remove cash from the tellers’ drawers, furniture, computers and other property. Approximately one hour later, the Naples News reports, the bank manager produced a check for $5,772.88 to satisfy Allen’s fees and additional costs."
You have a lot more power than you think against corporations and people through our court systems. even small claims courts.
I don't know where else they get their revenue from, but free credit protection will hurt them significantly in the long run.
And guess what, the same questions that they ask you to prove you are who you say you are, are the ones that have likely been stolen!
0: Unless your info is actually used in a way that harms you, and you can prove that it was a result of this, but that seems unlikely to be true for the majority of affected people.
(and I would think refusing to accept Equifax's "coupon" for TrustedID would be a similarly easy argument to make)
there's no right to not having your identity not stolen tho. By this logic, shouldn't you _always_ have the identity-theft prevention service paid for already, regardless of what happened to equifax?
I think you'd have to show _actual_ identity theft occurring with your name to claim damages.
If it weren't for Equifax, anyone trying to use your identity would have a much harder time.
Edit: not to mention the worse damage will be from fraudsters taking loans.
The weird thing is the Comcast debt couldn't have actually been mine. As the date of the debt was smack dab in the middle of when I had service with Comcast before switching to ATT.
Now, during this period I tried to refinance my home and was denied due to a low score with Equifax. I pulled my EQ 2 weeks before trying to qualify and there was nothing. Then I found that after I was denied and pulled it again of course. I submitted a challenge on it, and it was removed within 2 weeks but the damage was already done.
So would this count as real damages?
Whether the debt "could have been yours" isn't relevant, what's relevant is how it showed up there. If someone fraudulently signed up for a Comcast account using your social, and they obtained your social via the leak, then yes the leak damaged you. You could go after the difference in your refinanced interest rate now v. what it would have been had you gotten it at the first request (are you paying 0.1% more because rates went up a week after your denial?) and possible the additional interest paid between the denial and the successful refinancing.
But if the Comcast account showed up on your report because someone fat fingered a social and there was no fraud, the leak didn't damage you at all and it was just bad luck.
1 legally guaranteed free credit report / year
* ($5 freeze before + $5 unfreeze after)
* 3 agencies
* 33 more years of healthy remaining life God willing
= $990 right there.
Move apartments or change jobs just once in that interval, and it will bring you up to a round thousand. Bam.
The sad truth is you can do everything right to the best of your ability and still get hacked. So just the fact that they were hacked isn't sufficient evidence that they were negligent.
Also: "I am launching a formal investigation into the #Equifax breach. Today, I sent a letter to @Equifax seeking additional information." https://twitter.com/AGSchneiderman/status/906197644841766912
I looked into credit freezes yesterday. This is really a total scam. You have to _call_ each of the three agencies and pay a fee ($5 to $10) each time. If you need to unfreeze your report to make a legitimate credit application you have to call each of them twice (once to unfreeze and another to freeze) paying fees every time.
Now if you're a paying member (paying a minimum of $15/month to each agency) you can just lock and unlock your credit file on a mobile app (well, three mobile apps and I'm not sure all three support this). It's amazing how convenient things get once they're already extorting you for "credit protection".
This shouldn't even be legal.
Also, if a fraudster defrauds a financial institution with your personally identifiable details, it should be an issue between the agency and the financial institution as you were not a party to this loan. The reporting agency saying you were should be slander.
Financial institutions should be interested in consumers having an easy ability to lock their credit files as it would decrease the number of fraudulent credit applications.
So why can't I have a mobile app (or three) for free that allows me to easily lock and unlock my file or, better yet, to vet every inquiry and approve it or not?
At this point, their lack of basic security practices has endangered national security by weakening the banking and credit systems.
On top of that, this company is massively unpopular. Their only purpose is to potentially slander Americans en masse. Make a fucking example out of them so the rest of the finance industry takes notice.
Not on a whim, but for (e.g., in Delaware) “abuse, misuse or nonuse of its corporate powers, privileges or franchises.” (Delaware Code Title 8, § 284.)
> We have due process and the rule of law.
While rarely used in practice currently (it was more used in the past, and there is a movement to revive the practice), the law provides for charter revocation for corporate misconduct.
Basically, however appalling the unaccountable power of credit bureaus is, it was legal yesterday and it's not the job of either the executive branch or the judicial to decide today that such power isn't legal today. The judicial system especially is oriented towards prevent that kind of thing. Rather, deciding that is the job of (even more dysfunctional) legislative branch.
This, of course, doesn't guarantee that executive or judicial branch couldn't "get religion" and try to get end this situation but it would have it own messiness.
And there you have it - an American legal/government system very much resembling a well built car driven far too long without an overhaul.
But the problem is:
A. If Equifax gets a judgment for close to or for more than the company is worth, the simplest way one could assure the suit is paid to sell the company, keeping the operation going rather than ending it.
B. Many businesses integrate credit checks into their operations - it's ridiculous and despicable as mentioned by other but most of these companies and individuals (landlord for example) at least imagine they couldn't survive without the credit agencies so this large group would push for another solution then just getting rid of the credit agencies.
C. Getting rid of one credit agencies leaves the other two even stronger.
It is also unlikely a $17 billion market cap = $17 billion in assets during an emergency sale. Especially with the shadow of a $17 billion judgement that could encumber the acquired assets.
It's bad business to acquire assets from someone with a judgement against them, unless you're getting a great deal.
If there is a judgment against a company which that company cannot pay, that company enters bankruptcy.
What happens when a corporation enter bankruptcy is the assets of the corporation are assigned to a receiver. The receiver then disposes of those assets with the aim of raising as much money as possible to pay the creditors involved. In the case of a credit bureau, keeping the bureau functioning would arguably be the best way to earn money to pay the individuals who the corporation owes money to - both the people who the got the judgment (first priority), other creditors(second priority) and then the share-holder (third priority).
This situation means that corporation that produces toxic waste, dumps it in a river and goes bankrupt from a private suit against it could continue to produce toxic in order keep producing and making money, in order to pay that judgment (it would probably be argued that the toxic-waste leak was a one-time thing).
Part of the problem is a private lawsuit isn't a substitute for state regulation even if it's often presented as such. Part of the problem is the very worst that happen to the owners, the shareholder, is their shares become worthless so their incentive for stopping truly bad behavior by organizations is limited.
You might say this is fucked-up and I would agree with you. Don't confuse my comments with statements of support for how things. I simply want to thorough, accurate and complete summary of just what a messy we're in.
In Project Mayhem we have no names.
Europe operates just fine without the notion of credit or credit agencies.
Some of the legislative branch dysfunction is due to interference from the same corporate interests they should govern.
Corporations are able to DoS their oversight.
You are correct there will be unexpected messiness. The question becomes whether our current trend is sustainable over the long term; many believe the second order effects cannot be worse than the path we are currently on.
But with the current administration as well as Congress (we're likely to see a Federal gov't shutdown over the budget even though the Republicans control the legislature and White House), I wouldn't anticipate seeing any regulation down the pike because of this.
They mention the Struts vuln, but not which one... did an attacker access the info directly via a naive attack, or was this a campaign? Having worked on Enterprise-Ready(tm) systems I wouldn't be surprised if Equifax had an unsegmented network...
Not yet. People might be annoyed but not many of them have been harmed yet. They're harmed when their identity is actually stolen (i.e. used by someone else), not merely when someone gets access to their data.
(Not saying I like this system. Just saying this it how the system works.)
So this would only work if you can find a clause permitting them to do this. I assume this would be the commerce clause?
In reality 1. You can be shot by a cop even if you do not pose a real threat (they just need to claim they though you might have a gun, simple) 2. People are routinely kept in jail for unreasonably long time because their families cannot afford bail often on things charges are dropped for later 3. Ever hear of civil forfeiture?
The whole thing is a nice story that we love to repeat to each other. Maybe it was easier to accept that during the cold war when the other guys were worse and news traveled slowly (or didn't). It's pretty apparently that isn't true given the quick news cycle... and opening any US history book.
Sometimes I wish I could myself become a corporation. Seams it's much easier to exercise your rights as a corporation.
Yes, a process in which the government has to prove to the same standard of evidence as someone suing you. That is due process.
In practice this is a huge difference.
That's not quite true. They don't make a claim against _you_. They make a claim against the property.
So, it's the same level of evidence and adversarial hearings as someone suing $1,000. This is not due process. It's a farce.
And federal civil asset forfeiture almost always starts out as administrative forfeiture which doesn't involve the judiciary at all.
When the feds seize an asset the owner has 60 days to file a claim. If no claim is filed the government keeps the asset.
If a claim is filed, the government can either pursue civil or criminal forfeiture. In the case of civil forfeiture there is a right to a trial by jury.
However, as I said previously this isn't automatic. The person has to either have the legal knowledge to know how to file a claim, or they need a lawyer. In the majority of cases no claim is filed in many cases because the legal fees necessary to recover the asset will be greater than the value of the asset.
Basically if the government sizes a few grand in cash, it will cost you too much to recover it to make it worth it.
In states like Tennessee, police can seize your cash and you have to sue to get it back. They automatically get to keep the assets unless you sue them. They don't need to convince a jury of anything unless you sue them.
This is not the same thing as a person suing you and then using a replevin action to force you to give up your property. This is like if a person broke into your house, took your TV, and then you were forced to initiate a lawsuit to get it back. Plus you couldn't recover legal fees, it was significantly more complicated and costly than small claims court, and the thief suffered no consequences beyond returning the TV even if they lost the case.
Even Clarence Thomas, the most conservative member of the the Supreme Court, indicated in recent statement that he believes the current way civil asset forfeiture is practiced is unconstitutional.
I'm as emotionally upset as anyone else, but if in fact this was a zero-day, I also lose the basic lack of security practices argument.
If you have the most sensitive information for millions of people, maybe don't only worry about perimeter defense?
Given the number of FS sites running on IBM Websphere and Struts, this may only be the tip of iceberg.
This is what pisses me off - I never gave them authorization to collect information on me. I have no business relationship with these companies. To me they look a lot like parasites even when they're not giving away my data.
yes, I realize that the definition of "coercion" here is complicated and nuanced, but I feel the point stands.
It basically just forces an auth flow for a credit application, which is quite sane. You can also do the whole process - enrollment and manual authorization - online. It was quite painless for me to do it a couple of years back.
Yes, and I think it's a bigger question of why we have so little control over or access to our own data in the first place? It's a racket that they monetize our data by selling it to others, then charge us again to access and protect it. And, if you've ever had to go through the pain of having something corrected in a timely fashion, then you know it's doubly-maddening. They are purposely opaque and byzantine.
Yet, without our data, they'd have no business.
Yet, without credit rating agencies, you'd get no loans.
Loans existed for millenia before credit rating agencies, so that seems unlikely. It's more likely that the people getting the best loans terms today would pay a higher cost for borrowing without credit rating agencies, and that credit references would be more important, though.
Equifax — 1-800-349-9960
Experian — 1‑888‑397‑3742
TransUnion — 1-888-909-8872
It's mildly interesting how different the experience was across the three. Experian gave me the choice between choosing a PIN and getting a generated one, Equifax just gave me a PIN, and for TransUnion I had to choose the PIN (shorter than for the other reports) myself.
You and your wife just did it 1 minute apart...
"You'll need to supply your name, address, date of birth, Social Security number and other personal information. Fees vary based on where you live, but commonly range from $5 to $10."
So depending on where you live, you probably have to pay.
I've just been skimming search result for lawyer... You're pretty much the only one actually asking for one...
Edit: well, you have to pay with a credit card so it's traceable, so not that bad.
f no I'm not paying them anything
Federal Law allows a fee, some states have passed laws mandating no fee, or no fee to freeze but a fee to unfreeze, etc
Indeed. This is now no longer something that would be nice to have; it's the only way the system can possibly work. If a credit agency can no longer verify your identity by asking you questions about your history -- the criminals now have all that information -- there's going to have to be another way.
Sounds like a great YC application! Someone should do it!
Also, although they offer 1 free year, the problem here (social insurance number, etc) is a lot longer than that, so you'd be paying a recurring amount, wouldn't you?
Of course, Equifax just gave me a 500 AND charged my card anyway, so that was nice. The other two worked fine though. Equifax is a steaming pile of garbage.
Edit to mention that I only used burner cards for the payments.
"This is not financial advise:
I remember a few commentors on HN recently saying they have made large gains by buying stock of companies after the news of cyber security breaches significantly reduced the share value, then waiting for the dust to settle(reaction-news-cycle to complete) and price to return to similar value after a few months."
Hopefully this time will be different, but I doubt it.
Fees vary by state. I think I paid ~$20 total and not all of them charged me.
(In theory if someone steals money through your debit card you can get it back... in theory. I'd like to avoid ever having to find out how well this works in practice).
They charge interest, but you don't pay any interest if you settle the full balance every month, which I always do.
Most merchants/payment processors include a premium for handling the edge cases that arise from credit-linked misbehaviour. In the same way you sometimes get a cash discount, removing the merchant/provider protections should show up in your wallet as a good (and surprisingly high) surprise.
As I understand it (please correct me), the party who gains for the furtherance of this agenda is the financial service sector who has another opportunity to insert marginal fees and more importantly, a direct access to your transactions without necessarily having the same fiduciary duty or alignement of goals than a bank teller/account manager would have.
FYI. That is a satire / parody site and not the real one.