Hacker News new | comments | show | ask | jobs | submit login
Reported difficulties getting help on Equifax's phone lines (washingtonpost.com)
217 points by PaulHoule 65 days ago | hide | past | web | 120 comments | favorite

TL;DR: Equifax phone lines unhelpful for anything.

Suggestion, from https://www.reddit.com/r/personalfinance/comments/6yv4gb/off...

If you do nothing else, place an initial 90 day fraud alert on your file. This is free and will require lenders to contact you if someone (including yourself) tries to apply for credit. Government info. You only have to do this with one bureau in order for the alert to be placed on all three, and it should take less than 5 minutes:

Equifax https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAle...

Experian https://www.experian.com/fraud/center.html

Transunion https://www.transunion.com/fraud-victim-resource/place-fraud...

Just 90 days? I'd rather freeze my credit. I already bought a house and a car. I'm done with needing credit for the foreseeable future. Freezing all 4 accounts (including Innovis, which actually seems like the most competent of the bunch) is the ticket for me.





Experian link just provides a grey page saying "Loading"

Equifax link is dated 2008 and hijacks the back button (wtf)

TU is an account creation page

I've never heard of Innovis :)

Which is not snark at you for posting these links, just a sad commentary on these important pages.

Innovis is usually an intermediary for financial institutions to check all three of your reports. If you've ever seen a hard check on your credit report from CBCINNOVIS, it's them. They're not one of the "big three", they're sort of a 0.5.

The other sites are practically being DDoS'd by people trying to freeze their credit. Glad I did mine before it became a fad. :)

Ah thanks. I haven't ever seen that.

Curious whether there will be a measurable impact on new credit approvals as a result of this apparent mass freezing. Equifax's breach leading to second order effect of retail credit gumming up would piss off Equifax's actual clients in a big way.

This is great advice and appears to be a good thing to do, but I just feel weird giving equifax money to protect me from fallout of their data breach. It feels like I'm rewarding them for losing my data.

I bet millions of Americans, who are suddenly aware of their vulnerability to credit fraud and learning about these options, are paying for requests and freezes.

Yeah, it bugs me too. What about letting "natural consequences" befall Equifax (or rather its customers)?

I take no action now. Scammer gets a $10k loan from BigBank using my info. I get the bill and report it as fraud. Write a few letters to clear it up (http://www.kalzumeus.com/2017/09/09/identity-theft-credit-re...). BigBank will be out $10k and is now motivated to figure out a better way to make loans.

Maybe that big bank should decide not to get credit reports from Equifax and not to send them data. It would be a way to show that self-regulation works before the government forces their hand.

I believe Equifax dropped the credit freeze charge due to the backlash [0]. The other reporting agencies may still charge however.

[0] https://www.nytimes.com/2017/09/12/your-money/equifax-fee-wa...

It didn't cost me anything to do a freeze with equifax; but I have heard of others paying. I am wondering if they only do it for free on those affected by the "hack"?

For the others, I had to pay - Transunion and Experian - $5.00 each; ChexSystems and Innovis were free also.

Yup. P/E of Equifax way up next quarter.

They did say "if nothing else". Implying that you should do more. I got the 90 alert, it takes literally 2 minutes so it's a great first step.

Now we just need a service like letsencrypt and a cron job that just resubmits that form every 60 days.

That would be an interesting idea... Except then the service provider would essentially have a database of names, SSNs, and addresses... I think we all know what could happen next. :(

So ... what happens if I list myself as Active Duty? They also have a 7 year extended plan.


3 Main Types of Alerts and Length of Effectiveness:

  Initial Fraud Alert: 90 days
  Active Duty Alert: 1 year
  Extended Fraud Alert: 7 years
Extended Fraud Alert Request Form

To place an extended fraud alert on your credit file please send to Equifax – via Fax or US Mail - a valid police report, law enforcement agency report, or US Postal service report that allege mail theft. In addition, please provide a photocopy of one item from each of the categories below in order to verify your identification and address. The item you select from the identity category must contain your Social Security number and the item you select from the address category must contain your current mailing address.

Why do I need a police report when I have every major newspaper supporting my case?

Extended alert seems to apply only in cases of mail theft. Completely different from a massive on-line data breach, of course.

I think I should submit the form and include a copy of the articles on the New York Times, Los Angeles Times, Washington Post, Bloomberg, Wall Street Journal, ...

Active Duty means Active Duty in the military, so I'm assuming they'd require some documentation.

I doubt it.

On the other hand, the US Military does not take lightly misrepresentation of serving...

Someone on reddit [0] seems to have signed up for that option accidentally, so it would appear they don't require any documentation.

[0] https://www.reddit.com/r/personalfinance/comments/6zrwdd/soo...

I did, too. Didn't ask for anything.

That reflects some provisions of the Soldiers and Sailors Relief Act, which limits what debt collectors and landlords can do when someone is called to serve. Interest rates on loans are reduced to 6%. Debt collection efforts are restricted. That law is from 1940, and is written with the assumption that creditors, too, must support the war effort.

We're learning that making reasonable assumptions about Equifax is a shot in the dark at best. I wouldn't assume a damn thing with them at this point

IANAL: Claiming active duty when not maybe subject to prosecution under the Stolen Valor Act and/or various types of fraud.

Yeah, I just tried to add this via the Equifax link, entered all of my info, and got an instant "the system is down" error.

Edit: Experian displays a grey screen that says "Loading"

Edit: TransUnion requires I set up an account.

Experian ultimately directs you to this form, which you have to print out, fill in, and snail mail: https://www.experian.com/fraud/form-extended-fraud-victim-al...

TransUnion broke on the second to last step of setting up an account for me. "Technical difficulties" message.

I got the error as well. Refreshing resubmitted the form and eventually worked.

For what it's worth, the Equifax link is now working and I was able to place the alert. Experian still is displaying the grey "Loading" page.

Equifax link isn't working for me.. After filling in the form and hitting submit, I am presented with a very convenient (for them:

Our system is currently unavailable

We are currently unable to add initial 90 day fraud alert or active duty alert to credit file online. Please try again later or click here to print a request form. If you need to install Adobe Acrobat click here

plot twist: active breach investigation on going with all 3 majors

I'm having issues with it, seems to be working intermittently.

None of the 3 links work for me. How difficult to save data from a form? I'm appalled by the technical capabilities of these crucial service providers..

They very clearly don't want these forms to work. All three fail for me too. Equifax fails with "Additional Information Required" and gives me a PDF form to mail in that has the exact same fields that I've already provided. Experian is stuck on a loading screen. And Transunion says it's unable to process my request based on the information provided.

Yeah, I tried that advice yesterday and none of the links work. They just give some error after you fill them out.

Equifax worked, the other two failed for me

Hopefully saving people some time - Equifax is "unable to process" online requests - which they tell you after your submit the form. And Transunion's website for fraud alerts is currently "temporarily unavailable".

At least thanks to this, there's no need to even check and see if their mobile app still works:


Equifax processed my request OK and gave me a confirmation #. I'd suggest trying again.

Equifax gave me "Our system is currently unavailable".

I was able to setup a 90 day alert with Transunion using the link you provided. It was a breeze to do so. However I noticed that even though I was already signed in to Transunion website, I had to sign in again.

The other thing I found confusing was that the website for doing this was different from the core Transunion website which was also different for Transunion's TrueIdentity website.

Overall, it's simply been confusing trying to figure out what steps to take and where/how to do them to abate negative effects of this data breach. It feels 'weird'/frustrating spending this amount of time/effort to fix issues which are due to someone else's laxity and when it seems like the responsible party is not doing as much but then I guess this is one sure and hard way to learn the lesson - you can't control what happens to you but you can control how you react to things.

Transunion isn't working. The automated phone line sends you to a disconnected number. Enabling a freeze online with them does not work and 404's.

It may be time to start calling Senators.

Good one!

Same issue after entering personal info on application.

These credit agencies have shown how archaic they're operating..

If I'm a criminal who is going to take advantage of the hacked data, and I know everybody is rushing to do the 90 day fraud alert, I'll wait for 90 days before I take action.

It is better to think from THEIR angle.

I was only able to do transunion and only because I created an account, the others failed numerous times. I hate to do another account giving my information out again but since its likely already compromised whats the worst that could happen?

Great! Got a "Our system is currently unavailable" for Equifax. Ridiculous.

I am not justifying this, but I suspect they are putting out fires and being hammered with loads of traffic.

I kinda feel sorry for the people in the trenches who had nothing to do with this. So much overtime and stress.

Anyhow, this doesn't excuse them, nor absolve them. I'm not sure if I'd have the moral fortitude to quit, where I just a peon there.

if none of us sign up for this and then flood the 3 CRAs with real identity fraud incidents, then perhaps they will take things more seriously in the future.

I have spent a very large amount of time over the past few years attempting to correct Equifax's record of my information (all to the now-apparent end of reducing noise in the hacker's data). They somehow had my SSN associated with someone else, leading to a few rejected credit applications.

Equifax customer service reps are very poorly trained. The singular goal of all Equifax employees with whom I interacted was to make me Someone Else's Problem. To that end, they deployed several tactics:

* Telling me I'm calling the wrong Equifax customer service phone number

* Telling me I'm calling the wrong new Equifax customer service phone number

* Telling me to mail in just one more piece of identification

* Telling me they never received snail-mailed documents

* Telling me received snail-mailed documents "were not yet in the system" (over a week after receipt)

* Telling me to fax documents, not mail them

* Telling me the fax number I have is old, wrong, and no longer used

* Telling me the new fax number I have is old, wrong, and no longer used

* Telling me to call the bank providing my credit card, and get them to send my info to Equifax

* Mysteriously hanging up

* Again telling me the identification documents provided were insufficient

Finally I just sat on the phone for several hours with a customer service agent who had not yet discovered the complete lack of consequences for hanging up, asking what additional information would be provided by whatever additional piece of ID they were requesting. It escalated up the supervisor chain a few times, went on hold for half an hour, then I was just suddenly told the problem was taken care of and disconnected.

The problem wasn't taken care of, and the perpetual complimentary credit monitoring service subscription I have from some past data breach other another continued to fail its Equifax enrollment. Finally, a year, later, the problem fixed itself.

This company is trash.

That's what most large call centers are like. When I worked in one the factors in your evaluation were: 1) "handle time" (i.e., time on the phone per customer) 2) callbacks within a set time period 3) customer surveys 4) spot checks of recordings for adherence to company policy. So naturally, if you have a difficult case the most logical thing to do is find some within-the-rules way to transfer the customer to someone else (you couldn't just do this capriciously; the circumstances under which it was allowed were enumerated), where they won't be able to answer a survey for you and they're someone else's problem, or else to put them through a process where they aren't supposed to get an answer for weeks. One popular technique at the place I worked was deliberately needling customers so they'd get upset and ask to cancel or speak to a "supervisor" -- both valid reasons to transfer a call to another department and wash your hands of it. Since your failure to do well on the metrics was tied to a big chunk of your pay you were highly incentivized to game the metrics in this and similar ways.

This is just not always true.

I sometimes have a bad time with a call center but often I call a call center and get prompt and efficient service. If you tar them all with one brush, you are giving the bad ones a pass.

For a very large call center I'd say you're getting prompt and efficient service if your problem is a supported scenario. Something novel and your odds aren't that good.

So what are the ways around that? What were the frustrating loopholes in which reps were forced to deal with the customer's problem?

Well, the cancelation guys and the fake supervisors could grant exceptions front-line reps weren't allowed to so you can probably just ask for a supervisor. Also, considering the amount of abuse many reps get, they're way more likely to do whatever they can to help if you're not rude or demeaning.

Obligatory link to patio11's extremely helpful blog post on how to deal with these kinds of issues:


Rule #1 is never try to fix things over the phone. Do it in writing and keep a record of everything you send and receive.

Yes, I very much wish this post existed during my time dealing with Equifax.

Because I hate these clickbait titles: the author plays phone-go-round, calls four numbers, waits on hold a bunch, gets disconnected, and eventually gets transferred to an "agent" that ends up being a busy tone.

All that was accomplished was that he placed an automated fraud alert, even though his original question was whether or not he was affected by the Equifax breach.

Not click bait at all. The article gives all the phone numbers including the "magical" phone number at the end to get the 90 fraud alert ( 1-800-525-6285 ) including the advise to not make any noise on this call.

The article is fine, the headline is clickbait: "Click to see what the hell this article is about!"

I am tempted to say I am appalled by the utter disregard these credit reporting agencies have for consumers, but I am not really surprised. Coming from a country with a tradition of public institutions, it is amazing to see private credit reporting agencies in US, because this should be a public service from the Government.

The reason they have such contempt for you is that you're NOT THEIR CUSTOMER. Their customers are lenders looking for dirt on you.

The only reason they talk to you, with overt disdain and reluctance, is the government says they have to.

We aren't their customer, but we are their golden goose.

> The only reason they talk to you, with overt disdain and reluctance, is the government says they have to.

They are trying to fix that.

Then you might be really shocked to find out that criminal background checks are often done by private companies, and they don't even have to be licensed. I guess folks have a lot of trouble trying to clear up inaccuracies.

Back to credit checks, the laws are a bit weird as well. Someone can simply pay their bills - phone, power, rent, and so on - on time for years and live within their means... and not be able to get good rates on loans and stuff because they have no credit. However, if they move and forget to pay their last electric bill from their old address, they'll suddenly have bad credit because it will be reported to the credit companies eventually. There is no requirement for the same places to report positives. Oh, and I might mention the actual scoring is a secret, though they'll give tips on improving it (like making sure to have a credit card and actually use it, have auto loans, and so on).

We are not their customers. Average Joe on the street is not their customer. No individual is their customer.[1]

Their customers are other businesses - mainly banks/credit card companies/lenders as well as background checking services. They have no reason to provide customer service to individuals in their database - they are required to provide minimum services by law.

[1] Actually, now some offer "credit monitoring services" to individuals, which are a cash hog because these services are absurdly overpriced and kinda scammy.

>I am appalled by the utter disregard these credit reporting agencies have for consumers

I think you're misunderstanding these credit companies. We (american citizens) are not their customers, we are the product. The customers are the businesses who use them to lookup our credit.

I can tell you that their attitude towards financial institutions isn't different at the moment. I've spoken to very senior people in several financial institutions recently and most of them are angry that they didn't get any more information than the public and get no help in protecting themselves (and their customers) against fraud. The problem is just that you cannot switch providers within a few days. And even those who didn't use Equifax suffer from the breach.

But be assured that their behaviour isn't much better towards the once paying them.

This lines up with my experience with TransUnion.

Called the day after the news broke, and successfully setup a fraud alert on my account using a automated phone system in 3 minutes and 44 seconds.

So thrilled with this easy process, I call my Mom/Dad and instructed them to do the same.

About a day later I call again to do the same process for my wife. Got almost to the end (after giving them her SS#), but then something changed ... TransUnion started listing extensive documentation I had to snail mail to them - it took several minutes for this message to play out, after which I received no confirmation that the fraud alert was successfully activated. It seemed as though I was "kicked over" to the identify theft reporting line, because the documents they asked for seemed like something you would send to them, if your identify had already been stolen.

Called Experian immediately after, hoping their system might be working better. Their automated system failed to even start the process - I gave up.

Now my wife is convinced I gave her SS# to some random stranger. FML

TL;DR: TransUnion telephone fraud alert worked on Monday, but now is fucked.

As soon as I heard about this hack (last friday?), the first thing I did was sign up for LifeLock and set up my accounts. LifeLock was being hammered at the time, but I got thru.

When I got home, I then put freezes thru "the big three", then after reading a couple of articles, on Sunday I put freezes in with Innovis and ChexSystems. I also ran my credit report using TransUnion (leaving me with two more runs from the other two during the year).

That's basically all you can do. You can also do this, I suppose:


I've read anecdotes saying that it's legit and good insurance (but LifeLock already offers a similar thing on the level I signed up for).

I guess part of what I am saying is that the story broke, and there was a small rush, but I got in - then when Monday rolled around and the story grew legs - well, we're now seeing DDOS-like failures...

With responses like this, it's almost like the breach is generating enough business to have been worth it!

> I could set up a 90-day fraud alert that would force creditors to call me — at a number of my choosing — before agreeing to open any new accounts in my name.

This should be the default, for everyone, for free. If banks don't want to do the bare minimum to verify your identity, the liability for identity theft should be on them and not you.

I'm professionally involved with this, so at this point I'm obligated to say that the following is my personal opinion and in no way representative of my employer.

Banks use a lot of information to correlate and verify customer identity. The process is called KYC, Know Your Customer [0]. The problem is that this process relies on exactly the information present in a database like Equifax's. If they did perform verification calls, they would be using the same information to verify your identity over the phone, meaning that anyone with that same information could still impersonate you.

The problem, as often pointed out, is that much of this information is much more akin to a username than a password, but is often used as the latter. I mean, someone with my drivers license has my name, address and date of birth, which is often enough to verify with most systems that don't keep SSNs.

From a technical perspective, modern cryptography would seem to give us some opportunity here. The downside here is that its usage becomes absolute -- you either have the key or you don't, regardless of the reality of your identity. The reality is that identity is a very hard problem, with many confounding issues.

[0] https://en.wikipedia.org/wiki/Know_your_customer

As I understand it, a large number of KYC requirements were enacted with the Patriot Act following 9/11. You raise the interesting point that this breach undermines these KYC rules. In this interpretation, lax Equifax security could be seen to directly empower terrorists.

I personally think a 3-factor system could work, but you'd never get the changeover to happen.

1. The government would have to invalidate all SSN numbers and re-issue them.

2. To re-issue, you have to go down to a govt office to pick up a smart-card like device (let's call it a "multi-pass" for s&g's) that would have built into it a keypad and a fingerprint scanner.

3. This person would validate you as you (perhaps you present your driver's license/id/passport/birth certificate), and issue you one of these cards and a reader device (for home).

4. The card device itself would have a unique value embedded in it, but otherwise be "blank". Perhaps the government might also have a copy of this value matched to your other info, for tax purposes (so, it would act like your SSN for tax purposes and such).

5. This value would come from a one-time programming, where in front of the official, you would scan your fingerprint, and enter your pin. The card would hash everything together, and burn the hashed value into the card's read-only memory.

6. So now - to verify your identity, you would need: The card (something you have), the pin (something you know), and your fingerprint (something you are). If one of these isn't present, you can't identify yourself.

7. To do a transaction, you'd need to slot the card in to your reader (if at home doing something online), or into a vendor's or bank's reader - then put in your pin and scan your fingerprint. It'll hash the values again, and compare with what is on the card, and output (the only output, mind you) "yes" or "no" for the question of "identification".

The downside to all of this is that if you lose your card, or your fingerprint changes, or you forget your pin (or some combo), getting a new card will be tough. But really all it should take would be another in-person visit to the same govt office - more or less.

I also admit that there are very likely other glaring flaws with this idea (beyond the fact that it won't ever be implemented because of the costs to switch over, and other issues). But I think it comes close to a potential solution.

As long as you have to be physically present and always use a reader of some sort, if you don't have any one of the pieces of info, you can't verify your identity:

1) You need the card, if you don't have that - no dice of course.

2) You need the fingerprint that was originally used - that's only going to belong to the person who originally picked and configured the card at the govt office.

3) You need the pin number - presumably only known by the proper owner of the card.

So if the card is stolen, that doesn't matter. If they chop off your hand or finger, that won't help. They'd basically have to beat the pin code out of your, chop off your finger, and steal the card. I'm not saying there aren't criminals who would do that, but they'd have to be in the minority. Plus, such criminals are not likely id thieves anyhow.

I don't think it's as far as a stretch as you believe. The DOD already issues CAC cards which includes:

* A private cryptography key. (Something you have)

* Which is PIN protected. (Something you know)

* With a photo on the front. (Something you are)

Of course, photo identification can't be easily replicated remotely. So remote use maybe only gives you two of the three.

Upside is that there's already existent card readers, along with all the infrastructure required to manage the cards and keys.

What stops the hackers to do this first and give their own telephone number? They have all your details.

The credit agencies already attempt to verify you when you request a credit report ("did you ever live on Main Street", etc.) or put a credit freeze on so it's not a new problem for them.

But this leak presumably leaked all of that information as well.

The problem is using not-secret information as an authenticator.

For sure, I'm not saying this solves everything. I just think it would be a pareto improvement from where we are now.

Exactly why the whole system is broken.

Totally agree. It's hard to believe that this is not the case already.

@patio11 has a great writeup on dealing with Credit Reporting Agencies: http://www.kalzumeus.com/2017/09/09/identity-theft-credit-re...

What is the best way for the American public to start to "escalate" this to the government? It's clearly not even worth getting frustrated trying to deal with Equifax directly, they obviously aren't required to have any accountability to anyone.

One of my senators wrote a respectful note to the FTC asking for an investigation, so I'd assume we are all set (https://www.peters.senate.gov/newsroom/press-releases/peters... ).

Less sarcastically, we need a political reformation focused on effective, pro citizen government, instead of politics focused on holding or reversing the status quo on divisive issues. So good luck.

I really really really wish we would do away with the SSN as the default ID for people. It's just such a really bad system.

It was never designed to be an ID Number and now that's how it is used. We should really go to a different system. I am not a security expert, but I think voting, paying taxes and credit scores would all be much easier than they are now.

Honestly, not sure why people are surprised by this. The company is incompetent and not consumer or customer focused by any means.

Their entire operation is optimized to sell products and services to creditors, with no regard for actual consumers. They are a B2B company. They treat their employees poor, and their call center operations are outsourced to third party firms on a cost-basis whom are poorly trained and purely exist to field consumer contacts as required by law, but not actually resolve any issues.

I truly believe credit reporting agencies need to be heavily regulated and operated as a non-profit consumer institution, similar to the BBB.

I'm not sure the BBB is the best example. You'll find a lot of folks online who don't hold them in very high regard.

While they might be a non-profit, that doesn't mean they aren't still looking for money.

In particular, it's well known that businesses who pay money to the BBB tend to receive a better overall rating score. And conversely, businesses who refuse to pay the BBB tend to have their scores go down.

See: https://en.wikipedia.org/wiki/Better_Business_Bureau#Critici...

Experian's freeze doesn't even work at the moment due to their JavaScript compiled asset getting cut off (unexpected end of input error): https://i.imgur.com/bOGE2Sh.png

I was just looking at that -- then I headed over to Equifax, entered all my info and then: https://i.imgur.com/NmrRg1V.png

Please change the title to something along the lines of "Equifax customer service is ineffective"

Sure thing, we've updated the title to a representative phrase from the article.

I thought there was a pretty hard rule of using the name of the article only, Even when it makes no sense in context. What are the exceptions to that rule?

You're right that there's a strong preference to use the original article title. That said, the guidelines go into more detail under "In Submissions":


In this case I suspect the mods agreed with 'XR0CSWV3h3kZWg that the given title wasn't very good (and not obscure in the intriguing sense, maybe whimsical sense). Personally I find the "I did x. This is what happened"-type quite click-baity. As an aside, I wonder how far one could go using only "this" as a filter for click-bait titles.

Or you could make it even more simple and leave "customer service" out of it.

With experian, I have done the following:

- Call membership number -> makes some noise and then hangs up

- Use their website that they promote in their automated messages -> when trying to set up an alert, it takes you to a loading page that does nothing (looking at the requests being made in the network tab, it fails to load bootstrap and then just sits there, I am able to download the script it fails to download)

- Call automated fraud number -> nothing happens after being transferred to their automated alert system, so I hung up -> called again and waited for a few minutes after being transferred to their automated alert system, finally a voice starts talking asking for info (a dark pattern if I've ever seen one). After going through the process, apparently my info wasn't correct, so they asked me to 'leave a voicemail' with my SSN and DOB, after providing that info, it said they couldn't save my info and to try again, then promptly hung up.

so haven't been able to set up a fraud alert yet

I called Transunion to freeze my account and they hung up on me. 4 times. I gave up.

If we "as the product" actually want to do something about Equifax we should call our banks and demand that they cancel any contracts they have with Equifax.

If enough people do that to make it a national issue, Equifax will at a minimum notice, and possibly go out of business (because no bank will work with them) sending a very strong message to everyone who deals with private data.

Anyone know how to start Viral Activism?

> we should call our banks and demand

Consumers are no longer really customers of the banks, either. Their customers are businesses, investment houses and lenders. Sure, they write you a loan, but they really package it up and sell it off to a lending company. Depositors just provide banks with cash assets to invest.

Are you actually prepared to leave your bank if they don't give in to your demands?

That's what it would take for that to have any impact.

That's when you get some shareholder activists. Even a single stock can give you the right to make some noise.

Let me save you a click:

Different agents on different hotlines bounced him around.

After 30+ minutes, an automated system took his SSN and signed him for a trial. Sort of.

Because they kept getting disconnected from the system, they aren't sure if it actually worked.

Seems Equifax is using the "plug fingers in ears and scream la la la la la" method.

Thank you!

Not sure why you're getting downvoted here.

Hey, thank you too!!

I have no idea either. Luckily it wasn't much, but maybe my tone was off.

It couldn't possibly be my assessment of the story- everyone else commented the same thing!

Maybe the site wants those sweet sweet clicks and time on page metrics :)

From the article:

"We finally got to a point where the system asked for our information in order to set up a 90-day alert. I provided my Social Security number, two phone numbers where I can be reached for verification, and a “please hold while we process your request” message."

What if someone who got a hold of another person's SSN call the number, and gave them a bogus number to contact? Any lender then tries to call the bogus number and they get a "YES, I ALLOW THAT TRANSACTION TO HAPPEN" brings more problems then.

Equifax could have made a system that performs this option and then it would be the person whose SSN has been exposed to provide the authentic number which they can be reached at to alert them of any transaction happening with their SSN number being used.

I think if there was any justice in the USA, a court would declare that the Equifax breach was significant enough that the damage caused is greater than the value of the Equifax company, and the company itself would be taken from existing stockholders and shares distributed among the american public affected by the breach. The company could then continue trading with all proceeds going to the people harmed in the breach, and the employees could then go on to work for the people that they harmed.

I'm not sure there's a legal mechanism to do that.

Honestly, I would have expected it to take hours. 42 minutes is actually not too bad, I've been on hold with my ISP for longer than that.

To be fair, he didn't get the answer he was looking for, so this could have dragged on much longer if he persisted in the phone-only route. I actually would have preferred that instead.

> I've been on hold with my ISP for longer than that

Sounds like it's time for a new ISP. I get impatient with XS4ALL after more than a minute or two, but then they've been spoiling me with sub-minute answering times for years. They scored extremely well in ratings, I figured they went "well we can do a little less well and save some money". Still great service -- but to come back to your situation, 42 minutes is ridiculous. Snail mail is faster at that point.

This was years ago with Time Warner. I've since moved and found much better service, thankfully.

The Washington Post wrote a click title. You won't believe what happened next!

... I didn't click the link on principle.

Haha, Equifax!

Our system is currently unavailable We are currently unable to add initial 90 day fraud alert or active duty alert to credit file online. Please try again later or click here to print a request form. If you need to install Adobe Acrobat click here

If Equifax takes your Social Security Number and a Phone Number to require you to setup any new credit, couldn't the hackers call Equifax and give a stolen Social Security Number of a high profile peerson and hold their credit ransom?


Email your congressperson and complain. This works. It takes time and it takes a critical mass of complaints. Tweet your Congresspeople too.

Why is this hard? Using Twilio, I can make a better voice prompt system in like 20 minutes than a multibillion dollar company has. I don't understand the point of having so many phone numbers.

Propose changing the headline from the current clickbait to "Results of calling four different Equifax customer service numbers" or similar.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact