Thursday, September 14, 2017

All three major credit companies are snowed with credit freeze requests and cannot get them processed

Now all three major credit reporting companies are having trouble processing requests for credit report freezes due to increasing volume, NBC story here.

Equifax has refused NBC's request for an interview.

All the companies say they are authorizing overtime.

Again, consumers need to watch all their financial statements for unusual charges.  The most problematic situation would be when consumers apply for credit (loan) and find incorrect accounts in their names.

As I've indicated here before (Sept. 2006), a mechanism to use NCOA could force automatic notification of all consumers of any new accounts in their names (similar to email verification for lists).  It has not been done.

My own Equifax subscription notification service did work this morning and provided an updated credit report showing no problems (yet).

Keep in mind that criminals could use stolen information many years into the future.

Thursday, September 07, 2017

Equifax lays an egg

One of the U.S. three main credit reporting agencies, Equifax, is reporting a hack that could expose 140 million people to identity theft, info including social security number, birth date, and home address (which conceivably could be used for targeting by foreign agents, although there is some safety in the mere size of the hack).   Milo Yiannopoulos has his own story on this. 

It’s unclear if hackers print credit cards in the names of the people if they would really get anywhere.  Equifax will have to recognize illegitimate transactions in the subject’s name that the subject will never know about or see a bill for.  Equifax says that no credit reports or scores were compromised.
 Does it know?  Can Equifax make the same search of the Dark Web that Experian offers (and that’s even part of “online reputation”)? 

It’s rather amazing, though, to see mortgages and car loans taken out on stolen identities and not getting caught by normal due diligence. But, then again, the 2007 subprime scandal was shocking.

Maybe it would be interesting to “own” a house you don’t know exists.  Enough movie stars own multiple condos that someone could slip one by, and even keep it rented on Airbnb. 

Update:  Sept. 9

Craig Timberg has a speculative article on p A11 of the Washington Post Saturday morning, in which he says overseas hackers could use stolen identities to commit crimes not even imagined.  Presumably he refers to child pornography, sex trafficking, and terror recruiting or money laundering with fake accounts (probably on the Dark Web) in using targets' PII.

One is reminded of risks discussed before, of a computer being infected with a virus depositing c.p., a and discovered by repairmen, a risk covered on these blogs back in the summer of 2013.  In most cases, it's probably pretty easy to prove that a fake account is not yours.  (That's been pretty easy with Facebook and social media so far, because fake accounts prop up and get reported and taken down;  Facebook is getting good at automatic detection of these.)   But there is always the remote risk of having to defend yourself against litigation or prosecution, which could increase when traveling abroad, as well as of job termination.  I have some defense in that I don't have or use P2P (although that would have changed had I hosted anyone like an asylum seeker).  In the end, you are responsible for your own reputation, no mater what.

Update: Sept. 10

Consumer Reports offers this advice.  Note the possible risk to 401(k)'s which should be closely watched.  But larger companies usually have medallion signature and verification policies. 

Tuesday, September 05, 2017

Experian offers Dark Web scan

Experian is offering a Dark Web scan of any username based on an email, at “”I tr.
I tried it and the scan found just four records dating back to 2006.  But the most recent was in December 2016.

Experian usually can’t identify an exact Dark Web source. has also said it looks at the Dark Web.

Experian is offering an identity protection service, but I have Lifelock through AOL.
Experian is the successor of TRW. Which merged with Chilton in 1989.  Chilton had been located in Dallas, the Oak Lawn area (where I worked 1981-1988);  now it is located in McKinney, TX on US 175, north of Plano, as well as other places.