In 2017, there was a security breach at the credit reporting firm, Equifax. This breach was significant news at the time, and by 2019 the company agreed to a $425 million settlement of several class action lawsuits. They offered credit monitoring or a cash award of up to $125. At the time, I recommended the former.
In the closing days of December 2022, Equifax began to issue those cash awards. Many people found the amount they received laughable (e.g., most claimed to receive less than $10). However, scammers immediately went on the alert and into action. The website DomainTools.com reported several new domain names, which closely resembled the legitimate one, had been registered in just a few days. The valid website name is equifaxbreachsettlement.com. Fake versions include equifaxbreechsettlement.com, equifaxbreachsettlementbreach.com, and equifaxsettlements.co.
If you get an email notification about payment, do not click on the link in the email. It would be best if you went directly to the legitimate website and manually entered the keycode shown in your email. These instructions also apply if you get a letter in the mail.
Of course, because everyone’s information was made publicly available, scammers know who you are. If you get an email that seems slightly off and want to learn if it is “real,” please forward it to me for verification. Doing so is not an intrusion on my time. I would much rather spend a minute or two to review the contents of an email, than spend several hours — or days — working to restore your stolen identity.
Thanks, and safe computing!
At the end of July 2019, most of you probably heard about a data breach at Capital One. More than 100 million people in the United States and Canada were affected by this event. Thankfully, as of this writing (mid-August), very little of the information was made available to the normal group of bad actors who dwell in the Dark Web. This breach was simply the work of a zealous former Amazon Web Services employee who knew that there was a way to access the data. Pretty freakin’ scary!
To make matters worse, the woman who performed this hack had also obtained information from other organizations. Somehow she made the monumental mistake of publicizing those details. I’m not sure what — or even if — she was thinking. But the fact that someone has the wherewithal to accomplish these feats of what most of us consider the “dark arts” of computing is supremely unsettling.
Why anyone would want to subject themselves to the notoriety of having accomplished this act, when there was no useful purpose, confounds me.
Around the same time, the Federal Trade Commission concluded its work with Equifax and fined them close to $700 million. Almost immediately afterwards, so-called “consumer advocates” started a loud chorus of “Sign up and get your $125 from Equifax!” on news stations and social media.
They did this without telling people the “fine print” of the FTC agreement said there is only $31 million in that particular reward pot. So if just half of the more than 146 million affected individuals filed a claim, each one would end up with about 42 cents. That is sheer stupidity!
The best approach for dealing with this debacle is to sign up for the free credit monitoring that is being offered. It is supposed to last for 10 years. Do that here: https://www.equifaxbreachsettlement.com/file-a-claim.
Even though other forms of free monitoring are available, you usually only get one year. It is in your best interest — given the extent of the potential damage caused by the Equifax breach — to take the longest possible term of protection available.