There's a line in the new Equifax fine print that's raising eyebrows

Yahoo Finance ^ | 09/08/2017 | Ethan Wolff-Mann

[DFG]

Credit reporting agency Equifax reported a massive security breach on Thursday. The breach may have exposed Social Security numbers, driver’s license numbers, and other important personal information that has left 143 million US consumers vulnerable to ID theft.

Equifax immediately offered a complimentary ID-theft monitoring program called TrustedID. However, blowback ensued quickly on Friday as the TrustedID terms of service require users to waive their right to sue or join a class action lawsuit to receive the monitoring.

An Equifax spokesperson said the waiver “applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.”

‘The language is broad’

[TheNext]

I thought you cannot sign away your rights.

Sign away your right not to be murdered, enslaved, tortured, suicided, bet that you cannot.

[windcliff]

Good info.

[TADSLOS]

Corporate Lawyer weaseldickery in action.

[Wolfie]

According to the news I just saw, they found out about the breach on July 29, and sat on it until yesterday, during which time top Equifax execs sold off their stock.

[TheCipher]

They asked me to input my last name and the last six digits of my social security number, saying that was what they needed to see if I was potentially vulnerable.

A nice way for a phishing site to steal someones identity. Knowing the last 6 digits, only gives about 600 combinations for them to try to get a correct one.

[AnotherUnixGeek]

Equifax immediately offered a complimentary ID-theft monitoring program called TrustedID. However, blowback ensued quickly on Friday as the TrustedID terms of service require users to waive their right to sue or join a class action lawsuit to receive the monitoring.

Before folks try to enroll in Equifax's web site - read this excerpt from this article:

"What's more, the website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat."

Equifax should be held financially responsible for the years of damage this is going to do to millions of people. Over half of all people with a credit history have had their information - name, date of birth, SSN, address - stolen by criminals. It took Equifax 5 weeks to even tell anyone this had happened, and during those 5 weeks, Equifax executives cashed out millions in stock. And they can't even set up a properly secured web-site for people to find out if they've been affected by Equifax's irresponsibility - these are the people holding our personal and financial information. People need to go to prison over this.