to think they should be legally required to tell you immediately?

[Elphame]

Just had a letter from Equifax the credit reference agancy telling me I need to take immediate action to protect myself.

Apparently they were hacked in MAY and they've only just thought fit to tell me that some of my personal data is in the hands of scammers and fraudsters. I've been at risk for 6 months and only now they tell me and it is now vital I check whether they've been used fraudulently.

It was vital 6 months ago.

I had that letter too, but wasn’t aware of what I could do about it

Are your sure the letter was genuine? Doesn't sound right to me, like you said, why would they leave it six months and not call rather than write?

Nothing we can do - I can't change my DoB and the other data they have stolen but we should have been warned a lot sooner. And if Equifax think for one moment they are getting more personal details from me so they monitor for fraudulent activity....

At least I now know why I had a plague of scam calls to my mobile over the summer.

UserThenLotsOfNumbers It's genuine. Apparently the FCA are now investigating them and they could lose their licence to operate in the UK (unlikely I expect)

www.theregister.co.uk/2017/11/01/equifax_breach_uk_notification/

As I understand it, immediate notifications are a legal requirement in the USA but not the EU as things stand.

Equifax were hacked 6 months ago and it was in the news. It was pretty big at the time.

I went to a cyber security workshop the other day (run by one of the UKs top IT companies) and it was slightly terrifying very useful. Basically a lot of the phishing stuff out there is usually to piece together details that fraudsters need to hack you. So they're trying their luck. Obviously you don't know what information "they" have obtained and how much more "they" need to hack you. So. The best thing you can do is change your passwords online. They showed us a great website called 'how secure is your password' which analyses your password. You want a password that will take a million years plus to crack. To do this you shouldn't use anything familiar to you. So pick say for example your favourite band, say Queen, and then choose a song they like..."fatbottomedgirls" and then you can change some of the characters according to the requirements of the website you are using. You should also make sure all passwords are different. This will limit the chance that anyone can obtain any further information to hack you.

I'm not trying to be patronising at all. I just thought it might help someone. In your shoes I would keep a close eye on my credit report for new things being set up and also any weird emails.

2FA everywhere ...

Maverick mine would take 609 million years according to that
website Halo:

Eek. My most difficult passwords would take 41 years apparently, but some of them as little as 9 hours . Thanks for that Maverik, food for thought! I need to get changing some...

The problem is, different passwords for everything? So that's at least 35 passwords I'd need.
Only way to remember them would be to write them down, which... You know....

I saw the initial reports but didn't know I was affected as I didn't think I'd ever used Equifax. Thinking back I must have used them when I needed to provide proof to my employer that my credit history was squeaky clean when taking up a new FCA regulated position.

Ironic isn't it.

Immediate notification to those affected should be a UK legal requirement too. There is no good reason why it shouldn't be.

I used a password manager which generates unique "passwords" for every site (over 400) I'm on.

Here's 3 for free ...

v6Z67#188Myw!%66HDg0uQa3c#2vlutEUFTysq

LIHaB$szR%dyZCh&2KuoBzLSReusEh5pEt9tJx

RVWFU!!7K%xf33lFn4@!QiuzMKy3h!tkAe8@t6$3

good luck with that ....

That's absolutely dreadful. I hope they lose their license.

Are you all seriously typing your passwords into some random site to see if they are secure.....

Wait... you've been entering your computer passwords into a site, from your computers??

Nooooooooooooooooooo! Even if you completely trust the source.... no! But from an anonymous stranger, on a thread about cyber hacking??!!??!!??

Madeness!!!

Cross post with another sane person

A nifty tool you can run - and subscribe to is "Have I Been Pawned" (dot com)

haveibeenpwned.com/

it will alert you if your email address has shown up in reported hacked databases ....

Waves to sane curious person

Yet another cross post

Wtf are you all thinking giving your passwords up to a strange site on the internet

Quite recently a computer expert has changed his views about what type of password is secure. Because most passwords are hacked using programs, rather than someone who 'works it out' by knowing your habits (eg putting your birthday and first child's birthday together) it is now better to just do a really long one which is a phrase, and do away with the numbers, capital letters etc. Longer is better now ..... apparently.

Quite recently a computer expert has changed his views about what type of password is secure.

A good start is a unique password for every site. Remember, the moment you hit "Enter" you have no idea where that data goes.

And (as previously said) turn on 2-Factor-Authentication everywhere. (And don't use a bank or financial service that doesn't provide it).

I keep all my passwords written down, by hand, in a little old fashioned paper address book which never leaves my study. Hackers don't normally work by physically entering your house and rooting around!

To be honest, if I used a unique password on every website I would be locked out of everything forever.

I have unique ones for my banking websites, and they use 2 factor authentication.

I have a selection of passwords that I use for 'types of sites'. But that's as far as it goes.

What's the point of things being so secure that even I can't get into them???!!!