by Dave Moore, CISSP
10/31/2021
The more I study the subjects of computer networks, the Internet, and the exploitation of sensitive personal information by governments, businesses and Internet crooks, the more I am convinced I am not being overly-dramatic by using the word “catastrophe” to describe the situation.
Truly, an epic disaster is upon us, and unless people start taking the situation seriously, there is not much relief in sight. The disaster has been building for many years, but many people never started waking up until the Great Equifax Hack of September, 2017.
When I first wrote about the Great Equifax Hack for The Norman Transcript (“Take action, the Equifax hack may be ‘the big one,’” Sept. 17, 2017), I already knew the situation was bad. The cavalier ways in which data brokers ignore basic information safety rules, store our private personal, medical and financial data and then sell it to whoever can pay are well known to security professionals.
The ease with which the data broker’s lousy security measures can be penetrated by skilled bad guys is stunning. As I delved deeper into the situation, I realized it was much worse than I thought, prompting me to write a second column, “Equifax hack update: there’s more to do,” Oct 15, 2017.
I then took on the intimidating task of learning as many effective, practical ways that everyday folks can protect themselves as possible to against those who seek to plunder and exploit our personal information.
After two weeks of turning the Internet upside down to see what would fall out, I assembled a list of 16 companies to contact, both to find out what private information is already being exchanged, and to hopefully slow down the advancing hordes of Internet criminals who seek to join the global information exploitation profit party in a less than legal way.
I ended up with a list of 16 companies. Many people hire me to take care of this list for them. It is not an inexpensive proposition. After I requested my personal reports from all sixteen companies, I ended up with a stack of printouts about six inches high.
Should you decide to take the do-it-yourself approach, and are willing to invest a boatload of time, this list should point you in the right direction. Among numerous other sources, I used information from Consumer Reports magazine and the Privacy Rights Clearinghouse to assemble this list.
Credit Bureau freezes. You need request reports from, and “freeze” your accounts at, all four major credit bureaus. Yes, contrary to public opinion, there are four major credit bureaus, not three. They are: (1) Equifax, (2) TransUnion, (3) Experian, and (4) Innovis.
Thanks to changes in federal law, credit “freezes” are now free, costing you nothing. Do not be tricked into going for a “lock;” you want a “freeze.” Unlocking them is free, also.
Consumer Bureau (different from “credit bureau”) reports and freezes. Not all of these companies will have a report on you, but many will. You want to check for suspicious activity, regardless.
(5) Chexsystems, www.chexsystems.com (6) Certegy, www.askcertegy.com/FACT.jsp (7) Early Warning Services, www.earlywarning.com. (8) First Data Telecheck, www.firstdata.com/telecheck (9) Cross Check, www.cross-check.com.
(10) MIB Group, www.mib.com (11) Milliman IntelliScript, www.rxhistories.com (12) ExamOne/Quest Diagnostics. Phone requests only. Call 1-844-225-8047, request ExamOne ScriptCheck Prescription History Report (13) LexisNexis, https://personalreports.lexisnexis.com (14) Verisk. Request A-Plus Loss History Report. Requests by phone only. 1-800-627-3487.
(15) National Consumer Telecom & Utilities Exchange (NCTUE, “housed and managed by” Equifax) www.nctue.com/consumers and www.exchangeservicecenter.com/Freeze (16) LexisNexis Accurint Individual Access Program, www.lexisnexis.com/privacy.
Remember, to avoid being eaten by the lion, you don’t have to run faster than everyone else in the herd; you just have to run faster than the guy behind you.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org