Originally Posted By: pbm
Originally Posted By: Reddy45
The problem with this breach is that the information is useful to the bad guys for the rest of time. Unless companies start using some extra piece of private information to approve credit, then you have to keep credit freezes active for the rest of your life.
And on a side note, nobody has yet proven that this information is in the hands of malicious individuals, so the panic it is causing could be unnecessary. Not saying we are safe, but I have concerns about "taking action now" when there is no hard proof of an actual threat yet.
I would imagine that the hackers are "malicious individuals"....why else would they bother hacking the info?
They could have hacked for the sake of doing the hack - bragging rights or intellectual curiosity. Alternatively they could have done the hack to hold the data ransom in exchange for money or other resources.
These details are not known or aren't exposed so we cannot positively say that the breached data is in the hands of people who plan on doing fraudulent tax returns or opening up credit cards.
It is very common nowadays for malware to not destroy your data but to encrypt it and put it up as ransom for Bitcoin, which is why I do not believe that anyone smart enough to exploit an Apache Struts system for this data would simply use the data at face value.
For all we know, the hackers could have notified Equifax officials of the breach and given them a chance to buy it back for a large amount of money.
So to go back to the original point -- there is nothing wrong with putting a freeze on your accounts and going into full defense mode, but we don't know if or when they'll strike.
We simply don't have all the details for anyone to make a strategic decision.