I ran into a login error on Transunion, and the password recovery wizard wouldn’t accept my info. When I called, TU reported that my account had also been taken over by a Yahoo! email address that wasn’t my own. Unlike Equifax, however, this time I was able to get the email address.
When I asked Transunion if they could investigate this and/or coordinate with Equifax, they said they don’t have any ability to investigate fraud like this. I found this ironic given that they are supposedly in the business of protecting consumers from fraud. Instead, they recommended I try to contact the police but acknowledged it would be difficult to catch the person.
Thanks. This was very helpful. I had no idea it was even possible to get a new SSN. Mind if I ask:
- Did you find any 3P services like AllClear ID compelling/useful? Sounds like Consumer Reports isn't a fan of these types of services vs. self-monitoring.
- You mention snail mail > phone. What about email?
Yeah, new SSN is possible but they don't tell you what qualifies you specifically (although they give guidelines) and what doesn't. I have heard it is very random and you really have to present a compelling case to get one, but just depends on how you present it to them.
As for the services, I keep fraud monitoring on from the three credit bureaus now and I have never tried them but I think their product is essentially the same, maybe a few added features here and there but nothing you can't do yourself if just take the time and setup alerts. The only thing that is frustrating to me (but a price you pay for security and piece of mind) is that every time, and I mean every time, someone tries to run my credit I get an alert and if it is me trying to do something (i.e. last year I made changes to my car insurance) I have to authorize the transaction with the credit bureau before it will go through. The more frustrating part is that some companies will just outright deny you and not to you the reason right away so you can't tell them to hold on a second let me fix that and call the bureau to approve the transaction so it goes through.
As for snail mail vs. email. Never tried email. I spoke with a lady at the FTC (they handle FCRA enforcement) and she told me that anytime I needed to get something done or changed to use certified snail mail so I always had a record of exactly when it was sent and when it was received. The credit bureaus have 30 days from the time they receive a letter to correct the issue and/or respond with why they can't. My understanding was that certified snail mail shows them you are serious about enforcing the timelines and makes their antiquated processes actually turn a little faster. :) I honestly never tried email and just went off what that lady told me. After my initial communication with the state attorney's office I had a contact and any mail I would send to the credit bureau I would also send a copy to them as well. I always put at the bottom of my letters that I was copying the state attorney. Mainly I was trying to use it as a scare tactic to get the credit bureaus to act positively and quickly.
I still don't understand why the credit reporting agencies make it so difficult to communicate with them regardless of method. They have so much control over your personal information and how it is used yet they want nothing to do with helping you get things fixed.
3 days later, on May 31, I received a reply that Equifax was unable to locate the account, and requesting further information. I replied providing this information. I received another reply from Equifax saying they could not find the account, closing the ticket, and asking that I call in for support.
That same day (today), I called in and was connected to the Personal Solutions department. I briefed the representative, Mike, on the background of the situation and asked if there was a fraud or security department that could investigate this. I was told no, and the closest department was Disputes, which was closed on weekends. I indicated that if there was a hacking involved, this might be time-sensitive, and could affect other Equifax accounts. I was told there was no other way to get assistance.
I verified my identity with <rep_name>, who created a new account for me, and was able to view the email change history, but said he could not release the email address that the account had been changed to.
I requested 6 times to speak with a supervisor and was deflected each time. After 1 hour and 15 minutes, I was put on hold for 15 minutes, then connected with <supervisor_name>, the supervisor.
<supervisor_name> was helpful. She marked the account for investigation and indicated that it would take 7 to 10 business days. I asked if this could be expedited and she said sometimes it could occur more quickly but there was no guarantee.
> I indicated that if there was a hacking involved, this might be time-sensitive, and could affect other Equifax accounts. I was told there was no other way to get assistance.
That's typical. A long time ago, I received an offer to sell me 100k stolen credit cards, complete with phone numbers and zip codes of the card owners. This was before the era of mega breaches and so 100k was a pretty impressive list size. The offer included a sample of 10k cards. I did some investigation and was able to determine that the sample, at least, seemed to be legit.
I then contacted the credit card companies, figuring they would be interested in this. I figured they would take the samples, analyze them to find out the common factors to identify where the cards were stolen from, and then flag those cards, and the people they were stolen from and the merchants they were going to be fraudulently used at would be protected by the next day.
Boy, was I wrong.
This was a Friday and it was after 5 PM. The best I got was one card company gave me an email address that I could mail the 10k sample cards and the information about the offer for 100k cards to, and someone would look at it Monday.
I also tried law enforcement. The FBI suggested that I call the Secret Service. The Secret Service was not interested.
I mailed the information to the email that the one credit company provided, and gave up trying to get someone interested.
I am deeply concerned that my account - and possibly Equifax itself - has been hacked, and would like to request the following:
- Please expedite the investigation into this intrusion.
- Please release the email address that the account was changed to, so I can investigate this. Otherwise, please work with the email provider and authorities to locate the person who breached my account.
In addition, I would like to request that Equifax please fix it's protocol for handling this type of situation. For instance:
- In the original email notice, Equifax asked me to email back if the change was not initiated by me. I did, but no one responded for 3 days, and when they did, they did not act on the information and instead closed the ticket. When I called, I was told I should call back during a weekday. Equifax should treat this as a security issue and act quickly, and have a way for issues like this to be addressed immediately instead of waiting days.
- <rep_name> didn't have anyone to transfer me to. Equifax should have a phone number or email to report fraud - not outside of Equifax, but affecting Equifax's systems.
- <rep_name> didn't have access to my full account info and was unable to release any information that would help me investigate this fraud. Equifax should have an escalation process for situations like this. Ideally, Equifax should investigate potential breaches; and if they are unable to, should release information to the user to help the user investigate breaches on their account.
I'm the author of this website/article, and I have an important update. I added this Epilogue to the website tonight:
--
I created this website two days ago, and during that time, have witnessed 100s of comments on Hacker News, TMC, Twitter, and more. In the middle of all that, electriclove on Hacker News found an important bug in the model: The Ody PV line was adding in fuel costs from another car. (This, IMHO, highlights how valuable the Internet is for discourse and fact checking.)
I updated the model and the result is as follows:
- Tesla Model S: $40,151
- Honda Odyssey: $37,235
The end result is greater parity between the depreciation and cash flow models; and the edge goes to the Honda Odyssey by $3K, or about $375/yr over eight years. If I had more time, I might try to quantify the value of the safety edge for the Tesla (Travis calculated this to be about $500/yr), HOV lane access, or other features. In the meantime, I double-checked the formulas on the other cars - they appear to be correct. However, I continue to invite folks to continue to look at and provide feedback on the model.
Good eye, electriclove - there was an error in the spreadsheet that was adding in fuel costs from another row. I updated the spreadsheet. It results in a pretty big change. I'm going to update the website.
Tesla offers the option to purchase 4y of maintenance for $1900, which I included in the model, vs. $600/yr. The options are nearly economical neutral, but I plan to do at least the 1st 4y option. Maintenance also includes brake pad replacement.
I did not include tires or insurance - either for the Tesla or for the other vehicles (Ody, BMW, Volvo). I also didn't include the financial value of safety (though Travis attempted to on the cash flow model), HOV lane access, cargo space, etc.
On the battery, based on the research I've read from existing EV owners, and from my experience as an EV owner for 3y, I'm expecting around 85% of my battery to be available in 8-10y. If a battery swap option is available, I plan to do it around year 15 or so (i.e., ~2030).
Why didn't you include tires or insurance? Tires for a Tesla (especially with the larger-wheel packages) will be enormously more expensive than those for an Odyssey, and the car will wear them out much more quickly.
On a low maintenance gasoline engine (i.e. not VW/Audi), consumables like tires, brake pads+rotors, dampers, wheel bearings, ball joints, and so on outweigh the ICE specific costs like oil filter and change, spark plugs, serpentine belts, timing belts, and water pumps by a decent margin, doubly so if the engine has a well engineered timing chain system and thus doesn't require an involved timing-belt service.
Plus, an electric car still has plenty of moving powertrain parts like water pumps and valves that could fail, and we don't know if that will happen yet.
Tesla are at a huge advantage in this department, though, because they've accustomed their clients to being tracked at all times and their cars are all serviced at Tesla-owned service centers. That means that if any failure patterns become evident, Tesla can summon their owners to have the issue fixed proactively before it becomes a problem. I love this model and do think it adds a lot of value to the Tesla, but whether or not they can sustain such a program at scale remains to be seen.
Feel free to play with the annual mileage figures on the model. For my family's situation, I played around with it with mostly either 12K or 15K annual miles.
I forgot to write about this on www.teslacost.com, but one reason I didn't consider the Model S early on is b/c it's RWD and I wanted AWD for Tahoe and the like. Then I saw the above video.
There is no way a car with only the ability to power the rear wheels can compare to an AWD drivetrain.
Even with the ability to pulse/modulate the brakes and keep the car from spinning, it will only prevent sliding off a cliff by taking you around that corner at 8mph (notional absurdly low speed here). That is because it will only be able to use the braking + lateral portion of the front tires available grip. If there is no need for braking, just lateral grip which isn't going to be much on a poor snowy road, anyhow.
The rear tires have to work doubly as hard in this scenario as well - they have to maintain lateral grip while accelerating (or simply putting power down enough to maintain speed).
A true AWD (or 4x4) would be able to use the acceleration and lateral grip, meaning, the tire can be accelerating and turning. This takes the load off the rear wheels for putting down engine power. Thus, to move at the same speed, the rear tires only have to use much less of their available grip for acceleration and can concentrate on lateral grip (not fishtailing/oversteer situation as above RWD would). An intelligent AWD system will transfer power to whatever wheel has the most grip as well.
You need to factor a set of good winter tires in the Tesla sizes into your cost model, then.
The stock tires on the Tesla and even most all-season options are woefully insufficient to make the Tesla safe in the snow, although its favorable weight distribution vs. other RWD cars does help some.
When I asked Transunion if they could investigate this and/or coordinate with Equifax, they said they don’t have any ability to investigate fraud like this. I found this ironic given that they are supposedly in the business of protecting consumers from fraud. Instead, they recommended I try to contact the police but acknowledged it would be difficult to catch the person.
Any recommendations for how to catch this person?