Credit reporting firm Equifax says data breach could potentially affect 143 million US consumers

Bankers anxious over consumer reactions to Equifax breach

 

Equifax board hired law firm WilmerHale to review breach and early August stock trades

 

"...Dispute between Equifax and Mandiant widened attackers' window of opportunity...

'The hackers were finally discovered on July 29, but were so deeply embedded that the company was forced to take a consumer complaint portal offline for 11 days while the security team found and closed the backdoors the intruders had set up,' according to Bloomberg, which claims to have reconstructed the attack via interviews with people involved in the investigations being conducted by both Equifax and the FBI.

It suggests that the attack coincided with a dispute between Equifax and Mandiant, one of its security partners brought-in to help deal with a different security problem, just as the attack was getting underway. Equifax accused Mandiant of using the classic consulting sales trick of using the A-team to sell its services and sending in the B-team after the contract was signed.

This dispute led Equifax to ignore the initial results of Mandiant's work indicated "unpatched systems and misconfigured security policies" - although these claims might equally indicate backside covering on the part of Mandiant..."

https://www.computing.co.uk/ctg/new...rsonnel-management-hack-of-2015-claim-reports

 

Equifax Warned About Vulnerability, Didn't Patch It: Ex-CEO

http://www.securityweek.com/equifax-warned-about-vulnerability-didnt-patch-it-ex-ceo

 

As current Mandiant Geeks would never lower themselves to respond to the Equifax libel, allow me to do so.

A Mandiant team consists of a bunch of Folk: there are Rookies to do the grunt work and observe how their Betters operate, there are experienced Blackhats turned White to do the analysis, and there is a Team leader to Rule Them All. Never Ever (never ever) is there whole Team composed of "B-listers". Never Ever. Normally modesty would stop me from admitting that the M team leader will be the smartest Security person that ever condescended to speak to the Board, but sometimes you have to call a Spade a Spade.

Sadly those in power in the company realize that the cost of remediation often will exceed any subsequent penalty (and the CEO will always throw himself on a Golden sword); also there is the knowledge that (if the company is publicly traded) the Stock price will rebound shortly after the general public forgets about the breach, thus providing another opportunity for insiders to profit mightily from the despair of the Great Unwashed.

My advice- set up a brokerage account with the ability to buy Options. Next time you see a major breach of a Company wait a week, mortgage everything you own and buy long term options on the stock. You will have a vacation house on the beach in Barbados in short order.

 

Former EFX CEO Smith testifies before The House Energy and Commerce Committee at 10:00 AM.

Can watch it here:

https://www.c-span.org/video/?434786-1/former-equifax-ceo-testifies-data-breach

 

From the currently ongoing Congressional Hearing on Equifax

The former music major CSO has "been unavailable" to supply information -- hmmmm

https://www.c-span.org/video/?434786-1/former-equifax-ceo-testifies-data-breach&live

Maybe she's been in Paraguay or something.

Shows a lack of aggressiveness by The Sub Committee Chairman-- if he really wanted to speak with her or compel her to testify a suboena could have been issued.

 

Identity Theft: The Aftermath 2017

 

FYI:

The video of the Equifax House Committee hearing, available Live now, will be available for up to 24 hours after The Hearing closes.

https://www.c-span.org/video/?434786-1/former-equifax-ceo-testifies-data-breach&live

 

Thanks @compleo

Not a pretty picture :-(

 

Seems that the number has increased from 143 million The credit reporting agency said that the confidential information of more than 145 million Americans has potentially been compromised

 

IRS awards contract to Equifax

"Lawmakers on both sides of the aisle blasted the IRS decision."

http://www.politico.com/story/2017/10/03/equifax-irs-fraud-protection-contract-243419

 

Those in the IRS who proposed this contract be sole sourced to Equifax and those who approved it should be taken to task by the Secretary of the Treasury. This decision shows a lack of due diligence and absolute ineptitude at the IRS. The IRS commissioner needs to step in , step up or step aside. His silence is deafening. The cozy relationship that Equifax has had with the IRS should be severed. The Lawmakers and The Treasury already have 145.5 million reasons to act post haste.

Lawmakers should also be blasted for allowing SSNs as a proof of identity outside of the SSA distribution of government services. SSNs are no longer a trusted ID due to the breach at Equifax. Consumers (that word for citizens today) are in desperate need of a solution. There is no solution being proposed for this right now and it gives the impression that the government does not know what to do or how to go about it. Where is the urgency? This will prove to be a major security faux pas on their part.

 

Former EFX CEO Smith now testifying live before Senate Banking, Housing and Urban Affairs Committee (Yesterday was a House of Reps. Hearing)

https://www.c-span.org/video/?434469-1/former-equifax-ceo-testifies-senate-banking-panel&live

Video will also be available after the live hearing.

 

Well, the word "horror" just sucks you right in, lol. Of the 6 listed, though, I found #5 (a state-sponsored act) to be the most "horrifying." The other five to me appeared to be teetering if not toppling over into criminality and shouldn't go un-punished/prosecuted. Come on! Let's start breaking some of those barriers money and power automatically buy. Enough already. Our personal info has already been stolen, bartered and sold as it is.

 

And Now!! For our next trick to Amaze and Enthrall you!!
The Great, New World Orderonzo will get the entire US Adult population to accept!!
Wait for it!!
Drum roll ..
Yes!! You guessed it!!!
He will make happen before you very eyes, the entire US Adult population accept and embrace,
!!!Biometric ID Authentication!!!
Without barely as a wimper from the civil rights organisations!!

 

The Equifax Congrssional Hearing of The Day

Former EFX CEO Smith testifying live now before The House Financial Services Committee

https://www.c-span.org/video/?434964-1/former-equifax-ceo-testifies-data-breach&live

Video will also be available after the live hearing.

 

https://www.cnet.com/news/equifax-trump-white-house-official-replace-social-security-numbers/

 

@Minimalist. Nice find.

My new hero - NSA's onetime top hacker, Rob Joyce.

 

Hmmm well perhaps I was wrong on this one. I was looking at the Equifax breach as the identity theft "Pearl Harbour", or "9/11" that would be used to push the biometrics or facial recognition technology that a great many people currently feel uncomfortable with, into mainstream use.
Rob Joyce is talking about a far more acceptable solution so I hope his ideas get the government backing they will need.

 

Someone dressed like the Monopoly guy is photobombing the Senate's Equifax hearing

 

However, Smith had an interesting explainer for how this easy fix slipped by 225 people’s notice — one person didn’t do their job.

 

Senators call on IRS to halt contract with Equifax

 

“I would encourage TransUnion and Experian to do the same,” he said, referring to Equifax’s primary competitors. “It’s time we change the paradigm and give the power back to the consumer to control who accesses his or her credit......................”Experian’s response came about six hours later: Go pound sand.