Credit reporting firm Equifax says data breach could potentially affect 143 million US consumers

Discussion in 'other security issues & news' started by ronjor, Sep 7, 2017.

  1. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    101
  2. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,102
    Location:
    Triassic
    A single point of failure was the explantion for the fiasco at Equifax, so testifies Smith. Considering that Smith is referring to an Enterprise level IT infrastructure and not Aunt Agatha's book-keeping business, I am not convinced. I'm leaning more toward scapegoat theory.

    - Scapegoating serves as an opportunity to explain failure or misdeeds, while maintaining one's positive self-image.

    In other testimony Mr Smith tried to convince the Hearing Members that a credit lock is similar to a credit freeze - he said they only differ in complexity. This is a half truth. The credit lock is a contract the consumer has with the credit company (subject to their T+Cs). With a credit freeze, the consumer is protected under the Law. He neglected to point out that the credit bureau's customers (and ID thieves) can still get consumer info even when a credit lock is in place. Not so with a credit freeze.

    As far as regulation can not fix stupid: All the credit bureaus have a business model that is based on abuse of power. Regulation might not fix stupid, but it can be written to protect the innocent and punish the stupid.

    How to really fix stupid: Make Security a CEO deliverable - failure to do so hits their performance evaluation, salary and bonus packages.
     
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
    "Equifax hack exposed nearly 11M driver's licenses

    Driver's license data for around 10.9 million Americans were compromised during the breach of Equifax Inc.'s systems, according to people familiar with the matter...

    In recent weeks, Equifax has told [Its] customers, mainly financial institutions, that the driver's license information for 10.9 million consumers was accessed, the people said...

    Equifax didn't immediately respond to a request for comment.

    The disclosure of driver's license information could give hackers even more information to use to try committing fraud...

    People who had given driver's license information to Equifax were in many cases doing so as a way of verifying their identity with the company. This in some cases happened when consumers were using a webpage meant to resolve disputes about credit-report information..."

    http://www.marketwatch.com/story/equifax-hack-exposed-nearly-11m-drivers-licenses-2017-10-10
     
  4. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,102
    Location:
    Triassic
  5. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    875
    Yes they can but the problem here is not stupidity. The real problem is the data they hold is not only used for credit check purposes therefore if they created a sha-2 hash of each customers name and social security number and used it to index each customer, even THEY would not know who each record belongs to until the customer is applying for credit. That is obviously not what they want.
     
  6. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,838
    Article at Ars Technica - 12 Oct 2017
    https://arstechnica.com/information...n-this-time-to-redirect-to-fake-flash-update/

     
    Last edited: Oct 13, 2017 at 9:33 AM
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,383
    Location:
    Ontario, Canada
    Adware Hits Equifax Website: https://www.pcmag.com/news/356736/equifax-website-hacked-again

     
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,838
    Update on that ArsTechnica article:

    The article has been updated several times, and the title of the article has been changed.
    The title is now: "Equifax website borked again, this time to redirect to fake Flash update".

    Quotes from the article:


    And ArsTechnica published a message from Equifax :
     
  9. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,838
    Daniel,
    Don't forget this part of the ArsTechnica article:

     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,383
    Location:
    Ontario, Canada
    Last edited: Oct 12, 2017 at 6:55 PM
  11. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    24,225
    Location:
    U.S.A.
     
  12. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    101
  13. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    101
  14. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
    "Equifax pulls customer service page, cites vendor's software

    Equifax said Thursday that problems with an online customer help page were caused by a vendor's software code and not by a cyberattack on its systems...

    Atlanta-based Equifax issued a statement later Thursday blaming a third-party vendor it uses to collect website performance data. The 'vendor's code running on an Equifax website was serving malicious content,' it said..."

    http://abcnews.go.com/Technology/wi...-service-page-cites-vendors-software-50449740

    The Blame Game --"Equifax issued a statement later Thursday blaming a third-party vendor"

    > So whose responsibility is it to vet third-party vendors that Equifax uses to collect website performance data ?

    > So whose responsibility is it to assure that Equifax's web pages are not serving malicious content ??
     
  15. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    875
    Obviously anyone but them. I'm surprised none of it is the customers fault yet.
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    60,865
    Location:
    Texas
    IRS reportedly suspends $7.2 million Equifax contract

     
  17. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,073
    Location:
    SouthCentral PA
    Probably a dumb question and I apologize if this has already been asked. Can a person have BOTH a security Alert and a Freeze at the same time at the major 3 (or now 4?) credit agencies without messing things up having both at the same time; will one of them be cancelled?

    Thank you all, Acadia
     
  18. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    101
    To add to your question, how about an alert, freeze & a locked simultaneously?
     
  19. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
    "Equifax's Website Redirected People to Malware Thanks to a Compromised, Years-Old Plugin...

    On Friday, the Wall Street Journal reported the problems with the site began because Equifax was still using a defunct web analytics plugin called Fireclick which had since been taken over by scammers.

    Malwarebytes Corp. researchers investigated the matter and discovered that Digital River, the company which made Fireclick, discontinued the service in mid-2016 and subsequently released the Netflame.cc domain where it was hosted. That domain was subsequently acquired by scammers and used to host 'fraudulent online surveys, adware and software designed to steal online-banking credentials,' Malwarebytes analyst Jerome Segura told the Journal, adding that he had discovered a similar security hole on competitor TransUnion’s Central American site..."

    https://gizmodo.com/equifaxs-website-redirected-people-to-malware-thanks-to-1819474245
     
  20. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
    OT:

    "[Equifax] Credit agency mistakenly sends 300 confidential [credit] reports to Maine woman...

    'I checked my credit report the other day online with Equifax and the next thing I know I have 300 pieces of mail sitting in my mail box,' Manning explained.

    She was waiting for her credit report to arrive, but instead, she got other people’s credit reports.'..."

    http://bangordailynews.com/2015/03/...ends-300-confidential-reports-to-maine-woman/
     
  21. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,073
    Location:
    SouthCentral PA
    Oh, but this would be hilarious if only it weren't so sad, pathetic, and important.
    Acadia
     
  22. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    101
  23. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    875
    Wall Street had a bonanza. As soon as the breach was revealed everyone who wants to profit from it dumps their stock at $140, watches the price for the slowdown in the fall buys it back again at $110. Money for nothing.
     
Loading...