Credit reporting firm Equifax says data breach could potentially affect 143 million US consumers

Discussion in 'other security issues & news' started by ronjor, Sep 7, 2017.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,982
    Location:
    DC Metro Area
    Last edited: Sep 11, 2017
  2. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    78
    New to me, it's from Experian.
     
  3. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    78
    I scanned my e mail addy & it stated that it might take 24 hrs. It took less than a 1/2 an hour.

    Here are the results, "
    Your email was not found on the Dark Web
    We looked back to 2006 and found 0 records exposed at this time

    But it also shows this, well surprise surprise, there is a catch.

    EXPERIAN.JPG
     
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,982
    Location:
    DC Metro Area
    KK

    Thanks @compleo :)
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    60,676
    Location:
    Texas
    The Equifax Breach: What You Should Know

     
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,654
    Scanned mine. Only took a few minutes. Mine was found there ugh. In just October of last year.
     
  7. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,089
    Location:
    Triassic
    What about accountability'? Our law makers are merely huffing and puffing. Some call it manufactured outrage.

    https://www.nytimes.com/2017/09/11/opinion/equifax-accountability-security.html
     
  8. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,070
    Location:
    Toronto, Canada
    Great stuff as always from Brian Krebs.
    Link: https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/

    Ayuda! (Help!) Equifax Has My Data!
     
  9. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,982
    Location:
    DC Metro Area
    Equifax's incompetence appears to be endless. But the simple fact is they don't care much. So what if they have to shell out $500 MIL in free services, fines, class action awards, fines, penalties -- all unlikely. It's just a cost of doing business. "Chump Change." Equifax today has a market capitilization of over $13.6 BILLION USD and an earnings per share of $4 + and is a member of an established oligopoly of three

    I see some Congress critters calling for dog and pony show hearings, talk of imposing regulations, but even if we see new regulations IT"S TOO LATE. Irreperable damage has been done for decades to come. I don't see any talk of establishing a new identification system or issuing new SS Numbers - the only true remedy.

    HEY THIS IS RICH:

    On the day that Equifax disclosed the breach, members of one political party sponsored and were pushing legislation that would limit to $500,000 credit bureaus' damage exposure in class action lawsuits under The Fair Credit Reporting Act no matter how much the actual damages, and eliminate punitive damages !!!! And rest assured, that absent the breach the bill would have made headway, being sponsored by the party that has a majority in both houses of Congress.

    "
    ...[Members of a political party] in Congress Want to Roll Back Regulations on Credit Bureaus

    It’s hard to miss the irony. Last Thursday, on the same day Equifax announced its massive data breach, Congress held a hearing on a bill that would roll back regulations on the nation’s credit bureaus....

    ...'Unfortunately, suits under the Fair Credit Reporting Act have skyrocketed in recent years while leaving consumers inappropriately compensated,' ...[a sponsoring Congressman] said in a statement...

    Various business groups, including the American Bankers Association, Credit Union National Association, Consumer Data Industry and the Financial Services Roundtable support H.R. 2359...."

    https://www.nbcnews.com/business/co...-roll-back-regulations-credit-bureaus-n800471

    "There's a big club and you ain't in it"
    George Carlin
     
    Last edited: Sep 13, 2017
  10. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    781
    How is it that some countries are impacted and others are not?

    abc.net.au/news/2017-09-08/smiley-credit-check-australians-financial-information-at-risk/8887198

    "Please be assured that we have found no evidence that personal information of consumers in Australia or New Zealand has been impacted by the US cybersecurity incident," the tweet said.

    Edit: sorry, unlinking is not working for me so I just took the first part of the url off.
     
    Last edited: Sep 12, 2017
  11. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,982
    Location:
    DC Metro Area
    "Equifax, Bowing to Public Pressure, Drops Credit-Freeze Fees[until Nov 21]

    You howled in protest, and Equifax had no choice but to respond.

    On Tuesday, the company said it would waive all fees until Nov. 21 for people who want to freeze their Equifax credit files. It will also refund any fees that anyone has paid since Thursday, though the company would not say whether this would be automatic....

    It’s a logical reaction: You did not ask Equifax to vacuum up data about you, and then resell it to marketers and loan sellers. And it is not your fault that the company could not keep that data safe. So why should you pay for a freeze, which keeps new creditors from seeing your credit file and thus can keep thieves from applying for credit in your name?

    Somehow, that question did not occur to Equifax on Thursday, when it first announced the breach. It apparently thought a year of free credit monitoring would be enough to placate consumers.'..."


    https://www.nytimes.com/2017/09/12/...column-region&region=top-news&WT.nav=top-news

    Give'm a medal. Tone-deaf, incompetent, greedy boneheads !

    hawki <--------<< Still Mad As Hell !!
     
    Last edited: Sep 13, 2017
  12. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,089
    Location:
    Triassic
    The lifting of fees has only been offered to Americans. Australians, Canadians and UK consumers currently still have to pay the fees. As of yesterday the Equifax websites in those countries did not have any acknowledgement of the breach. The Canadian one was updated last night with a few lines on it. Also, there is still no checking tool been made available in these countries. The Equifax management in these countries have taken no initiative to inform or reach out - they are totally invisible.
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    60,676
    Location:
    Texas
  14. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,161
    Location:
    Paris
    Guys- For those that think that the upper echelon of Equifax cares about this breach one bit, please disabuse yourself of this notion. They are smart enough to know a few things:

    1). They have plausible deniability ("I'm not a Security Expert! It's the fault of one of our minions!")

    2). They already made their money extracted from the pain of their customers: (https://www.bloomberg.com/news/arti...utives-sold-stock-before-revealing-cyber-hack)
    ("I didn't know! IT didn't tell me! I needed the money to feed my dog!").

    3). They know the American Public is easy to forget and the whole issue will blow over soon (note that the stock price of Equifax was up 2.5% yesterday and already up another 1% in pre-market trading today). Just like the Target and Home Depot breaches, the stock will be back up to old levels fairly soon. Wall Street is already discounting victim complaints. Big Money could give a damn...

    4). From a personal standpoint. I was involved in both the Target and Home Depot breaches. In neither case did any high Exec even bother to show up for any postmortem meetings. My old firm is handling this one also, and from what I have been so far told no one high up at EFX is shedding any tears nor showing any real interest (ps- both Target and Home Depot shares hit new highs after their breaches).

    So although it pains me to say this, but you and I are really no more than peasants. Any outrage on our part will be treated like the yapping of puppies- possibly acknowledged but definitely ignored.
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    60,676
    Location:
    Texas
    There is a good possibility that being ignored will not happen with this particular breach. No one wants puppy love here.
    My personal hope is after all of this, we can eliminate SSN's as a form of personal identification.
     
  16. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,161
    Location:
    Paris
    I also wish it were so. But we should see a settlement for less than 1 billion USD (chump change for EFX) with Geragos & Co soaking up most of it in fees, a slap on the wrist for the Equifax Exec's (they aren't Martha Stewart, so no jail time), and SS numbers intact.
     
  17. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,982
    Location:
    DC Metro Area
  18. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,982
    Location:
    DC Metro Area
    "Equifax hack is a whole new level of bad, says Worchester Polytech Institute professor...

    'What’s particularly frightening is this is all the information anybody needs to verify who you are,' says Shue, who has worked as a cybersecurity research scientist at the Oak Ridge National Laboratory. 'How do you prove who you are? The information you need to do that is now out there. An adversary with this information could convince the government to give them a certified copy of your birth certificate, a reissued social security card, and even a replacement driver’s license. They could reconstruct your entire identity.'...

    Shue says he was surprised the hackers made off with so much information before any security administrators at Equifax took notice. With that much data—highly sensitive data—moving out the cyber door, alarms should have been going off.

    'It’s like seeing a lot of money coming out of a bank vault. You’d notice that, right?' he says. 'In this instance, someone took an entire copy of everything in the vault before anyone noticed. That speaks volumes about their security.'
    ...

    https://www.wpi.edu/news/equifax-hack-whole-new-level-bad-says-wpi-professor
     
  19. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    78
    If you're not the customer, you're the product.
     
  20. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,089
    Location:
    Triassic
  21. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,982
    Location:
    DC Metro Area
    EQUIFAX EXECS. HAVE ZERO FINANCIAL INCENTIVE TO BEEF UP SECURITY !!

    "Consumers, but Not Executives, May Pay for Equifax Failings...

    Over the last three years, when Equifax determined its top executives’ incentive compensation, it has used a performance measure that excluded the costs of legal settlements made by the company. If it follows this practice after dealing with the costs of settling legal claims arising from the security breach, Equifax’s top managers will essentially escape financial accountability for the blunder..."

    https://www.nytimes.com/2017/09/13/business/equifax-executive-pay.html
     
  22. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,982
    Location:
    DC Metro Area
    "Equifax Melts Down Under Surge of Angry Consumers...

    As of early Wednesday afternoon, all three major credit reporting agencies intermittently gave error messages and prevented consumers from filing online requests to have their credit reports frozen.

    Equifax's website said "System Currently Unavailable - Error 500" and suggested consumers try contacting the other credit bureaus.

    At one point, TransUnion's website couldn't be accessed at all. Then it put up an error page featuring a stock photo of a model sitting at a computer, alongside the caption, 'The website is temporarily unavailable.Please check back later.'

    Experian's website simply says, 'Loading...'...

    ...[C]onsumers complained of phone lines that rang and rang with no one picking up...

    ...[W]hen she filed a credit freeze with Equifax, the website said it was unable to process her request. When she called the automated credit freeze phone line, she was told that she had already had a credit freeze placed on her report. She never got a PIN code though, and now has no way of unlocking it.

    She says when she called customer service they recommended she try 'tomorrow' because it was a 'computer glitch.' When she asked how she would get a PIN, she says the customer service representative told her, 'I don't know.'..."


    https://www.nbcnews.com/business/consumer/equifax-melts-down-under-surge-angry-consumers-n800991
     
  23. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    2,982
    Location:
    DC Metro Area
    "[Equifax Confirms] Missed patch caused Equifax data breach

    Apache Struts was popped, but company had at least TWO MONTHS to fix it.
    ..

    The company has updated its www.equifaxsecurity2017.com/ site with a new “A Progress Update for Consumers” that opens as follows:

    'Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.'...

    As the Apache Foundation pointed out earlier this week, it reported CVE-2017-5638 in March 2017...

    Equifax was breached in “mid-May” 2017, realised it in July and got around to telling the world in Early September. If we take “mid-May” as the 15th of the month, Equifax had nine working weeks in which to apply the patch..."

    https://www.theregister.co.uk/2017/09/14/missed_patch_caused_equifax_data_breach/
     
    Last edited: Sep 13, 2017
  24. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,700
    This is pure, ******* crime against the public on Equifax's end. These greedy CXO bastards should be tried and sentenced for life in prison.
     
  25. kls490

    kls490 Registered Member

    Joined:
    Aug 15, 2015
    Posts:
    25
    Location:
    Mid Atlantic Region (USA)
    I couldn't agree more! And, not only for prison time, but those Equifax executives who, just after the data breach occurred - went and sold-off their Equifax stock shares, making quite a profit in the process, should have all that money seized immediately.

    Now, all 3 of the major credit bureaus are deliberately throwing-up roadblocks/delaying tactics so consumers are unable to even place credit freezes. As has already been reported, these lowlifes are not even answering their phone lines. Even if you're lucky enough to speak to a live person, they are obviously ignorant of what to do.

    Wonder where our 'esteemed' politicians in Congress & the FTC are? What are THEY doing to go after these credit bureaus and crack-down hard on them? :mad:

    This mess just keeps getting muckier every day.
     
    Last edited: Sep 14, 2017
Loading...