Credit reporting firm Equifax says data breach could potentially affect 143 million US consumers

Discussion in 'other security issues & news' started by ronjor, Sep 7, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    60,875
    Location:
    Texas
    Equifax Stock Sales Are the Focus of U.S. Criminal Probe
     
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
    "Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed

    Equifax Inc. learned about a major breach of its computer systems in March -- almost five months before the date it has publicly disclosed, according to three people familiar with the situation.

    In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders. Either way, the revelation that the 118-year-old credit-reporting agency suffered two major incidents in the span of a few months adds to a mounting crisis at the company.....

    Equifax hired the security firm Mandiant on both occasions and may have believed it had the initial breach under control, only to have to bring the investigators back when it detected suspicious activity again on July 29, two of the people said...

    In early March, they said, Equifax began notifying a small number of outsiders and banking customers that it had suffered a breach and was bringing in a security firm to help investigate..."

    https://www.bloomberg.com/news/arti...suffer-a-hack-earlier-than-the-date-disclosed
     
    Last edited: Sep 18, 2017
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
    "Prosecutors Open Criminal Investigation Into Equifax Breach

    Federal authorities have opened a criminal investigation into the massive data breach at Equifax, which potentially exposed the personal information of up to 143 million Americans, including their Social Security and driver’s license numbers.

    United States Attorney John A. Horn, the federal prosecutor in Atlanta, said in a statement that his office was working with the F.B.I. to investigate the cyberattack..."

    https://www.nytimes.com/2017/09/18/...column-region&region=top-news&WT.nav=top-news
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    60,875
    Location:
    Texas
    New York Pushes to Regulate Credit Agencies After Equifax Breach
     
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
    Great ! That might prevent the other half, or whatever, of the adult population of America from having its social security numbers exposed.

    Guess we will have to wait until a bunch of Congress Critters have their stolen identities abused and arrested on outstanding criminal warrants for passing bad checks, purchasing child pornography, hit and run manslaughter, etc. before we get a meaningful fix for the untold damage that has already been done.
     
    Last edited: Sep 19, 2017
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,981
    Location:
    California
    Question:

    If someone takes out a credit card in your name, how does that person get the card? Wouldn't your address be on the credit card application?

    If not, then how would you receive the billing?

    ----
    rich
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    60,875
    Location:
    Texas
    Equifax Breach Affects 100,000 Canadians
    .
     
  9. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
  10. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    101
  11. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    101

    Misleading headlines about Equifax's *earlier* hack
     
  12. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
    "What is the biggest threat from the Equifax breach? Account takeovers

    Cyber criminals have the most to gain by taking ownership of bank, brokerage and retirement accounts using people’s PII. Are traditional authentication systems obsolete?
    ...

    Yes, there will be some tax and banking fraud as a result of the gargantuan data breach at Equifax. The biggest impact, however, will be felt by enterprises that rely on credit reporting bureaus to verify the identity of people they are doing business with.

    Think employment verification, social services verification, and other forms of identity verification that rely on credit reports. These services depend on the idea that only the individual knows all the details used to verify identity, but that assumption requires ignoring the sheer amount of personally identifiable information (PII) that has been exposed over the past few years.

    'Based on what I’ve seen in the past, I would estimate that less than 5 percent of Americans will have new loans, bank accounts, credit cards and other financial accounts taken out by a criminal in their name over their lifetime,' [Gartner security analyst] Litan said. 'What’s more likely is that stolen information will be used to take over existing accounts, such as banking, brokerage, phone service, and retirement accounts. Call centers and online systems rely on these pieces of information to verify identity when conducting high-risk transactions, such as moving money across accounts or changing the information associated with the account.

    It makes no sense to solely rely on static personally identifiable information to identify an individual a business is engaged with when there is a greater than 50 percent chance that data is in criminal hands,'..."

    https://www.csoonline.com/article/3...rom-the-equifax-breach-account-takeovers.html
     
  13. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,102
    Location:
    Triassic
  14. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,703
    What do you expect when their Chief Security Office has music composition degrees but not a single Technology degree? Extremely incompetent CSO leads to equally if not more stupid subsidiaries.
     
  15. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
    Peeps knock her for her music degree, BUT it is noteworthy that prior to her becoming CSO at EFX she was the CSO at First Data Corp., the world's largest credit/debit/gift card payments processing firm. She was at FirstData for four years. But I guess that's all kinda mute now -- having proven herself to be an incompetent CSO. I guess we were lucky that the entire USA population didn't already have its credit card info stolen o_O
     
    Last edited: Sep 20, 2017
  16. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,703
    We never know. If corporations keep doing stupid hiring like putting this incompetent EFX CSO into such a key position to supposedly safeguard consumers' privacy, the entire USA populations' credit card info will soon be traded in black market.
    I feel especially angry and upset because I myself, and I believe many in this forum, have been extremely careful when it comes to our PII. All these efforts in so many years are wasted in a blink of eye just because of the carelessness and incompetency of one single stupid individual and company. This moron CSO should shoot herself instead of simply went for retirement. What a shame.
     
  17. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    3,087
    Location:
    DC Metro Area
    "Massive Equifax hack reportedly started 4 months before it was detected

    Attackers likely spent months escalating their intrusion into Equifax's network

    Hackers behind the massive Equifax data breach began their attack no later than early March, more than four months before company officials discovered the intrusion,..."

    https://arstechnica.com/information...edly-started-4-months-before-it-was-detected/

    The report basically shows that the previously reported March incident was in fact the origin of the massive theft. That initial breach did not end but rather was the opening that allowed the hackers to escalate their attack. The arstechnica article lays it out. The two incidents were linked.
     
    Last edited: Sep 20, 2017
  18. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    875
    This kind of thing is only going to get worse. Hackers are exploiting decades of trust in a tech industry that sold us all out and they are not going to stop, they will take the entire infrastructure apart.
     
  19. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,280
    Location:
    Surrey, England.
    https://krebsonsecurity.com/2017/09/equifax-breach-setting-the-record-straight/
     
  20. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,863
    Location:
    USA
    You don't need a credit card to be impacted, all you need do is a apply for a Supermarket discount card"; a drug card; a sear's card; or a STARBUCK'S card.
    The consumer's are not responsible
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    60,875
    Location:
    Texas
    Equifax or Equiphish?

     
  22. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,333
    Location:
    USA
    Short answer, they probably would have it sent to their own address but that may not count for much. Nobody will do anything, you would have to take on the issue at your own time and expense.

    Long answer:
    As someone that has been a victim of this in the past, the answer is maybe. I has someone do this on the opposite end of the country from me. Depending on where accounts were opened the outcome was different. This person got a fake state ID in their state. The accounts they wanted to dispose of quickly they had sent to my address. For example they opened a credit account at a women's clothing store on the spot. They were able to max it out then and there and had the bill sent to me. Then they bought about $3,500 worth of furniture and HAD IT DELIVERED TO A LOCAL ADDRESS. When they didn't pay the bill the financing company located ME because they used my SSN and tried to collect from me. At which point I had to have a police report, a notarized copy of my driver's license, and fill out their fraud packet, etc. It's the instant credit places where you need to worry. A bank credit card, not as likely to happen, but could. A walk into a store and walk out with stuff situation is much easier to pull of and much more likely to be gotten away with. They make it easy for them and difficult for you afterwards. I got really tired of the harassing calls with the accusatory "This is your SSN, right? You have to pay". The fraudster got a phone with Sprint and even paid the bill for a while. After they racked up a $3,500 bill Sprint found me and tried to collect it for the next 11 years. Despite the fact that these people used a phone for months and had furniture delivered to their house (there was and obvious trail to follow), nobody would do anything. I was told I would have to hire a private investigator if I wanted anything done. Watch your stuff very closely and if you find anything suspicious such as receiving statements from places you have never been, report it to the police. They will do nothing but you will need the report to resist paying the false debt.
     
  23. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    875
    The usual scam is to use the stolen identity to get fake drivers licence and SS card made in your name, they then use them as ID to rent a house, get the utilities on in your name.
    Then they open bank accounts, apply for multiple credit cards.
    Apply for loans.
    All in your name.
    Then they blitz the online shopping with the credit cards, the goods are delivered to the house rented in your name.
    Once they got all the loans they can get and maxed out all the credit cards, and the demands from the loan companies for missed payments start arriving, they bail.
    For all intents and purposes it appears you did all of that. Your credit score is now toast and debt collection agencies will be chasing you for the money.
    The identity thieves then start over somewhere else with someone else's ID.
    That is why they are difficult to catch, they don't stay in one place for long.
    So yeah, take this seriously, if your lucky, an amateur might get a credit card in your name and that's all.
    If experienced fraudsters get your ID you'll never hear the end of it.
    I have heard of them working in groups, operating as many as 70 ID's simultaneously.
     
    Last edited: Sep 24, 2017
  24. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,102
    Location:
    Triassic
    Ever heard of Title Fraud? Title Fraud is when an identity thief steals your house. All they need is the info that is on your credit report. They can even get a title search without having to produce any ID or proof of ownership (e.g. a deed).

    Identity thieves could discharge your current mortgage and replace it with one at higher value and disappear before the mortgage goes into arrears. They could transfer the title of your property out of your name, register a home equity line of credit or mortgage against the title, advance the funds in cash, and disappear, leaving you with a foreclosure notice a few months later. They could even potentially sell your property sight unseen, close the transaction, and skip town before the buyers show up to take possession.

    The legal precedence is that the mortgage was taken out in your name so it is a legal transaction. The identity thieves are pretending to be you but that makes no difference as you are responsible for the repayment of the debt. In the case of someone fraudulently selling your house out from under you, there is legal precedence set where the new buyers could actually be awarded possession of your house, because you were the victim of identity theft and title fraud, and they were not. o_O As far as the law is concerned, the buyers executed a perfectly legal transaction.

    The law regarding the protection of property titles varies by state/province and country, but none address identity theft at all.
     
  25. compleo

    compleo Registered Member

    Joined:
    May 3, 2016
    Posts:
    101
Loading...