(The quickest way to register)

Check out our new Mobile App

Forum

  1. User picture
    • A440 on Fri 08 Sep 2017
    • 04:18:56 PM UTC

    Equifax Data Breach – A Serious Problem

    Equifax – a well-known American credit rating agency has been hacked due to a security weakness on their part. Up to 143 million records have been breached, which includes social security ID numbers, driver's licenses, addresses, etc.

    This is also not the first breach they have experienced.

    To quote one victim:

    The lack of security is appalling and the time it took Equifax to make the breach public is inexcusable. And their "help" is just as bad. I used the link from this article and found that my data may have been breached. I've spent the last hour trying to enroll in the Equifax complimentary ID protection service. The site does not work, it puts you into a repeating loop that goes nowhere. The phone number dedicated to what Equifax calls "the incident" hung up on me each of the five times I tried calling. Regular customer service people have no answers.
    This is ridiculous. An entity that has tremendous power over people's lives via their scores and reports needs to be far, far, far better than this. I'm disgusted.

    nytimes.com/2017/09/07/business/equifax-cyberattack.html

    Equifax has far too good a rating, at this time, considering its problems with both security and privacy concerns and IMHO, should be downgraded in trustworthiness.

    https://www.mywot.com/scorecard/equifax.com

Comments:

  1. User picture
    • NotBuyingIt on Fri 08 Sep 2017
    • 04:38:31 PM UTC

    RE: Equifax Data Breach – A Serious Problem

    See also, https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/

    [T]he site Equifax has available for people to see whether they were impacted by the breach may not actually tell you whether you were affected. When I entered the last six digits of my SSN and my last name, the site threw a “system unavailable” page, asking me to try again later.
    I have the impression that American citizens who were unaware that Equifax stored any of their personal or financial data are now being asked to trust Equifax with even more of their data.

    [Added 15-September 2017] I should further note that about 400.000 Brits may be similarly affected by the data breech. I have no idea what recourse they have.

     

     Data that is stored in the cloud may become lost in the fog.

  2. User picture
    • Site-rater on Fri 08 Sep 2017
    • 06:39:29 PM UTC

    RE: Equifax Data Breach – A Serious Problem

    Do credit reporting agencies even get audited for PCI-DSS security standards?

    If not, it is beyond time they get severely audited.

    Wow, luckily those "Equifax" certificates aren't owned by Equifax anymore. Or else we would have to alert the CA/B Forum of a potential breach.

  3. User picture
    • A440 on Sat 09 Sep 2017
    • 02:01:53 AM UTC

    RE: Equifax Data Breach – A Serious Problem

    Here is another reason I think Equifax's score should be downgraded:

    marketwatch.com/story/why-some-equifax-customers-have-unwittingly-waived-their-rights-to-a-class-action-lawsuit-2017-09-08

    huffingtonpost.com/entry/equifax-breach-2017_us_59b2dae8e4b0b5e531062976?746

  4. User picture
    • Myxt on Sat 09 Sep 2017
    • 09:02:25 AM UTC

    RE: Equifax Data Breach – A Serious Problem

    At equifaxsecurity2017.com read item: 2). NO WAIVER OF RIGHTS FOR THIS CYBER SECURITY INCIDENT

  5. User picture
    • A440 on Sat 09 Sep 2017
    • 09:08:48 AM UTC

    RE: Equifax Data Breach – A Serious Problem

    Originally posted by: Myxt
    At equifaxsecurity2017.com read item: 2). NO WAIVER OF RIGHTS FOR THIS CYBER SECURITY INCIDENT
    . . . which means that Equifax is lying in their social media responses regarding this incident.

    Also noted (what to do to protect yourself):

    nytimes.com/2017/09/08/your-money/identity-theft/equifaxs-instructions-are-confusing-heres-what-to-do-now.html

    . . . Equifax should have made the monitoring last forever (one-year monitoring due to this breach). Since it didn’t, it will now be able to solicit everyone who signs up for its year of free service and what do you want to bet that the company will offer an extension bright and early on day 366 for, say, $16.95 per month?
    So, yes, your worst suspicions are now confirmed. Equifax may actually make money on this breach.
  6. User picture
    • Site-rater on Sat 09 Sep 2017
    • 04:32:13 PM UTC

    RE: Equifax Data Breach – A Serious Problem

    Wonder why they hid that new domain behind Cloudflare rather than using the IP space they own?

  7. User picture
    • Myxt on Sat 09 Sep 2017
    • 07:16:14 PM UTC

    RE: Equifax Data Breach – A Serious Problem

    Echo from 2013:
    _http://krebsonsecurity.com/2014/03/experian-lapse-allowed-id-theft-service-to-access-200-million-consumer-records/
    If I remember correctly, Experian is used by the ACA and SSA to verify you are a real person. If you have no debt, you're not real.

  8. User picture
    • nova7 on Sun 10 Sep 2017
    • 08:33:45 AM UTC

    RE: Equifax Data Breach – A Serious Problem

    Originally posted by: Site-rater
    Wonder why they hid that new domain behind Cloudflare rather than using the IP space they own?

    1. I liken this to the more and more common default philosophy that every lame homepage and every other lame page at a site has to be HTTPS. Secure, secure, secure, breach.
    2. And, or, one biz working in the non-good for the public, breached of people's data that didn't lose their data themselves; Equifax lost it for the customers. Giving more non-good for the public biz to another biz working in the non-good for the public--another example of a Web of Non-good For The Public.
    3. We, Equifax, have already been breached once, let's lay out even more "security" on this new site since we couldn't secure data on the site under our control--obviously we can't secure a site running the network the way we were, while retaining the breached network under their control.
    4. Now that the general public will be massively querying the lookup page to determine whether each person had breached data, we, Equifax, need capability (ies) that we can't provide with our existing network--greater page caching, greater same-time page querying by many times our normal traffic flow of users, etc.

  9. User picture
    • A440 on Tue 12 Sep 2017
    • 03:51:53 AM UTC

    RE: Equifax Data Breach – A Serious Problem

    Geez:

    www.nytimes.com/2017/09/11/opinion/equifax-accountability-security.html

  10. User picture
    • A440 on Tue 12 Sep 2017
    • 02:14:42 PM UTC

    RE: Equifax Data Breach – A Serious Problem

    Odd - considering these guys have about thirty lawsuits against them, as of this date, their rating is really good, in fact has not changed.

    reuters.com/article/us-equifax-cyber-lawsuits/lawsuits-against-equifax-pile-up-after-massive-data-breach-idUSKCN1BM2E3?il=0

  11. User picture
    • A440 on Fri 15 Sep 2017
    • 11:16:30 AM UTC

    RE: Equifax Data Breach – A Serious Problem

    This gets worse the more one reads:

    Equifax spent $1.1 million on lobbying last year, up from $300,000 in 2006, according to data collected by the Center for Responsive Politics. The credit bureau recently lobbied on a range of cybersecurity issues, including “data security and breach notification,” “data breach response and identity protection” and “cybersecurity threat information sharing.”
    Equifax lobbied on two bills under scrutiny at last week’s House hearing, including one called the F.C.R.A. Liability Harmonization Act. The six proposals discussed at the hearing, all introduced by Republicans, would amend, and often scale back, a variety of consumer protection laws.
    I can only wonder how much they did spend on security. It was clearly not enough.

    nytimes.com/2017/09/15/business/equifax-data-breach-regulation.html

  12. User picture
    • A440 on Sat 16 Sep 2017
    • 02:25:59 AM UTC

    RE: Equifax Data Breach – A Serious Problem

    nytimes.com/2017/09/14/business/equifax-hack-what-we-know.html

    marketwatch.com/story/equifax-ceo-hired-a-music-major-as-the-companys-chief-security-officer-2017-09-15

    Two of their alleged security officers have retired just now . . . and their rating has barely suffered here.

  13. User picture
    • nova7 on Thu 21 Sep 2017
    • 03:36:40 AM UTC

    RE: Equifax Data Breach – A Serious Problem

    Originally posted by: Site-rater
    ...Cloudflare...

    Historically, Cloudflare Inc hasn't turned down aiding the public devulging of "personal" information
    Xhttps://krebsonsecurity.com/2017/09/equifax-hackers-stole-200k-credit-card-accounts-in-one-fell-swoop/comment-page-4/#comment-441025 (top url)
  14. User picture
    • A440 on Fri 22 Sep 2017
    • 07:41:12 PM UTC

    RE: Equifax Data Breach – A Serious Problem

    nytimes.com/2017/09/21/opinion/get-rid-of-equifax.html

    Note: I also find it amusing that their score went down by only one point!

  15. User picture
    • NotBuyingIt on Sat 23 Sep 2017
    • 03:32:38 AM UTC

    RE: Equifax Data Breach – A Serious Problem

    clownish security measures:
    "Equifax Has Been Sending Consumers to a 'Fake Phishing' Site for Almost Two Weeks" securityequifax2017.com (WOT scorecard)
    https://it.slashdot.org/story/17/09/20/1848238/equifax-has-been-sending-consumers-to-a-fake-phishing-site-for-almost-two-weeks

     Data that is stored in the cloud may become lost in the fog.