Massive Data Breach Could Impact Half Of The U.S. Population

[Riddick]

A massive cyber security incident at Equifax — one of the largest credit reporting agencies in the United States — may have exposed private information belonging to 143 million people — nearly half of the U.S. population.

The breach, which was discovered July 29, includes sensitive information such as social security numbers, birthdays, addresses and in some instances, driver's license numbers. The agency said 209,000 credit card numbers were exposed in the breach, which includes customers in Canada and the United Kingdom.

Adding to the scandal, three of the company's top executives sold Equifax shares just days after the breach was discovered. The breach was not publicly disclosed until Thursday, more than six weeks later.

The FBI is actively investigating the cyber incident and Equifax has been cooperating, law enforcement sources told NBC News. Equifax did not immediately respond to NBC News' request for comment regarding the stock sales.

The irony: Equifax is the agency many people use to guard against identity theft and one that businesses turn to when verifying a person is who they say they are. Now, with the private information in the hands of cyber thieves, customers are being placed in a difficult position.

"Equifax is tasked with actually protecting this information in the form of identity theft protection and here we are with almost half of the country's population being affected," Robert Siciliano, CEO of IDTheftSecurity.com told NBC News.

Even if you don't think you're a customer of Equifax, there's a strong possibility they still have your data. As a credit reporting agency, Equifax gets information from credit card companies, banks, lenders and retailers to help it determine a person's credit score.

The bottom line here, Siciliano said, is to pay close attention to your credit card statements. With more than 200,000 credit card numbers exposed, he said extra vigilance is vital. FULL STORY

[Riddick]

Equifax ad says “you data has a story to tell.” Who is it telling your “story” to now?

Excerpts From
'Equifax: The Breach, At Last'
By Steve Spain at arizonadailyindependent.com

It was bound to happen, and now it has: One of the three major credit reporting bureaus has finally fallen victim to some form of hack attack. The company has not disclosed much information about the hack–nor is it likely to reveal much more–but Equifax itself concedes that around 143 million consumers in the United States may be victims of this attack.

Equifax does not believe any credit reports experienced “unauthorized activity,” just that “names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers” of “consumers” were exposed. Note the verbiage, “consumers,” not “customers.”

For the most part, Equifax hoovers up your personal information and credit history and sells that information to businesses. The consumer credit reporting products they offer are recent additions to their portfolio. You likely aren’t a customer of Equifax, but you likely are a victim.

Considering that the United States has about 324 million people, and the population above age 18 is likely around 250 million, nearly three out of every five people who are likely to have a credit file with Equifax may have had information divulged in this leak. This is absolutely and unequivocally shameful.

This should never have happened, and it is easy to imagine that Equifax should have handled the situation better. But what did Equifax executives do about the breach when they learned of it? They sat on the info for five weeks (and three of their top leaders allegedly exercised stock options) while formulating a public information campaign.

Within their information package is investor data indicating that they remain committed to a financial model forecasting “7-10% revenue growth and 11-14% growth in Adjusted [Earnings Per Share] on average over a business cycle.” In other words, their investors shouldn’t worry.

Their investors shouldn’t worry. You should. Central to Equifax’s messaging to consumers is an offering of credit monitoring services to you.

These are the very same people who use your information without explaining to you every way in which they may use it, who assign your credit worthiness scores without clearly telling you by what formulae they judge you, and who should have been protecting your personal data at least as well as your bank should.

They failed. And now they want you to trust them to monitor your credit for the next year (after which they will be delighted to charge you to continue the service). You can find the offer at https://www.equifaxsecurity2017.com/.

But I wouldn’t trust them.

I recently had an issue with one of my annual credit reports, and these bureaus make it nigh onto impossible to talk to a human being to get answers or sort out the problem. There is no customer service for you and for me because we aren’t their customers.

If you will be diligent about cancelling the monitoring service before the first bill, go ahead and sign up (as long as they don’t want more information about you); otherwise, think long and hard about trusting these jokers before you accept their free offer.

Ultimately, you are the only person responsible for making sure that you don’t owe many thousands of dollars because somebody else abused your good name. And the fact that it now takes effort to protect yourself from evildoers the world over is a sad state of affairs.

[kbot]

So, here's question - if this were the healthcare sector, say a hospital or a physician's office, and here was a similar "data breach" - lets call it what it is: a HIPA violation, there could be fines levied into the millions or billions of dollars, depending on the level of infraction.

But, because this is the FINANCE sector, they always get of with a "oopsie........., sorry!!!!!!!" We have a lollypop for you though!!!!!!!

The government really needs to crack down on this crap!!!!!!!!!!!

[Doka]

Seems like you need to find them 1st? Who's fault?

[Riddick]

Seems like you need to find them 1st? Who's fault?

Let's see now... who could be to blame... Hey, I know!! It's Russia, Russia, Russia! Hey, hackers gotta keep busy in-between rigging US elections -

Of course, that means Trump is just as much at fault. Oh, he'll deny it, but what else can you expect from a heartless white supremacist?

[Riddick]

[Riddick]

In the wake of a massive data breach that exposed the sensitive personal information of 143 million customers, executives from credit agency Equifax said Friday that they were impressed by the hackers’ ability to ruin people’s finances much more efficiently than their company can.

“We’re truly amazed by the effectiveness and sheer speed with which the hackers wrecked so many Americans’ financial prospects—it usually takes us years to devastate someone with a bad credit score,” said awestruck Equifax CEO Richard Smith, noting that Equifax’s traditional process of slowly chipping away at a customer’s credit rating due to late payments on credit cards with arbitrarily raised interest rates or an inability to pay off subprime loans made them “practically a dinosaur” in comparison to cybercriminals who could wipe out someone’s financial standing in mere minutes.

“It’s taken us a long time to get to the point where we can ensure that someone won’t ever get approved for a loan, can’t apply for a mortgage, or might not even qualify for basic car insurance, so it’s honestly humbling to see these hackers do it in just a few keystrokes. But we’re going to learn from this and use it to motivate us to sabotage people’s finances much more efficiently in the future.”

At press time, Equifax announced it had laid off 80 percent of its workforce in favor of one Latvian hacker who could destroy millions of customers’ credit ratings overnight.

[Riddick]

Equifax announced late Friday its chief information officer and chief security officer would leave the company immediately, following the enormous breach of 143 million Americans’ personal information.

Susan Mauldin, top security officer, and David Webb, chief technology officer, are retiring. Mauldin, a college music major, had come under media scrutiny for her qualifications in security. Equifax did not say in its statement what retirement packages the executives would receive.

Three Equifax execs - not the ones departing - sold shares worth a combined $1.8 million just a few days after the company discovered the breach, according to documents filed with securities regulators.

Equifax shares have lost a third of their value since it announced the breach.

The credit data company also released its most detailed, if still muddled, timeline of the breach yet, although it raised as many questions as it answered.

The tale began on July 29, when the company’s security team detected suspicious network traffic associated with the software that ran its U.S. online-dispute portal. After blocking that traffic, the company saw additional “suspicious activity” and took the portal’s software offline.

At this point, Equifax’s retelling grows cloudy. The company said an internal review then “discovered” a flaw in an open-source software package called Apache Struts used in the dispute portal, which it then fixed with a software patch. It subsequently brought the portal back online.

But that vulnerability had been known publicly since early March 2017, and a fix was available shortly thereafter — facts that Equifax acknowledged in its Friday statement.

The company did not say why the software used in the online-dispute portal hadn’t been patched earlier, although it claimed that its security organization was “aware” of the software flaw in March, and that it “took efforts” to locate and fix “any vulnerable systems in the company’s IT infrastructure.”

It apparently missed at least one vulnerable system. The closest Equifax gets to explaining that? “While Equifax fully understands the intense focus on patching efforts, the company’s review of the facts is still ongoing,” according to its statement.

FULL STORY

[kbot]

Just gets better folks...........

Equifax Stock Sales Are the Focus of U.S. Criminal Probe

The U.S. Justice Department has opened a criminal investigation into whether top officials at Equifax Inc. violated insider trading laws when they sold stock before the company disclosed that it had been hacked, according to people familiar with the investigation.

https://www.bloomberg.com/news/articles ... inal-probe

[Riddick]

The days of buccaneers and cutlasses may be behind us, but the legacy lives on in other forms—as the Equifax data breach scandal vividly illustrates.

Old Blackbeard himself would have admired the ingenuity of a business set up to grab sensitive information about citizens without their consent, conjure property rights over that data by concocting proprietary formulas, and sell it to the highest bidder. So much the better if private information falls into the hands of criminals—companies can sell protection services to the same hapless citizens.

The oligopolistic “Big Three” credit bureaus—TransUnion, Experian, and Equifax—exist to reap billions in profit from your personal information and make it easy for lenders to charge you the highest possible interest rates. Their use of your data could result in the loss of a potential home or a job. Yet when they screw up, they have little more to fear than a negligible fine.

Rather than investing in appropriate security measures, Equifax has spent a pirate’s treasure lobbying Congress to help the company force consumers to settle disputes in arbitration, rather than suing them for harm.

Meanwhile, we learn that Equifax executives dumped their stock overboard three days after the company learned of the hack — but a month before it went public with the news. That is, they appear to have eagerly protected themselves, but not the rest of us.

All told, the behavior of Equifax has been so high on the pirate-scale it even managed to solicit criticism from JP Morgan chief Jamie Dimon, who said he wasn’t surprised at what happened with Equifax and noted that if a company allowed such a breach through negligence that “you’re going to pay.”

Indeed. This is something more grotesque than simple market failure. This is total regulatory breakdown: Moral hazard on steroids. The Equifax breach is proof it's time to overhaul the credit bureau industry.

With few checks and balances in the system, and so long as the political money flows freely the bad guys will go on plundering and holding us all hostage. It’s Pirates of the Caribbean, always showing at a theater near you.

FULL STORY

[kbot]

I searched Dr Katherine Albrecht's recent archives to see whether she had done a show on this since the story broke, but it appears her archives are not 100% updated. She may have had a show and just didn't update her archives, but it would be interesting to hear her take as she's been very vocal over the corporatization of private information for the past decade-plus.

The upshot is that people increasingly give-up their rights to their private information with increasing frequency, and its well past time that we demand our government start rolling back the lax laws allowing this. Since these corporations enrich themselves by selling our personal information, they are also liable to fix what are essentially their mistakes

[Riddick]

Equifax’s response to its data breach has been a total sh!tshow, something the company seems determined to remind us of each and every day. FULL STORY

[kbot]

Equifax needs to be prosecuted. They're reckless with the data they collect, clearly cannot be trusted and are wrecking people's lives due to their ineptitude.

[Riddick]

The abrupt departure of Equifax's chief executive officer on Tuesday has not dampened the criticism of the company since it disclosed a massive data breach earlier this month.

As in other recent corporate scandals, the departure of Richard Smith was swift if not inevitable. The credit reporting company said he was retiring effective immediately and he wouldn't get a bonus for this year, though he is eligible to walk away with at least $18.4 million in pension benefits.

"Speaking for everyone on the board, I sincerely apologize," Mark Feidler, the new chairman of Equifax's board, said Tuesday, adding it had formed a special committee to look into the data breach.

The board's move is being interpreted as a way to get out ahead of what is anticipated to be a major grilling by lawmakers. "The new standard with boards now is 'how badly will we look compared to other unnamed CEOs in front of Congress?'" said Michael Peregrine, a corporate governance lawyer at McDermott Will & Emery.

Smith has been scheduled to testify about the breach in the House and the Senate next week, and his sudden departure made lawmakers react angrily.

"A CEO walking out the door just days before he is to appear before Congress is an abdication of his responsibility," Sen. Brian Schatz said in a statement Tuesday. Equifax's spokeswoman said Smith was still scheduled to make those appearances next week.

"This is akin to an oil tanker spill," said Nathan Taylor, a cybersecurity lawyer at Morrison Foerster who has represented big companies in data breaches. "It doesn't matter if the captain had 12 hours of sleep and tons of training, people are going to be watching everything you do."

FULL STORY

[Riddick]

The initial drama over Equifax's data breach has mostly subsided, but the actual damage will play out for years. And indeed, there turns out to be plenty of spectacle and public controversy left. It was all on display at a Tuesday Congressional hearing, in which lawmakers questioned Equifax's former CEO Richard Smith in an attempt to make sense of how things went so wrong.

Before delving into the hearing itself—which went poorly enough—it's worth mentioning that it was bracketed by further unfortunate Equifax revelations. The company announced Monday that the total number of people impacted by its breach is not 143 million—the amount it first disclosed—but in fact 145.5 million. Its ability to casually misplace 2.5 million lives upended by the breach is alarming, as is Tuesday afternoon's revelation that the IRS awarded Equifax a no-bid, multimillion-dollar fraud-prevention contract last week.

And there's a lot more where that came from. Here are six important (and astonishing, disappointing, you name it) tidbits that came out of Tuesday's hearing.

1. The timeline of when executives knew what about the breach is both disheartening and suspect.

2. Equifax's patching process was wholly inadequate.

3. Equifax stored sensitive consumer information in plaintext rather than encrypt it.

4. The recently resigned Equifax CEO only mandated security reviews every quarter.

5. Equifax won't comment on, or rule out, nation-state attackers.

6. Equifax made its breach notification site a separate domain because its main site wasn't up to the task.

It's hard to even hold all the failures and missteps in your mind at once, but each revelation makes the overall picture seem that much uglier. “I just hope we get to the bottom of this," said representative Ben Ray Luján of New Mexico during the hearing. "Because this is a mess.” FULL STORY