Jump to content


Data Breach at Equifax


79 replies to this topic

#61 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 17743 posts
  • LocationPennsylvania

Posted 20 September 2017 - 04:57 PM

Oh for f***'s sake! This company has NO business holding onto my personal and financial data. Everybody in senior management has GOT ... TO ... GO!

Quote

Earlier this month, hackers broke into Equifax's servers and stole 143 million people's personal information, including their Social Security numbers. In response to the attack, Equifax set up a website — www.equifaxsecurity2017.com — for possible victims to verify whether they're affected. Because the process involves sharing sensitive information, consumers have to trust they're entering their data in the right place, which can be tricky because the breach-recovery site itself isn’t part of equifax.com. If users end up on the wrong site, they could end up leaking the data they're already concerned was stolen.

Today, Equifax ended up creating that exact situation on Twitter. In a tweet to a potential victim, the credit bureau linked to securityequifax2017.com, instead of equifaxsecurity2017.com. It was an easy mistake to make, but the result sent the user to a site with no connection to Equifax itself. Equifax deleted the tweet shortly after this article was published, but it remained live for nearly 24 hours.

Yeah, if you keep reading it gets worse.
" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"Didn't vote for Hillary Clinton? Then you own [insert horrible act here]."

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

#62 AnBr

    Advanced Member

  • Members
  • PipPipPip
  • 10266 posts

Posted 21 September 2017 - 10:47 PM

And the Business Insider take on it: Equifax mistakenly told consumers worried about its data breach to go to a spoof site
"Science is more than a body of knowledge; it is a way of thinking. I have a foreboding of an America in my children's or grandchildren's time - when the United States is a service and information economy; when nearly all the key manufacturing industries have slipped away to other countries; when awesome technological powers arc in the hands of a very few, and no one representing the public interest can even grasp the issues; when the people have lost the ability to set their own agendas or knowledgeably question those in authority; when, clutching our crystals and nervously consulting our horoscopes, our critical faculties in decline, unable to distinguish between what feels good and what's true, we slide, almost without noticing, back into superstition and darkness.

— Carl Sagan
The Demon-Haunted World: Science as a Candle in the Dark
1995

#63 baw1064

    formerly of the public sector

  • Members
  • PipPipPip
  • 3597 posts
  • LocationEarthquakes, tsunamis, and volcanos--oh my!

Posted 21 September 2017 - 11:23 PM

Well, they're pretty much a spoof credit bureau, so that seems appropriate. **facepalm**
“Unless someone like you cares a whole awful lot, Nothing is going to get better. It's not.” --Dr. Seuss

#64 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 17743 posts
  • LocationPennsylvania

Posted 25 September 2017 - 11:14 AM

Deloitte was hacked too. At this point I think it's time to admit that data security as it stands today just isn't working very well.
" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"Didn't vote for Hillary Clinton? Then you own [insert horrible act here]."

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

#65 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 17743 posts
  • LocationPennsylvania

Posted 27 September 2017 - 02:32 PM

New York state is looking into the Equifax breach and how it was handled.

Quote

ew York state’s financial services regulator has issued a subpoena to Equifax Inc demanding it provide more information about the massive data breach the credit-reporting firm disclosed this month, a person familiar with the matter said on Wednesday.

New York’s Department of Financial Services (DFS) sent the subpoena to Equifax on Sept. 14, said the person, who declined to be named because the matter has not been made public.

The subpoena seeks documents related to the hack that compromised the personal data of up to 143 million Americans, details on when Equifax learned of the breach and what actions it took after it was discovered, as well as other information, the person said.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"Didn't vote for Hillary Clinton? Then you own [insert horrible act here]."

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

#66 indy

    Advanced Member

  • Members
  • PipPipPip
  • 8356 posts

Posted 02 October 2017 - 07:17 PM

Equifax upped the total to 145.5 million people potentially impacted. Oh joy.

#67 baw1064

    formerly of the public sector

  • Members
  • PipPipPip
  • 3597 posts
  • LocationEarthquakes, tsunamis, and volcanos--oh my!

Posted 02 October 2017 - 08:08 PM

Maybe the biggest risk isn't that someone will try to steal your identity.

Equifax breach shows signs of a possible state-sponsored hack

Quote

The insiders say that "many" of the tools used in the hack were Chinese in origin, and that there are similarities to China-backed breaches targeting the health insurance firm Anthem and the US government's Office of Personnel Management. Also, none of the stolen data has surfaced online -- whoever took it wasn't in a rush to profit. This was a "'get as much data as you can on every American' play," one of Bloomberg's contacts said.

“Unless someone like you cares a whole awful lot, Nothing is going to get better. It's not.” --Dr. Seuss

#68 indy

    Advanced Member

  • Members
  • PipPipPip
  • 8356 posts

Posted 02 October 2017 - 08:15 PM

I already put my money on Russia.

http://www.talkradio...post__p__155435

#69 baw1064

    formerly of the public sector

  • Members
  • PipPipPip
  • 3597 posts
  • LocationEarthquakes, tsunamis, and volcanos--oh my!

Posted 02 October 2017 - 08:40 PM

I think we should replace everyone's social security number annually (kind of like password expiration). Yeah, the world isn't ready for that, but it needs to be.
“Unless someone like you cares a whole awful lot, Nothing is going to get better. It's not.” --Dr. Seuss

#70 D. C. Sessions

    I don't have to pretend to be an adult any more

  • Members
  • PipPipPip
  • 6854 posts
  • LocationCentral New Mexico

Posted 03 October 2017 - 06:04 AM

View Postbaw1064, on 02 October 2017 - 08:40 PM, said:

I think we should replace everyone's social security number annually (kind of like password expiration). Yeah, the world isn't ready for that, but it needs to be.

Nothing wrong with the SSN as it was originally -- time was, it was illegal to use it for anything other than SS. Now? It's routinely used as a identity-securing secret. Which is insane.

By all means insist on something else. But leave the SSN alone, because it's supposed to be a cradle-to-grave identifier and there will have to be something equivalent regardless.

ETA: think of it as what we call a GUID: guaranteed unique identifier. Like a name, but guraranteed that you're the only one with it. Proving that you are the one it refers to is something else.
"If you're not outraged, you're not paying attention." -- Heather Heyer
"I'd rather have my child, but by golly, if I gotta give her up, we're gonna make it count." -- Her mother
The purpose of "defense spending" isn't "defense," it's "spending."
Our Party! In her relations with other Americans may she always be in the right; but Our Party, right or wrong!

#71 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 17743 posts
  • LocationPennsylvania

Posted 03 October 2017 - 06:50 AM

And it's worse than they thought said. So the didn't patch their software, the announcement took too long, execs unloaded stock before the announcement, and now they keep "finding" that it's worse than they realized. They have no business being in business.

Quote

Equifax said hackers may have stolen the personal information of 2.5 million more U.S. consumers than it initially estimated, bringing the total to 145.5 million.

The company said the additional customers were not victims of a new attack but rather victims who the company had not counted before. Equifax hired the forensic security firm Mandiant to investigate the breach, and it finished its report on Sunday.

News of the new victims comes on the eve of congressional testimony to be given by Equifax’s former CEO Richard Smith, who will address a House subcommittee on Tuesday. He was forced into retirement last week in the wake of the attack.

In prepared remarks posted Monday, Smith said the hack was possible because someone in Equifax's security department didn’t patch a flaw the company had been alerted to by the U.S. Computer Emergency Readiness Team.

A scan performed later to check that the patch had been implemented failed to detect that it hadn’t, Smith said. He gave no reason why the company's workers failed to install the so-called Apache Struts upgrade.

" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"Didn't vote for Hillary Clinton? Then you own [insert horrible act here]."

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

#72 indy

    Advanced Member

  • Members
  • PipPipPip
  • 8356 posts

Posted 03 October 2017 - 08:26 PM

Verizon, who purchased Yahoo, revealed that Yahoo didn't disclose the full extent of their breach either. Verizon says that every single yahoo account was compromised.

#73 baw1064

    formerly of the public sector

  • Members
  • PipPipPip
  • 3597 posts
  • LocationEarthquakes, tsunamis, and volcanos--oh my!

Posted 03 October 2017 - 08:45 PM

View PostD. C. Sessions, on 03 October 2017 - 06:04 AM, said:

Nothing wrong with the SSN as it was originally -- time was, it was illegal to use it for anything other than SS. Now? It's routinely used as a identity-securing secret. Which is insane.

By all means insist on something else. But leave the SSN alone, because it's supposed to be a cradle-to-grave identifier and there will have to be something equivalent regardless.

Seems I'm not the only one having this idea (although I'm completely discounting the Trump White House and Equifax as credible on...well, anything).

https://www.bloomber...mbers-should-go
“Unless someone like you cares a whole awful lot, Nothing is going to get better. It's not.” --Dr. Seuss

#74 andydp

    Advanced Member

  • Members
  • PipPipPip
  • 2566 posts
  • LocationUpstate NY near Albany

Posted 03 October 2017 - 08:50 PM

Just to show they’re not going to let a little hack job get in the way...

IRS awards multimillion-dollar fraud-prevention contract to Equifax

http://www.politico....243419?cmpid=sf
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.

Rev Martin Luther King Jr.


Obamacare took my guns away and put me in a FEMA reeducation camp.

Anonymous

#75 baw1064

    formerly of the public sector

  • Members
  • PipPipPip
  • 3597 posts
  • LocationEarthquakes, tsunamis, and volcanos--oh my!

Posted 03 October 2017 - 09:05 PM

View Postandydp, on 03 October 2017 - 08:50 PM, said:

Just to show they’re not going to let a little hack job get in the way...

IRS awards multimillion-dollar fraud-prevention contract to Equifax

http://www.politico....243419?cmpid=sf

You can't make this stuff up!
“Unless someone like you cares a whole awful lot, Nothing is going to get better. It's not.” --Dr. Seuss

#76 indy

    Advanced Member

  • Members
  • PipPipPip
  • 8356 posts

Posted 04 October 2017 - 08:02 AM

Just a heads up on the next beachhead in this particular scuffle.

There are now companies 'specializing' in being 'aggregators' of your info. So, for example, in my particular case, my bank will allow me to link all my outside financial accounts, such as credit cards, retirement accounts, mortgages, other bank accounts, etc. 'as a convenience' to me that will allow me to see my overall financial status in one place. Some apps like Mint will do this as well.

Except, in the fine print, they tell you there is an outside company doing all this. They simple send all your credentials to them, and they disclaim any responsibility otherwise, except to skim off info they use to upsell services to you.

So, there is your target if you are a hacker, and a pot of gold for the marketers, and an extreme headache in the making. And they manage to get people just to give it to them.

[Needless to say, I hope, I passed on this particular convenience.]

#77 AnBr

    Advanced Member

  • Members
  • PipPipPip
  • 10266 posts

Posted 04 October 2017 - 10:18 AM

Reminds me of when Apple had people link all of their online accounts to their Apple accounts. The end result was that one hacked (non-Apple) account ended up allowing the hackers access to the victim's iPhone.
"Science is more than a body of knowledge; it is a way of thinking. I have a foreboding of an America in my children's or grandchildren's time - when the United States is a service and information economy; when nearly all the key manufacturing industries have slipped away to other countries; when awesome technological powers arc in the hands of a very few, and no one representing the public interest can even grasp the issues; when the people have lost the ability to set their own agendas or knowledgeably question those in authority; when, clutching our crystals and nervously consulting our horoscopes, our critical faculties in decline, unable to distinguish between what feels good and what's true, we slide, almost without noticing, back into superstition and darkness.

— Carl Sagan
The Demon-Haunted World: Science as a Candle in the Dark
1995

#78 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 17743 posts
  • LocationPennsylvania

Posted 04 October 2017 - 10:45 AM

View Postindy, on 04 October 2017 - 08:02 AM, said:

Just a heads up on the next beachhead in this particular scuffle.

There are now companies 'specializing' in being 'aggregators' of your info. So, for example, in my particular case, my bank will allow me to link all my outside financial accounts, such as credit cards, retirement accounts, mortgages, other bank accounts, etc. 'as a convenience' to me that will allow me to see my overall financial status in one place. Some apps like Mint will do this as well.

Except, in the fine print, they tell you there is an outside company doing all this. They simple send all your credentials to them, and they disclaim any responsibility otherwise, except to skim off info they use to upsell services to you.

So, there is your target if you are a hacker, and a pot of gold for the marketers, and an extreme headache in the making. And they manage to get people just to give it to them.

[Needless to say, I hope, I passed on this particular convenience.]

I have a lot of knowledge about how this works. The software that gets the account data is generally acquiring in one of two ways; a direct connection to a financial institution or actually logging in to the institution's website and parsing the data right out of the page's rendered HTML. The former is fairly secure but the latter is a bit scarier. To create or update a web page parser they need somebody's live user and password since the institution has no interest in supplying a fake test account. Oh, yeah. And it's quite possible that at least one company doing this is using offshore resources.
" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"Didn't vote for Hillary Clinton? Then you own [insert horrible act here]."

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

#79 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 17743 posts
  • LocationPennsylvania

Posted 12 October 2017 - 02:27 PM

These assholes leak data like a sieve ... with a big hole cut in the bottom!

Quote

Equifax Inc has taken one of its web pages offline as its security team looks into reports of another potential cyber breach, the credit reporting company, which recently disclosed a hack that compromised the sensitive information of 145.5 million people, said on Thursday.

The move came after an independent security analyst on Wednesday found Equifax’s website was under the control of attackers trying to trick visitors into installing fraudulent Adobe Flash updates that could infected computers with malware, the technology news website Ars Technica reported.

EDIT: Here's the more detailed article.
" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"Didn't vote for Hillary Clinton? Then you own [insert horrible act here]."

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer

#80 LFC

    Fiscal Conservative

  • Members
  • PipPipPip
  • 17743 posts
  • LocationPennsylvania

Posted 13 October 2017 - 10:18 AM

Explanation of why Equifax got the IRS contract. I suspect the IRS is looking for an alternate vendor as we speak.
" 'Individual conscience' means that women only get contraceptives if their employers, their physicians, their pharmacists, their husbands and/or fathers, pastors, and possibly their mayors, Governors, State Secretaries of Health, Congressmen, Senators, and President all agree that in that particular case they're justifiable." --D.C. Sessions

"Didn't vote for Hillary Clinton? Then you own [insert horrible act here]."

"That's the problem with being implacable foes - no one has any incentive to treat you as anything more than an obstacle to be overcome."

"The 'Road to Serfdom' is really all right turns." --Progressive Whisperer





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users