Equifax Hacked! The Mother Of All Hacks?

[ritchie58]

One of the three major U.S. credit reporting agencys, Equifax, has been hacked! Equifax admitted to the breach today but they knew about it "at the very least"  back in July 29th. Why it took so long for Equifax to admit to the breach? Your guess is as good as mine. My opinion is they should have alerted consumers much sooner of the possibility that their personal information may have been compromised. I find that untenable considering the scope of the breach. Some questions need to be answered there.

 

It is estimated that 143 million American's personal information may have been compromised! That's not a type o, "143 million people, that's almost half of the U.S. population!" This also includes some people in the U.K. & Canada.

 

The data that may have been compromised includes names, addresses, dates of birth, social security numbers and even some driver's license information. Also an estimated 209,000 consumers may have had their credit card info stolen. "Yikes!" Equifax claims that data from businesses was not affected as far as their "current research" has determined. 

 

The FBI is investigating this breach. Equifax has also hired a private cyber-security firm to do their own investigation.

 

Equifax is doing some "damage control" by offering free one year credit monitoring & identity theft protection for anyone whose information may have been stolen. Here is a link to Equifax if you wish to find out if you were affected and to enroll in the program if you were unfortunate enough to be one of the victims of this hack. There is a deadline to enroll, you have until November 21st to sign up for the service. https://www.equifaxsecurity2017.com/enroll/

 

Edit: There was a down side to singing up for Equifax's monitoring service. You had to agree to waive your arbitration rights which means you can not file or participate in a class-action law suit against the company but as of Friday they rescinded that requirement amid a backlash of protests.

 

Regards, Ritchie...

[ritchie58]

Here is an article from Reuters News Service that has additional information on the breach. https://www.reuters.com/article/us-equifax-cyber/equifax-says-details-of-143-million-consumers-potentially-hacked-idUSKCN1BI2VK

[ritchie58]

I'm rather dismayed how some entities in the media are treating this issue. My local newspaper, for instance, had a very small two paragraph article in the back pages.

 

I guess with Irma barrelling down on Florida that takes president as it should. 

[ritchie58]

Here is another article published today by the Associated Press concerning the breach.

 

NEW YORK (AP) - A day after credit-reporting company Equifax disclosed that "criminals" had stolen vital data about 143 million Americans, it had somehow managed to leave much of the public in the dark about their exposure, how they should protect themselves and what Equifax planned to do for those affected.

 

The breach is unquestionably serious. It exposed crucial pieces of personal data that criminals could use to commit identity theft, from Social Security numbers and birthdates to address histories and legal names.

That data - the "crown jewels of personal information," in the words of independent credit analyst John Ulzheimer - can't be changed, and once it's in circulation, it's basically out there forever.

But Equifax's response has satisfied almost no one.

 

UNHAPPINESS EVERYWHERE

Consumers complained of jammed phone lines and uninformed representatives. An Equifax website set up to help people determine their exposure looked like a scam to some, and provided inconsistent and unhelpful information to others. Congress planned hearings.

Anders Ohlsson, a 47-year-old technical manager in Scotts Valley, California, called a hotline multiple times and was disconnected; entered the last six digits of his Social Security number into Equifax's emergency website; and finally spoke with a call center manager. He still doesn't know whether his information has been compromised.

"I don't think I've gotten hold of a person that actually cares," he said. "Now they're fumbling to tell people what's going on. But they really don't know what's going on."

Equifax plays a key role in the financial industry, making this breach more alarming than previous ones at Yahoo or retailers. The company is a storehouse of personal information, like how much people owe on their houses and whether they have court judgments against them.

Lenders rely on the information collected by three big credit bureaus - Equifax, TransUnion and Experian - to help them decide on financing for homes, cars and credit cards. Credit checks are sometimes done by employers when deciding whom to hire for a job.

 

 

WHAT YOU CAN DO

Even if you don't know if you're one of the 143 million, you might want to consider extreme protective measures.

Your strongest immediate option involves placing a credit freeze on their files with the major credit bureaus. That locks down your information, making it impossible for outsiders to open new accounts and bank cards in your name. But it also blocks you from opening new accounts, and might involve fees depending on the state you live in.

"The credit freeze is the nuclear option of credit protection," said Matt Schulz, an analyst with CreditCards.com. "But in the wake of a breach this big, it's worth considering."

You should also be more diligent about checking your credit reports, where you can see if anyone has opened unauthorized accounts in your name . You can get those files for free once a year from the three major bureaus; use the official site, annualcreditreport.com .

It's best to spread those requests out by getting one every four months. And you'll need to be ready to keep checking for a while - potentially years.

"Bad guys can be very patient with data," Schulz said.

If you're not ready for the freeze, Ulzheimer recommends setting up fraud alerts on your files. These force creditors to contact you directly, usually by phone, for approval before approving an account.

And if you've been a victim of repeated identity fraud, you can request a new Social Security number with the Social Security Administration.

In addition to the emergency Equifax website, https://www.equifaxsecurity2017.com/, you can also call 866-447-7559 for information. The company also says it will send mail to all who had personally identifiable information stolen.

 

HOW EQUIFAX REACTED

Any data breach threatens to tarnish a company's reputation, but Equifax hasn't done much to minimize that damage.

Atlanta-based Equifax said Thursday the breach took place between mid-May and July of this year. It discovered the hack July 29, but waited until Thursday to warn consumers. Its communications with the public have so far been limited to official statements.

Then there's the company's emergency-information website. To Georgia Weidman, founder and chief technology officer for security firm Shevirah, it looks a lot like the kind of site scammers would use to trick people into giving up passwords or other crucial information.

"It's teaching people entirely the wrong things about using the internet securely," Weidman said. She said says she's also troubled by Equifax's approach to security generally, including reports that it didn't respond to basic scripting bugs it was warned about last year.

Company officials are also under scrutiny. Three Equifax executives sold shares worth a combined $1.8 million just a few days after the company discovered the breach, according to documents filed with securities regulators. Equifax said the three executives - one of them the company's chief financial officer - didn't know about the breach at the time of the sales, but didn't answer further questions.

Equifax's security lapse could be the largest theft involving Social Security numbers, one of the most common ways to confirm a person's identity in the U.S. It eclipses a 2015 hack at health insurer Anthem Inc. that involved the Social Security numbers of about 80 million people .

FALLOUT

Washington regulators and politicians swiftly criticized Equifax, and Jeb Hensarling, chairman of the House Financial Services Committee, said he will call for congressional hearings.

An Equifax requirement that appeared to force affected customers into arbitration also drew a backlash. Democrats in the House and Senate called on the company to pull back from language that suggested anyone who signs up for credit monitoring also gives up their right to join a class-action lawsuit against Equifax.

The Consumer Financial Protection Bureau, the nation's chief watchdog for financial services, likewise blasted the arbitration requirement. The CFPB recently passed a rule requiring financial companies to let customers sue together when a large group has been wronged.

New York attorney general Eric Schneiderman said he was starting his own investigation.

After a day of all that, Equifax released a statement Friday evening declaring that the arbitration requirement and class-action waiver will not apply to this particular breach. The company also said it had fixed problems with the emergency website and tripled its call center team to over 2,000 agents.

Equifax shares fell about 13 percent to $123.75 in heavy trading. The decline equates to about $2.28 billion in lost market value.

___

AP Technology Writers Michael Liedtke and Ryan Nakashima in San Francisco, and Matt O'Brien in New York, contributed to this report.

[elzach]

Here's what's caused all of this: simple negligence. "Patches published months before the massive hack began apparently weren't applied before the hack."

https://www.cnet.com/news/equifax-blames-months-old-web-server-flaw-for-hack/

 

Time for the credit reporting bureaus to be regulated. 40 State AG offices are on them right now. It's unconscionable that they are NOT regulated, given that they hold the "holy grail" of personal data.

[ritchie58]

Your absolutely correct there elzach! These companys need to held accountable considering the fact that "they do not ask your permission" to compile and keep your personal information indefinitely.

 

I did hear about how Apache was warning them for months about possible web vulnerabilities by not installing security updates when they became available. "SHAME ON EQUIFAX!!!"

 

Some kind of government oversight just might be needed to assure that these "shadowy, secretive credit agencys" that (in my opinion) just steal your personal data for the benefit of the company and their own shareholders profits! "After all, that's what it's all about, making as much money as possible from individual American's personal data, they are "for profit" businesses!!!"
 

I've also heard that several Eqiuifax CEO's have already resigned because of this breach. How much do you wanna bet that they were handed "Golden Parachutes" so they can continue to live the lavish lifestyle that they have become accustomed to. It wouldn't surprise me one iota that nobody is actually held accountable or goes to jail over this breach when all is said and done.

 

It's time to shine a very bright light on these companys! BTW- my own Pa. state's AG's office was the first state to launch it's own investigation, one of the 40 you mentioned.

[ritchie58]

I read a AP news article in my local newspaper today that Equifax has admitted that an "additional 2.5 million more American, British & Canadian citizens" may also have had their personal information stolen! That brings the total to a staggering 145 and a half million consumers affected by this un-excusable breach! "This unbelievable story just keeps getting worse as time goes by!"
 

On another note: The top CEO of Equifax, Richard Smith, resigned last Tuesday. Just like the other executives that have already resigned Smith also got a "Golden Parachute" by the company in the name of $18.4 million dollars in retirement payouts! Not a bad payout for f*#@ing up, huh?

 

These corporate executives must think they're above the law when their respective companys seems to "reward them" for bad judgement or outright ethical/ilegal misconduct with no ultimate legal repercussions. No top CEO's ever went to jail for tanking our economy during the last Wall Street/banking fiasco, just another example.

 

Of course, in this country, if you're rich enough you can "buy all the justice you want" so what would be the point of trying to prosecute these people! Since money would no issue, they would just hire a "dream team" of lawyers and get out of it anyway, ultimately the average tax-payers having to foot the bill for the investigative & legal proceedings cost.

Some kind of legislation needs to be enacted so that these CEO's don't get off completely free while laughing all the way to the bank! This citizen/tax-payer wants some accountability, no one should be above the law regardless of how wealthy you are.

[Blanford]

Quote

I read this awesome Phenq news article in my local newspaper today that Equifax has admitted that an "additional 2.5 million more American, British & Canadian citizens" may also have had their personal information stolen! That brings the total to a staggering 145 and a half million consumers affected by this un-excusable breach! "This unbelievable story just keeps getting worse as time goes by!"

On another note: The top CEO of Equifax, Richard Smith, resigned last Tuesday. Just like the other executives that have already resigned Smith also got a "Golden Parachute" by the company in the name of $18.4 million dollars in retirement payouts! Not a bad payout for f*#@ing up, huh?

 

These corporate executives must think they're above the law when their respective companys seems to "reward them" for bad judgement or outright ethical/ilegal misconduct with no ultimate legal repercussions. No top CEO's ever went to jail for tanking our economy during the last Wall Street/banking fiasco, just another example.

 

Of course, in this country, if you're rich enough you can "buy all the justice you want" so what would be the point of trying to prosecute these people! Since money would no issue, they would just hire a "dream team" of lawyers and get out of it anyway, ultimately the average tax-payers having to foot the bill for the investigative & legal proceedings cost.

Some kind of legislation needs to be enacted so that these CEO's don't get off completely free while laughing all the way to the bank! This citizen/tax-payer wants some accountability, no one should be above the law regardless of how wealthy you are.

Reading about this sort of stuff makes me so anxious. I feel like most of it doesn't even get reported, or are they obligated to report incidents to the public?

[Rick Lipkin]

Equifax Website Hacked Again, this Time To Redirect To Fake Flash Update (arstechnica.com) .. from slashdot.org

 

Posted by msmash on Thursday October 12, 2017 @11:21AM from the fool-me-once dept.

For several hours on Wednesday Equifax's website was compromised again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers, reports Dan Goodin at Ars Technica. From the report:Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to contest what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp:centerbluray.info. He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the control of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once. Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits.Update: Equifax said on Thursday it was taking one of its web pages offline as its security team looks into reports of another potential cyber breach.

 

Equifax is just another in a long list of recent hacks .. shame on any company who puts data in a forward facing portal .. Put it out there and 'they will come'

 

Rick Lipkin

[ritchie58]

Thanks for the update on yet another major security screw-up from Equifax Rick! Like I said in a previous thread, this story just keeps getting worse as time goes by!