Equifax Data Breach – A Serious Problem

User avatar
A440
Posts: 2275
Joined: Sat Nov 20, 2010 1:56 am

Equifax Data Breach – A Serious Problem

Post by A440 » Fri Sep 08, 2017 4:18 pm

Equifax – a well-known American credit rating agency has been hacked due to a security weakness on their part. Up to 143 million records have been breached, which includes social security ID numbers, driver's licenses, addresses, etc.

This is also not the first breach they have experienced.

To quote one victim:The lack of security is appalling and the time it took Equifax to make the breach public is inexcusable. And their "help" is just as bad. I used the link from this article and found that my data may have been breached. I've spent the last hour trying to enroll in the Equifax complimentary ID protection service. The site does not work, it puts you into a repeating loop that goes nowhere. The phone number dedicated to what Equifax calls "the incident" hung up on me each of the five times I tried calling. Regular customer service people have no answers.
This is ridiculous. An entity that has tremendous power over people's lives via their scores and reports needs to be far, far, far better than this. I'm disgusted.


nytimes.com/2017/09/07/business/equifax-cyberattack.html

Equifax has far too good a rating, at this time, considering its problems with both security and privacy concerns and IMHO, should be downgraded in trustworthiness.

https://www.mywot.com/en/scorecard/equifax.com
Dislike (-0)

User avatar
NotBuyingIt
Posts: 3199
Joined: Fri Mar 11, 2011 6:21 pm

RE: Equifax Data Breach – A Serious Problem

Post by NotBuyingIt » Fri Sep 08, 2017 4:38 pm

See also, https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/
[T]he site Equifax has available for people to see whether they were impacted by the breach may not actually tell you whether you were affected. When I entered the last six digits of my SSN and my last name, the site threw a “system unavailable” page, asking me to try again later. I have the impression that American citizens who were unaware that Equifax stored any of their personal or financial data are now being asked to trust Equifax with even more of their data.

[Added 15-September 2017] I should further note that about 400.000 Brits may be similarly affected by the data breech. I have no idea what recourse they have.

 
Data that is stored in the cloud may become lost in the fog.
Dislike (-0)

Site-rater
Posts: 2810
Joined: Tue Sep 15, 2009 7:48 pm

RE: Equifax Data Breach – A Serious Problem

Post by Site-rater » Fri Sep 08, 2017 6:39 pm

Do credit reporting agencies even get audited for PCI-DSS security standards?

If not, it is beyond time they get severely audited.

Wow, luckily those "Equifax" certificates aren't owned by Equifax anymore. Or else we would have to alert the CA/B Forum of a potential breach.
Dislike (-0)

User avatar
A440
Posts: 2275
Joined: Sat Nov 20, 2010 1:56 am

RE: Equifax Data Breach – A Serious Problem

Post by A440 » Sat Sep 09, 2017 2:01 am

Here is another reason I think Equifax's score should be downgraded:

marketwatch.com/story/why-some-equifax-customers-have-unwittingly-waived-their-rights-to-a-class-action-lawsuit-2017-09-08


huffingtonpost.com/entry/equifax-breach-2017_us_59b2dae8e4b0b5e531062976?746
Dislike (-0)

User avatar
Myxt
Posts: 1989
Joined: Sat Mar 05, 2011 6:18 am

RE: Equifax Data Breach – A Serious Problem

Post by Myxt » Sat Sep 09, 2017 9:02 am

At equifaxsecurity2017.com read item: 2). NO WAIVER OF RIGHTS FOR THIS CYBER SECURITY INCIDENT
Dislike (-0)

User avatar
A440
Posts: 2275
Joined: Sat Nov 20, 2010 1:56 am

RE: Equifax Data Breach – A Serious Problem

Post by A440 » Sat Sep 09, 2017 9:08 am


At equifaxsecurity2017.com read item: 2). NO WAIVER OF RIGHTS FOR THIS CYBER SECURITY INCIDENT
. . . which means that Equifax is lying in their social media responses regarding this incident.

Also noted (what to do to protect yourself):

nytimes.com/2017/09/08/your-money/identity-theft/equifaxs-instructions-are-confusing-heres-what-to-do-now.html

. . . Equifax should have made the monitoring last forever (one-year monitoring due to this breach). Since it didn’t, it will now be able to solicit everyone who signs up for its year of free service and what do you want to bet that the company will offer an extension bright and early on day 366 for, say, $16.95 per month?
So, yes, your worst suspicions are now confirmed. Equifax may actually make money on this breach.
Dislike (-0)

Site-rater
Posts: 2810
Joined: Tue Sep 15, 2009 7:48 pm

RE: Equifax Data Breach – A Serious Problem

Post by Site-rater » Sat Sep 09, 2017 4:32 pm

Wonder why they hid that new domain behind Cloudflare rather than using the IP space they own?
Dislike (-0)

User avatar
Myxt
Posts: 1989
Joined: Sat Mar 05, 2011 6:18 am

RE: Equifax Data Breach – A Serious Problem

Post by Myxt » Sat Sep 09, 2017 7:16 pm

Echo from 2013:
_http://krebsonsecurity.com/2014/03/experian-lapse-allowed-id-theft-service-to-access-200-million-consumer-records/
If I remember correctly, Experian is used by the ACA and SSA to verify you are a real person. If you have no debt, you're not real.
Dislike (-0)

User avatar
nova7
Posts: 252
Joined: Fri Apr 06, 2012 11:32 pm

RE: Equifax Data Breach – A Serious Problem

Post by nova7 » Sun Sep 10, 2017 8:33 am


Wonder why they hid that new domain behind Cloudflare rather than using the IP space they own?


1. I liken this to the more and more common default philosophy that every lame homepage and every other lame page at a site has to be HTTPS. Secure, secure, secure, breach.
2. And, or, one biz working in the non-good for the public, breached of people's data that didn't lose their data themselves; Equifax lost it for the customers. Giving more non-good for the public biz to another biz working in the non-good for the public--another example of a Web of Non-good For The Public.
3. We, Equifax, have already been breached once, let's lay out even more "security" on this new site since we couldn't secure data on the site under our control--obviously we can't secure a site running the network the way we were, while retaining the breached network under their control.
4. Now that the general public will be massively querying the lookup page to determine whether each person had breached data, we, Equifax, need capability (ies) that we can't provide with our existing network--greater page caching, greater same-time page querying by many times our normal traffic flow of users, etc.
Dislike (-0)

User avatar
A440
Posts: 2275
Joined: Sat Nov 20, 2010 1:56 am

RE: Equifax Data Breach – A Serious Problem

Post by A440 » Tue Sep 12, 2017 3:51 am

Geez:

www.nytimes.com/2017/09/11/opinion/equifax-accountability-security.html
Dislike (-0)

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests