Equifax data breach... biggest ever.

Post Reply
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

 
LA Times...
Credit giant Equifax says Social Security numbers, birth dates of 143 million consumers may have been exposed

QuoteEquifax, one of the nation’s three major credit reporting firms, announced Thursday that its computer systems had been breached, leading to the unauthorized accessing of Social Security numbers and birth dates of up to 143 million U.S. consumers...

...Besides Social Security numbers and birth dates, the accessed information “primarily” includes names, addresses and, in some cases, driver’s license numbers, according to the company...

QuoteEric Gibbs, whose law firm is involved in a consumer lawsuit against Experian over a 2015 breach affecting 15 million people, said the Equifax situation may end up fitting into a pattern.

“The one thing that has held consistent in recent years is there’s substandard internal practices that lead to these breaches,” said Gibbs, a partner at Girard Gibbs. “Time and time again, the [breaches] are then blamed on sophisticated hackers. But the sophistication of the hacker doesn’t have to do with it, it’s the internal practices.”
Sounds bad.
 
The big danger seems to be people using the info to open new credit accounts in your name, for which you get stuck with paying or pursued for collection.
 
If you're like me and rarely need to let anyone do a credit check on you, this advice from the NYT sounds wise...
 

 
QuoteWhat if I’m certain my data has been stolen from Equifax?
 
Set yourself up with fraud alerts in case someone tries to apply for credit in your name. To be safe, do this at all three credit reporting agencies, Equifax, Experian and TransUnion.


Then, consider spending a few dollars to set up security freezes at Equifax, Experian and TransUnion. This will lock down your credit files permanently, so that only companies that you currently do business with can see them. That way, if a thief applies for credit in your name, the company getting the application will not be able to access your credit file. No file means no new account. You will be able to temporarily open them each time you want to apply for new credit.


 
I just did the Security Freezes.  They were $10 apiece.


ttf_Baron von Bone
Posts: 0
Joined: Sat Mar 31, 2018 11:59 am

Equifax data breach... biggest ever.

Post by ttf_Baron von Bone »

The cost of freezing and unfreezing your credit depends upon which state you live in. Here in GA it's $5.00ea, both for freezing and unfreezing.
 
It's not really a hassle--just make sure you have your PIN numbers. When you unfreeze your credit you can just unfreeze at the bureau that will be checked for a specified number of days.
 
My wife and I have had our credit frozen for several years now. Aside from once, recently, when Equifax had some sort of "known issue" with unfreezing my credit for a check, we've had no problems ... but then we don't often have a need to unfreeze.
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

And those PIN numbers are essential. They only reveal them to you at the end of the enrollment process, they don't email them to you so need to copy them down and store them safely or you'll be stuck.
ttf_JESimmons
Posts: 0
Joined: Sat Mar 31, 2018 11:57 am

Equifax data breach... biggest ever.

Post by ttf_JESimmons »

I saw a news story that seemed to say that if you sign up for the free monitoring service Equifax is offering, you wave any claims for damages against the company. I could be wrong about this but read everything concerning the offer.
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

Quote from: JESimmons on Today at 03:49 AMI saw a news story that seemed to say that if you sign up for the free monitoring service Equifax is offering, you wave any claims for damages against the company. I could be wrong about this but read everything concerning the offer.

Equifax has come back to say that the arbitration agreement only applies to the monitoring service and not claims on the data breach, but the wording seemed unspecific enough that I wonder if they thought they might get away with it.
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

However... the credit monitoring offer still requires a credit card to sign up and they'll start charging you automatically if you don't cancel before the free year is up.

Equifax Is Trying To Make Money Off Its Massive Security Failure
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

Just when you thought it was safe to trust the big credit corporation that couldn't be trusted...

After Equifax Breach, Here’s Your Next Worry: Weak PINs

QuoteWhen Helene Muller-Landau first heard the news about the Equifax security breach, she set about freezing her credit files and those of her husband and mother.

Very quickly, however, Ms. Muller-Landau, a Smithsonian research scientist, noticed something strange: The personal identification numbers that Equifax was assigning her family members (to use for eventually lifting the freezes) were awfully similar.

At first, she thought it was a mistake. Maybe it had to do with the fact that she was in Panama, or that her web browsers were acting up. But no: The Equifax PINs are based on the date and time that you set up your freeze.

“The whole point of a 10-digit PIN is that it’s supposed to be hard to guess,” she said. “And then, they have this totally transparent algorithm for assigning them.”
ttf_harrison.t.reed
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_harrison.t.reed »

What percentage of Americans with credit cards does that 143 million number represent? 99.9%?
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

Quote from: harrison.t.reed on Today at 12:13 PMWhat percentage of Americans with credit cards does that 143 million number represent? 99.9%?

This site says there were 167 Million credit card holders in the US in 2014 out of 235 million adult consumers.

However, the information lost isn't necessarily on people with credit cards. It could be anyone with a credit history. Certainly bill payment history, debts in collection... court judgements, liens?
ttf_harrison.t.reed
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_harrison.t.reed »

Yeah it's still a high enough number to be all but certain that if you're an adult in the US, your personally identifiable info has been stolen.

7/7.2 or 7/8 are bad odds
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

What’s Struts Got to Do with It?


QuoteAccording to a report on the data breach by William Baird & Co., the hackers used a flaw in open source Apache Struts software. The source of this information was not provided, but there have in fact, been two major Apache Struts vulnerabilities disclosed in 2017: one in March and the other - CVE-2017-9805 -  (coincidentally) on September 4 - just a  few days prior to Equifax’s data breach announcement.

The Apache Struts Web Framework is an extremely popular programming framework for building web applications in Java. The most recent vulnerability, according to a report in lgtm.com, has existed in Struts since 2008. The security experts who discovered the vulnerability warned: “At least 65% of the Fortune 100 companies are actively using web applications built with the Struts framework. Organizations like Lockheed Martin, the IRS, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot, and SHOWTIME are known to have developed applications using the framework. This illustrates how widespread the risk is.”
Including the IRS. So maybe we will see those tax returns, after all!


ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

I have not investigated this development to ascertain if this company which I'm previously unfamiliar with has a useful solution to your troubles. 

None-the-less, FYI...

Credit Karma to launch free ID monitoring following Equifax hack
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

Broad horizons for music majors...

Equifax hired a music major as chief security officer

QuoteWhen Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company’s data security.

And then they might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldin’s lack of educational qualifications since the data breach became public.
QuoteEquifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.

This is the person who was in charge of keeping your personal and financial data safe — and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.

As a person with a music degree who then made a career in something technical I have some sympathy for her but the most data I ever lost was a ZIP disk.
ttf_Baron von Bone
Posts: 0
Joined: Sat Mar 31, 2018 11:59 am

Equifax data breach... biggest ever.

Post by ttf_Baron von Bone »

Quote from: robcat2075 on Yesterday at 07:47 AMBroad horizons for music majors...
 
Equifax hired a music major as chief security officer
 
As a person with a music degree who then made a career in something technical I have some sympathy for her but the most data I ever lost was a ZIP disk.
Obviously that's fake news ... UGA has a great music school.
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

Someone Made a Fake Equifax Site. Then Equifax Linked to It.

Quote“Their site is dangerously easy to impersonate,” Mr. Sweeting said in an email, noting that he had created the site solely to draw attention to the weakness of Equifax’s security. “It only took me 20 minutes to build my clone. I can guarantee there are real malicious phishing versions already out there.”

“It’s in everyone’s interest to get Equifax to change this site to a reputable domain,” he added. “I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.”
ttf_robcat2075
Posts: 0
Joined: Sat Mar 31, 2018 11:58 am

Equifax data breach... biggest ever.

Post by ttf_robcat2075 »

Someone Made a Fake Equifax Site. Then Equifax Linked to It.

Quote“Their site is dangerously easy to impersonate,” Mr. Sweeting said in an email, noting that he had created the site solely to draw attention to the weakness of Equifax’s security. “It only took me 20 minutes to build my clone. I can guarantee there are real malicious phishing versions already out there.”

“It’s in everyone’s interest to get Equifax to change this site to a reputable domain,” he added. “I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.”
Post Reply

Return to “Chit-Chat”