Equifax data breach... biggest ever.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
LA Times...
Credit giant Equifax says Social Security numbers, birth dates of 143 million consumers may have been exposed
QuoteEquifax, one of the nations three major credit reporting firms, announced Thursday that its computer systems had been breached, leading to the unauthorized accessing of Social Security numbers and birth dates of up to 143 million U.S. consumers...
...Besides Social Security numbers and birth dates, the accessed information primarily includes names, addresses and, in some cases, drivers license numbers, according to the company...
QuoteEric Gibbs, whose law firm is involved in a consumer lawsuit against Experian over a 2015 breach affecting 15 million people, said the Equifax situation may end up fitting into a pattern.
The one thing that has held consistent in recent years is theres substandard internal practices that lead to these breaches, said Gibbs, a partner at Girard Gibbs. Time and time again, the [breaches] are then blamed on sophisticated hackers. But the sophistication of the hacker doesnt have to do with it, its the internal practices.
Sounds bad.
The big danger seems to be people using the info to open new credit accounts in your name, for which you get stuck with paying or pursued for collection.
If you're like me and rarely need to let anyone do a credit check on you, this advice from the NYT sounds wise...
QuoteWhat if Im certain my data has been stolen from Equifax?
Set yourself up with fraud alerts in case someone tries to apply for credit in your name. To be safe, do this at all three credit reporting agencies, Equifax, Experian and TransUnion.
Then, consider spending a few dollars to set up security freezes at Equifax, Experian and TransUnion. This will lock down your credit files permanently, so that only companies that you currently do business with can see them. That way, if a thief applies for credit in your name, the company getting the application will not be able to access your credit file. No file means no new account. You will be able to temporarily open them each time you want to apply for new credit.
I just did the Security Freezes. They were $10 apiece.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:59 am
Equifax data breach... biggest ever.
The cost of freezing and unfreezing your credit depends upon which state you live in. Here in GA it's $5.00ea, both for freezing and unfreezing.
It's not really a hassle--just make sure you have your PIN numbers. When you unfreeze your credit you can just unfreeze at the bureau that will be checked for a specified number of days.
My wife and I have had our credit frozen for several years now. Aside from once, recently, when Equifax had some sort of "known issue" with unfreezing my credit for a check, we've had no problems ... but then we don't often have a need to unfreeze.
It's not really a hassle--just make sure you have your PIN numbers. When you unfreeze your credit you can just unfreeze at the bureau that will be checked for a specified number of days.
My wife and I have had our credit frozen for several years now. Aside from once, recently, when Equifax had some sort of "known issue" with unfreezing my credit for a check, we've had no problems ... but then we don't often have a need to unfreeze.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
And those PIN numbers are essential. They only reveal them to you at the end of the enrollment process, they don't email them to you so need to copy them down and store them safely or you'll be stuck.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:57 am
Equifax data breach... biggest ever.
I saw a news story that seemed to say that if you sign up for the free monitoring service Equifax is offering, you wave any claims for damages against the company. I could be wrong about this but read everything concerning the offer.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
Quote from: JESimmons on Today at 03:49 AMI saw a news story that seemed to say that if you sign up for the free monitoring service Equifax is offering, you wave any claims for damages against the company. I could be wrong about this but read everything concerning the offer.
Equifax has come back to say that the arbitration agreement only applies to the monitoring service and not claims on the data breach, but the wording seemed unspecific enough that I wonder if they thought they might get away with it.
Equifax has come back to say that the arbitration agreement only applies to the monitoring service and not claims on the data breach, but the wording seemed unspecific enough that I wonder if they thought they might get away with it.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
However... the credit monitoring offer still requires a credit card to sign up and they'll start charging you automatically if you don't cancel before the free year is up.
Equifax Is Trying To Make Money Off Its Massive Security Failure
Equifax Is Trying To Make Money Off Its Massive Security Failure
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
Just when you thought it was safe to trust the big credit corporation that couldn't be trusted...
After Equifax Breach, Heres Your Next Worry: Weak PINs
QuoteWhen Helene Muller-Landau first heard the news about the Equifax security breach, she set about freezing her credit files and those of her husband and mother.
Very quickly, however, Ms. Muller-Landau, a Smithsonian research scientist, noticed something strange: The personal identification numbers that Equifax was assigning her family members (to use for eventually lifting the freezes) were awfully similar.
At first, she thought it was a mistake. Maybe it had to do with the fact that she was in Panama, or that her web browsers were acting up. But no: The Equifax PINs are based on the date and time that you set up your freeze.
The whole point of a 10-digit PIN is that its supposed to be hard to guess, she said. And then, they have this totally transparent algorithm for assigning them.
After Equifax Breach, Heres Your Next Worry: Weak PINs
QuoteWhen Helene Muller-Landau first heard the news about the Equifax security breach, she set about freezing her credit files and those of her husband and mother.
Very quickly, however, Ms. Muller-Landau, a Smithsonian research scientist, noticed something strange: The personal identification numbers that Equifax was assigning her family members (to use for eventually lifting the freezes) were awfully similar.
At first, she thought it was a mistake. Maybe it had to do with the fact that she was in Panama, or that her web browsers were acting up. But no: The Equifax PINs are based on the date and time that you set up your freeze.
The whole point of a 10-digit PIN is that its supposed to be hard to guess, she said. And then, they have this totally transparent algorithm for assigning them.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
What percentage of Americans with credit cards does that 143 million number represent? 99.9%?
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
Quote from: harrison.t.reed on Today at 12:13 PMWhat percentage of Americans with credit cards does that 143 million number represent? 99.9%?
This site says there were 167 Million credit card holders in the US in 2014 out of 235 million adult consumers.
However, the information lost isn't necessarily on people with credit cards. It could be anyone with a credit history. Certainly bill payment history, debts in collection... court judgements, liens?
This site says there were 167 Million credit card holders in the US in 2014 out of 235 million adult consumers.
However, the information lost isn't necessarily on people with credit cards. It could be anyone with a credit history. Certainly bill payment history, debts in collection... court judgements, liens?
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
Yeah it's still a high enough number to be all but certain that if you're an adult in the US, your personally identifiable info has been stolen.
7/7.2 or 7/8 are bad odds
7/7.2 or 7/8 are bad odds
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
Whats Struts Got to Do with It?
QuoteAccording to a report on the data breach by William Baird & Co., the hackers used a flaw in open source Apache Struts software. The source of this information was not provided, but there have in fact, been two major Apache Struts vulnerabilities disclosed in 2017: one in March and the other - CVE-2017-9805 - (coincidentally) on September 4 - just a few days prior to Equifaxs data breach announcement.
The Apache Struts Web Framework is an extremely popular programming framework for building web applications in Java. The most recent vulnerability, according to a report in lgtm.com, has existed in Struts since 2008. The security experts who discovered the vulnerability warned: At least 65% of the Fortune 100 companies are actively using web applications built with the Struts framework. Organizations like Lockheed Martin, the IRS, Citigroup, Vodafone, Virgin Atlantic, Readers Digest, Office Depot, and SHOWTIME are known to have developed applications using the framework. This illustrates how widespread the risk is.
Including the IRS. So maybe we will see those tax returns, after all!
QuoteAccording to a report on the data breach by William Baird & Co., the hackers used a flaw in open source Apache Struts software. The source of this information was not provided, but there have in fact, been two major Apache Struts vulnerabilities disclosed in 2017: one in March and the other - CVE-2017-9805 - (coincidentally) on September 4 - just a few days prior to Equifaxs data breach announcement.
The Apache Struts Web Framework is an extremely popular programming framework for building web applications in Java. The most recent vulnerability, according to a report in lgtm.com, has existed in Struts since 2008. The security experts who discovered the vulnerability warned: At least 65% of the Fortune 100 companies are actively using web applications built with the Struts framework. Organizations like Lockheed Martin, the IRS, Citigroup, Vodafone, Virgin Atlantic, Readers Digest, Office Depot, and SHOWTIME are known to have developed applications using the framework. This illustrates how widespread the risk is.
Including the IRS. So maybe we will see those tax returns, after all!
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
I have not investigated this development to ascertain if this company which I'm previously unfamiliar with has a useful solution to your troubles.
None-the-less, FYI...
Credit Karma to launch free ID monitoring following Equifax hack
None-the-less, FYI...
Credit Karma to launch free ID monitoring following Equifax hack
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
Broad horizons for music majors...
Equifax hired a music major as chief security officer
QuoteWhen Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the companys data security.
And then they might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldins lack of educational qualifications since the data breach became public.
QuoteEquifax Chief Security Officer Susan Mauldin has a bachelors degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.
This is the person who was in charge of keeping your personal and financial data safe and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.
As a person with a music degree who then made a career in something technical I have some sympathy for her but the most data I ever lost was a ZIP disk.
Equifax hired a music major as chief security officer
QuoteWhen Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the companys data security.
And then they might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldins lack of educational qualifications since the data breach became public.
QuoteEquifax Chief Security Officer Susan Mauldin has a bachelors degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.
This is the person who was in charge of keeping your personal and financial data safe and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.
As a person with a music degree who then made a career in something technical I have some sympathy for her but the most data I ever lost was a ZIP disk.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:59 am
Equifax data breach... biggest ever.
Quote from: robcat2075 on Yesterday at 07:47 AMBroad horizons for music majors...
Equifax hired a music major as chief security officer
As a person with a music degree who then made a career in something technical I have some sympathy for her but the most data I ever lost was a ZIP disk.
Obviously that's fake news ... UGA has a great music school.
Equifax hired a music major as chief security officer
As a person with a music degree who then made a career in something technical I have some sympathy for her but the most data I ever lost was a ZIP disk.
Obviously that's fake news ... UGA has a great music school.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
Someone Made a Fake Equifax Site. Then Equifax Linked to It.
QuoteTheir site is dangerously easy to impersonate, Mr. Sweeting said in an email, noting that he had created the site solely to draw attention to the weakness of Equifaxs security. It only took me 20 minutes to build my clone. I can guarantee there are real malicious phishing versions already out there.
Its in everyones interest to get Equifax to change this site to a reputable domain, he added. I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.
QuoteTheir site is dangerously easy to impersonate, Mr. Sweeting said in an email, noting that he had created the site solely to draw attention to the weakness of Equifaxs security. It only took me 20 minutes to build my clone. I can guarantee there are real malicious phishing versions already out there.
Its in everyones interest to get Equifax to change this site to a reputable domain, he added. I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.
-
- Posts: 0
- Joined: Sat Mar 31, 2018 11:58 am
Equifax data breach... biggest ever.
Someone Made a Fake Equifax Site. Then Equifax Linked to It.
QuoteTheir site is dangerously easy to impersonate, Mr. Sweeting said in an email, noting that he had created the site solely to draw attention to the weakness of Equifaxs security. It only took me 20 minutes to build my clone. I can guarantee there are real malicious phishing versions already out there.
Its in everyones interest to get Equifax to change this site to a reputable domain, he added. I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.
QuoteTheir site is dangerously easy to impersonate, Mr. Sweeting said in an email, noting that he had created the site solely to draw attention to the weakness of Equifaxs security. It only took me 20 minutes to build my clone. I can guarantee there are real malicious phishing versions already out there.
Its in everyones interest to get Equifax to change this site to a reputable domain, he added. I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.