EEVblog Electronics Community Forum

General => General Chat => Topic started by: Jwalling on September 08, 2017, 07:41:33 pm

Title: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Jwalling on September 08, 2017, 07:41:33 pm
https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html (https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html)

https://www.equifaxsecurity2017.com/ (https://www.equifaxsecurity2017.com/)
 :palm:

*sigh*

You can see if you may be affected in the second URL. Click on the bottom left button "potential impact"
You can also get a free 1 year credit monitoring service; whatever that's worth.

Apparently, my info may be compromised...  :--
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: dr.diesel on September 08, 2017, 07:46:09 pm
Did you read the user agreement?  You wave your right to litigation by using that site to check.

I have mine frozen on all 3 of the Credit sites, should reduce my chances of theft.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Jwalling on September 08, 2017, 07:59:10 pm
Did you read the user agreement?  You wave your right to litigation by using that site to check.


I didn't see that. Do you mean here? https://trustedidpremier.com/static/terms (https://trustedidpremier.com/static/terms)
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: dr.diesel on September 08, 2017, 09:34:55 pm
Looks like they have already modified the site, but:

https://www.washingtonpost.com/news/the-switch/wp/2017/09/08/what-to-know-before-you-check-equifaxs-data-breach-website/?utm_term=.f7ea03ce3e8a (https://www.washingtonpost.com/news/the-switch/wp/2017/09/08/what-to-know-before-you-check-equifaxs-data-breach-website/?utm_term=.f7ea03ce3e8a)
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: bitseeker on September 08, 2017, 10:10:17 pm
It all gray area. Keeps the lawyers in business. Reading the terms, simply checking if you're affected doesn't sound to me like you are utilizing their products. If you enroll, then you certainly are. But, again, IANAL and just because you're right, doesn't mean you'll win in court.

Probably the best course of action is to put a lock on your account with all three reporting agencies.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: dr.diesel on September 08, 2017, 11:29:31 pm
And just after they screw up with the world's largest security snafu:

"What's more, the website www.equifaxsecurity2017.com/ (http://www.equifaxsecurity2017.com/), which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat."

https://arstechnica.com/information-technology/2017/09/why-the-equifax-breach-is-very-possibly-the-worst-leak-of-personal-info-ever/ (https://arstechnica.com/information-technology/2017/09/why-the-equifax-breach-is-very-possibly-the-worst-leak-of-personal-info-ever/)
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: JoeO on September 09, 2017, 02:14:42 am
And of course:

Three Equifax Managers Sold Stock Before Cyber Hack Revealed

https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack (https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack)
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: free_electron on September 09, 2017, 02:59:46 am
SUE THE SHIT OUT OF EM !
I never understood the usage of such bureau's. That mechanism does not exist in europe.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: trophosphere on September 09, 2017, 03:07:42 am
I find it kind of weird that a person would choose to enroll in a monitoring program by the same company that had their security compromised in the first place.  :-//

In addition, this monitoring program is free for only one year but the information from the breach will be available on the net to malicious individuals for many years to come so the identify theft can occur years out after your subscription to the monitoring program has expired unless you pay Equifax to continue it. Makes business sense actually... create demand for your subscription service.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Electro Detective on September 09, 2017, 04:27:11 am
"Cyberattack" is the standard excuse for   "you've been compromised and can't hold us accountable,

but we'll try harder next time to get our sh!t together, to assist with organizing yours ..."  >:D
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Jwalling on September 09, 2017, 10:45:07 am
And of course:

Three Equifax Managers Sold Stock Before Cyber Hack Revealed

https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack (https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack)

Scum.
Wouldn't that be considered insider trading?
Maybe. http://www.latimes.com/business/la-fi-equifax-insider-trading-20170908-story.html (http://www.latimes.com/business/la-fi-equifax-insider-trading-20170908-story.html)

All the money they made should be confiscated.
Looks to be about $2M.
https://www.washingtonpost.com/news/business/wp/2017/09/08/outrage-builds-after-equifax-executives-banked-2-million-in-stock-sales-following-data-breach/?utm_term=.91dcb01fca0b (https://www.washingtonpost.com/news/business/wp/2017/09/08/outrage-builds-after-equifax-executives-banked-2-million-in-stock-sales-following-data-breach/?utm_term=.91dcb01fca0b)
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: xrunner on September 09, 2017, 12:08:09 pm
Their web app said I " may have been affected" ...  :wtf:

May have been? That's kindof like "You may have a terminal disease, but we don't really know".

In any case, I put a freeze on all the major credit reporting agencies, and added fraud alerts on top. It's sad, but I still have access to an identity protection service for free, due to the OPM (Office of Personell Management) incident that occurred several years ago, where their database was broken into. I think I'll just stick with that one which seems to be very good, because there is going to be a class action lawsuit seeking $70 Billion in damages and I want my $50 out of the settlement.

Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Jwalling on September 09, 2017, 12:46:08 pm
In any case, I put a freeze on all the major credit reporting agencies, and added fraud alerts on top.

Sounds like a good idea - how much did it cost you?
Does anyone know if a freeze will screw up an existing credit card when the time comes to get a new one because the old one expired?
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: xrunner on September 09, 2017, 12:55:34 pm
Sounds like a good idea - how much did it cost you?

$10 for each agency. Equifax even charged for it which they better reimburse at some point. Can you even believe that? But what can you do?

Quote
Does anyone know if a freeze will screw up an existing credit card when the time comes to get a new one because the old one expired?

It doesn't apply to existing companies that have already requested credit reports - only for new inquiries. But you can unfreeze at any time with the PIN and re-freeze if you apply for new credit - then freeze again.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Jwalling on September 09, 2017, 02:08:35 pm
Interesting. According to this it should be free:
http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/ (http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/)
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: xrunner on September 09, 2017, 02:22:00 pm
Interesting. According to this it should be free:
http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/ (http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/)

No it's not free it's about $10 for each entity.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: dr.diesel on September 09, 2017, 02:47:20 pm
Mine was free for all 3, but I believe it varies by state.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: bitseeker on September 09, 2017, 07:22:17 pm
Yeah, some states charge for locking, unlocking, or both. Pricing may be different depending on your age and victim status.

Lots of Experian's pages about locking your account get "Page not found", including a linked headline in red that says, "Concerned about the Equifax® data breach? Find out how Experian can help." Click the link and the page doesn't exist. :palm:

Although it sucks that this happened (I also "may have been" affected), it's good to give these companies a boot to the head to get them to wake up and get their $#!@& together.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: xrunner on September 09, 2017, 07:52:51 pm
So what do they really mean when they say the data of 143 million was "exposed"? Does that mean that hackers could steal any data files they wanted to, but might not have, or does it mean that they stole all 143 million because they downloaded the database? If they were accessing it and didn't steal any data, or very little, then it might not be so bad. It's just not clear to me what they mean.

Also, was the data encrypted? If not why not?  :palm:
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: bitseeker on September 09, 2017, 08:01:37 pm
It means they either don't yet know the extent of the breach (it can take a while to fully investigate what happened) or they're intentionally obfuscating it for various reasons.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Jeroen3 on September 09, 2017, 08:06:53 pm
SUE THE SHIT OUT OF EM !
I never understood the usage of such bureau's. That mechanism does not exist in europe.
That. And companies can't make you waive rights by terms and conditions.

Nice one though.
1. Hack competitor
2. Fear Mongering News Stories
3. Profit
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Red Squirrel on September 11, 2017, 04:39:44 am
There needs to be jail time for this sort of thing.  Especially a company that has such valuable info, they should be obligated to have the most serious security.  Whoever is responsible for allowing this hack to happen should be held fully liable for all damages done to all affected.  This needs to be the case for all instances where user's info is compromised.  This stuff happens way too much now, and the biggest issue is that companies don't care, and there is no incentive for them to care because there are no penalties when it happens. 

I'm not even mad at the hackers, but at the companies for allowing the vulnerabilities to exist in first place.  These are billion dollar operations, they have zero excuse, they should have top notch security experts working on the systems and continuously monitoring and checking for any vulnerabilities.   A company as big as Equifax should have an entire IT department dedicated strictly at systems security.   But instead they probably outsource IT to the lowest bidder.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: rstofer on September 11, 2017, 11:59:28 am
After a free year of some kind of ID guard, Equifax will SELL you the feature for $10/year.

So, they arrange for the data to be stolen and profit by as much as $1.43 BILLION per year in subscriptions.  How cool is that?  Capitalism at work...  And the burden is still on the individuals.

In my view, Equifax should cease to exist; the .gov should simply close them down. Their stock has taken a 14% hit but it amazes me that they still have stockholders.  The company is too incompetent to survive.

Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: darrellg on September 11, 2017, 09:33:46 pm
I'm tired of this bullshit. It's time to scrap the current system and come up with something new. We can do better.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: TimFox on September 11, 2017, 09:37:30 pm
Among other states, the Attorney General of Illinois is looking at suing Equifax.
In my opinion (educated in natural philosophy, not the law),
     if
I did not give my information to Equifax voluntarily
I did not have any option to opt out or remove my information from them
Their incompetence and/or negligence put me at risk
   then
They should take the initiative to remove me from risk, perhaps by freezing my credit account
They should be given a serious penalty
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: dr.diesel on September 11, 2017, 10:03:42 pm
I'm tired of this bullshit. It's time to scrap the current system and come up with something new. We can do better.

Totally agree.  Why the hell is ID theft the consumer's fault for one?  I didn't ask for the loan and I wasn't the lending agent that gave the loan to an imposter?  WTF?    :horse:
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: rstofer on September 11, 2017, 10:47:58 pm
Among other states, the Attorney General of Illinois is looking at suing Equifax.

So, the states sue.  Who gets the money?  The states, naturally, but what about the victims?

The class action suit that is sure to follow should require a trillion $ fund be created by the 3 reporting agencies to cover fraud created by their ineptitude.

Equifax is just the first to admit they have been hacked.  The other two will be piping up soon!
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: bitseeker on September 11, 2017, 11:14:00 pm
Since most information is the same or similar, if one of the three reporting agencies gets hacked, do the other two even matter?
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: xrunner on September 12, 2017, 12:58:01 am
There's a bunch 'o class action lawsuits already. Probably will be combined into one Mother of all Class Actions.

They have been backing down on some of the requirements they had, such as requiring a credit card to get the one year of free credit monitoring, and stating you are not locked out of participating in the class action. What a mess.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Jwalling on September 21, 2017, 09:37:27 am
It just keeps getting better.
https://www.nytimes.com/2017/09/20/business/equifax-fake-website.html (https://www.nytimes.com/2017/09/20/business/equifax-fake-website.html)
 :palm:
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: bitseeker on September 21, 2017, 05:39:22 pm
They're taking a really long time to process enrollments, too. After almost a week without an enrollment confirmation email, I called them and they said that, yeah, there are so many people signing up that it's taking more than the 72-hour estimate.

Even though they tried to spread out the workload by issuing enrollment dates, it's obviously not enough to keep up.

As stated in the NY Times article about the fake site:

Quote
Mr. Telang said Equifax’s actions suggested that the company had never anticipated or planned for a data breach.

“If you don’t have a plan in place, you will find different ways to screw it up,” he said. “Equifax is just a perfect example of that.”
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Jwalling on September 21, 2017, 05:55:47 pm
They're taking a really long time to process enrollments, too. After almost a week without an enrollment confirmation email, I called them and they said that, yeah, there are so many people signing up that it's taking more than the 72-hour estimate.


Even more fun is when I tried to sign up my mother for the credit freeze, it kept throwing an error about how the site could not process the request at this time. Of course, this was after filling out the entire web form with all the personal details. The back button on my browser would naturally clear the form as well. It took me a good dozen attempts and several days before it finally accepted the submission.  :rant:

If only Moe, Larry, and Curly (no Shemps or Curly-Joes please!) were still alive today; they could have done a better job.
Title: Re: Equifax Says Cyberattack May Have Affected 143 Million Customers
Post by: Jwalling on October 13, 2017, 09:58:14 am
Looks like they're still batting a thousand.

https://www.usatoday.com/story/tech/news/2017/10/12/equifax-may-have-been-breached-again/758734001/ (https://www.usatoday.com/story/tech/news/2017/10/12/equifax-may-have-been-breached-again/758734001/)