Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Open

Moderator: Team

Post Reply
User avatar
Ken0069
Guru
Guru
Posts: 3192
Joined: Sun Jun 05, 2005 10:25 am
Location: Historic Appomattox County, Va
Contact:

Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by Ken0069 » Thu Sep 07, 2017 8:15 pm

Massive Data Breach At Equifax – 143 Million Consumers Impacted…
Equifax said exposed data includes: names, birth dates, Social Security numbers, addresses, driver’s license numbers and credit card numbers.
(Via CNBC) Equifax, which supplies credit information and other information services, said Thursday that a data breach could have potentially affected 143 million consumers in the United States.

The population of the U.S. was about 324 million as of Jan. 1, 2017, according to the U.S. Census Bureau, which means the Equifax incident affects a huge portion of the United States. Equifax said it discovered the breach on July 29. “Criminals exploited a U.S. website application vulnerability to gain access to certain files,” the company said.

Shares of Equifax fell more than 5 percent during after-hours trading.

Equifax said exposed data includes names, birth dates, Social Security numbers, addresses and some driver’s license numbers, all of which the company aims to protect for its customers.

The company added that 209,000 U.S. credit card numbers were obtained, in addition to “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.”

Equifax CEO and Chairman Richard Smith said apologized to consumers and customers and noted that he’s aware the breach affects what Equifax is supposed to protect.

Equifax said it is now alerting customers whose information was included in the breach via mail, and is working with state and federal authorities. Its private investigation into the breach is complete.
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)


Big Boyz Toyz!

Global Warming Is a FRAUD!

pdq67
Guru
Guru
Posts: 6316
Joined: Thu Mar 04, 2010 8:05 pm

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by pdq67 » Fri Sep 08, 2017 6:36 am

In other words, start checking your financial/legal stuff really hard!

pdq67

User avatar
Ken0069
Guru
Guru
Posts: 3192
Joined: Sun Jun 05, 2005 10:25 am
Location: Historic Appomattox County, Va
Contact:

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by Ken0069 » Fri Sep 08, 2017 2:27 pm

Looking back, this data breach may explain something that happened to me a couple of months back.

I got notified back in early June that my credit card had been used to purchase a $2065 airline ticket in Dallas, Tx??? WTF?? I immediately called and had my credit card number changed and reported the incident to Visa.

At that time I couldn't figure out how my info had been gotten to make that purchase and I notified Trans Union that my account had been hacked so they put an "alert" on my credit to notify me of any unusual activity. Had to fill out the usual bullshit for the credit card company but in the end it only cost me the aggravation of having to contend with it, and, having to change credit card numbers with about a half dozen businesses that I have payments made through that card.

Then we find out that Equifax was hacked and they didn't tell anyone for "some time" after that had happened??? So the Wife and I were talking a little while ago and we both figure that this hack was how my card number/pin, address etc got out in the wild!

After this I'm now thinking of freezing my credit!! It can be a bit of a hassle doing that but it may be better to stop anything from happening rather than having to fix it after the fact!
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)


Big Boyz Toyz!

Global Warming Is a FRAUD!

Zmechanic
Pro
Pro
Posts: 286
Joined: Wed Oct 24, 2012 9:33 am
Location: Austin, TX

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by Zmechanic » Fri Sep 08, 2017 5:20 pm

It's no consolation, but many MANY places have been breached and have zero idea it happened. Many others, as in Equifax's case, don't realize until months later.

And if you think it's "unacceptable", it's not going away anytime soon. I have government provided identity protection because the DoD database was breached some time ago. :shock:

exhaustgases
Expert
Expert
Posts: 998
Joined: Sun Oct 06, 2013 9:03 pm

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by exhaustgases » Tue Sep 12, 2017 3:57 pm

And on the news they say to do this and that etc etc. COME ON why do I have to waist hours on a phone, I did nothing to cause the problem.
The out fit that can't keep MY information safe is the party responsible when this happened THEY immediately should be doing all that stuff the news says for US to do. They are the ones that screwed up they should be the ones rushing to fix the problems for all 143 million that THEY caused the problems for. Since I don't understand any of the BS and would have to hire an attorney to fix it for me that crap outfit should be paying for 143 million attorneys to do the fix.

User avatar
Ken0069
Guru
Guru
Posts: 3192
Joined: Sun Jun 05, 2005 10:25 am
Location: Historic Appomattox County, Va
Contact:

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by Ken0069 » Tue Sep 12, 2017 8:28 pm

Image
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)


Big Boyz Toyz!

Global Warming Is a FRAUD!

exhaustgases
Expert
Expert
Posts: 998
Joined: Sun Oct 06, 2013 9:03 pm

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by exhaustgases » Fri Sep 15, 2017 5:19 pm

The freeze needs to be not requiring a social security number for anything, except social security. And the freeze needs to be some collecting everyones personal information and being able to walk away free as a bird when you don't protect said info. Any out fit that loses the info should be liable. Since they do and can cause harm "an injured" party. Day one Equifax should have begun a credit freeze on all that where in the data breach. And set up a fund to reimburse any losses that can occur from it.

User avatar
Ken0069
Guru
Guru
Posts: 3192
Joined: Sun Jun 05, 2005 10:25 am
Location: Historic Appomattox County, Va
Contact:

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by Ken0069 » Sat Sep 16, 2017 7:46 pm

Well, since I'm 72 and my house and two 2014 cars are paid for and I just got a new credit card number back in June I decided to go ahead and freeze my credit. TransUnion and Experian were pretty easy but after 3 tries at Equifax I still haven't been able to get that process completed on their website. That and the phone number stays busy 24 hours a day for the past 4 days now??

Cost for the freeze in Virginia is $10 at each place so that's $30 out of pocket that someone owes me!! And I heard that there's already a couple of class action lawsuits in the works so maybe I'll be able to get that money back some day? Nope, not going to hold my breath waiting though! :-({|=
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)


Big Boyz Toyz!

Global Warming Is a FRAUD!

User avatar
Ken0069
Guru
Guru
Posts: 3192
Joined: Sun Jun 05, 2005 10:25 am
Location: Historic Appomattox County, Va
Contact:

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by Ken0069 » Tue Sep 19, 2017 2:42 pm

Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed
By Michael Riley
, Anita Sharpe
, and Jordan Robertson
September 18, 2017, 5:55 PM EDT September 19, 2017, 11:09 AM EDT

New timeline could have implications for executive stock sales
The company is the subject of multiple investigations

Equifax Inc. learned about a major breach of its computer systems in March -- almost five months before the date it has publicly disclosed, according to three people familiar with the situation.

In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders. Either way, the revelation that the 118-year-old credit-reporting agency suffered two major incidents in the span of a few months adds to a mounting crisis at the company, which is the subject of multiple investigations and announced the retirement of two of its top security executives on Friday.

Equifax hired the security firm Mandiant on both occasions and may have believed it had the initial breach under control, only to have to bring the investigators back when it detected suspicious activity again on July 29, two of the people said.

Equifax’s hiring of Mandiant the first time was unrelated to the July 29 incident, the company spokesperson said. In a statement issued after the publication of this story, the company said it experienced a security incident involving a payroll-related service during the 2016 tax season earlier this year. Equifax said the incident was reported to customers, affected individuals and regulators. Vitor De Souza, senior vice president for global marketing at FireEye Inc., Mandiant’s parent company, declined to comment.

The revelation of a March breach will complicate the company’s efforts to explain a series of unusual stock sales by Equifax executives. If it’s shown that those executives did so with the knowledge that either or both breaches could damage the company, they could be vulnerable to charges of insider trading. The U.S. Justice Department has opened a criminal investigation into the stock sales, according to people familiar with the probe.

Equifax has said the executives had no knowledge that an intrusion had occurred when the transactions were made. The company’s shares fell less than 1 percent to $94.06 at 11:06 a.m. in New York.

Read Bloomberg’s QuickTake Q&A on Equifax’s security troubles

New questions about Equifax’s timeline are also likely to become central to the crush of lawsuits being filed against the Atlanta-based company. Investigators and consumers alike want to know how a trusted custodian of so many Americans’ private data could let hackers gain access to the most important details of financial identity, including social security and driver’s license numbers, and steal credit card numbers.

In public statements since disclosing the intrusion on Sept. 7, Equifax said it became aware of the breach only after the data taken by the hackers had been gone for months. The company said it discovered the incident on July 29 and “acted immediately to stop the intrusion and conduct a forensic review.” Equifax hired Mandiant to help with the probe on Aug. 2, and said the investigators eventually learned that the hackers had accessed the data in mid-May.

There’s no evidence that the publicly disclosed chronology is inaccurate, but it leaves out a set of key events that began earlier this spring, the people familiar with the probe said.

In early March, they said, Equifax began notifying a small number of outsiders and banking customers that it had suffered a breach and was bringing in a security firm to help investigate. The company’s outside counsel, Atlanta-based law firm King & Spalding, first engaged Mandiant at about that time. While it’s not clear how long the Mandiant and Equifax security teams conducted that probe, one person said there are indications it began to wrap up in May. Equifax has yet to disclose that March breach to the public.

One possible explanation, according to several veteran security experts consulted by Bloomberg, is that the investigation didn’t uncover evidence that data was accessed. Most data breach disclosure laws kick in only once there’s evidence that sensitive personal identifying information like social security numbers and birth dates have been taken. The Equifax spokesperson said the company complied fully with all consumer notification requirements related to the March incident.

Even so, the revelation of an earlier breach will likely raise questions for the company’s beleaguered executives over whether that investigation was sufficiently thorough or if it was closed too soon. For example, Equifax has said that the hackers entered the company’s computer banks the second time through a flaw in the company’s web software that was known in March but not patched until the later activity was detected in July.

Senate Banking Chairman Still Mum on Potential Equifax Hearing

Security experts say victim companies have wide leeway about how deep an investigation they want outside investigators to do. Some clients will limit the breadth of access or the time outside investigators can spend on site. Others want a full assessment that encompasses their entire computer network and could include the identification of existing security vulnerabilities. Cost is often a consideration, but the victim company might also believe a breach’s scope is limited.

It’s the stock sales by several executives that are likely to get the most scrutiny in light of the new timeline. On Aug. 1 and Aug. 2, regulatory filings show that three senior Equifax executives sold shares worth almost $1.8 million, with none of the filings listing the transactions as being part of scheduled 10b5-1 trading plans. Equifax’s Chief Financial Officer John Gamble sold shares worth $946,374; Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099; and Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock.

Equifax has said the executives “had no knowledge that an intrusion had occurred at the time,” and the company spokesperson declined to make them available for comment.

Under the company’s publicly disclosed timeline, there were fewer than a handful of days between the stock sales and the date Equifax said the breach was discovered. Under the new timeline, those sales come several months after the March breach but before the public had any knowledge of major security issues at one of the country’s three big credit-reporting agencies.

The new timeline is also likely to focus scrutiny on an earlier sale by Gamble of 14,000 shares on May 23. According to a regulatory filing, which didn’t indicate that the sale was part of a scheduled trading plan, the value of that transaction was $1.91 million, more than twice the size of his Aug. 1 disposal of 6,500 shares for $946,374.

If the two hacks are unrelated it could be that different hacking teams had different goals. One clue has emerged that suggests one goal of the attackers was to use Equifax as a way into the computers of major banks, according to a fourth person familiar with the matter.

This person said a large Canadian bank has determined that hackers claiming to sell celebrity profiles from Equifax on the dark web -- information that appears to be fraudulent, or recycled from other breaches -- did in fact steal the username and password for an application programming interface, or API, linking the bank’s back-end servers to Equifax.

According to the person and a Sept. 14 internal memo reviewed by Bloomberg, the gateway linked a test and development site used by the bank’s wealth management division to Equifax, allowing the two entities to share information digitally.

The discovery suggests that the attackers may have been trying to piggyback off of Equifax’s connections to large banks and other financial institutions as a backdoor way to hack those entities and gain access to sensitive partner systems. The company spokesperson said Equifax is “working diligently with our bank partners to assess and mitigate any impact to their operations.”

From THIS article on Bloomberg!
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)


Big Boyz Toyz!

Global Warming Is a FRAUD!

Zmechanic
Pro
Pro
Posts: 286
Joined: Wed Oct 24, 2012 9:33 am
Location: Austin, TX

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by Zmechanic » Wed Sep 20, 2017 3:27 pm

Zmechanic wrote: Many others, as in Equifax's case, don't realize until months later.
Called it :lol: I have a friend at a very successful cyber security company. Companies getting breached and not knowing or only finding out months later is the norm, not the exception.

If you're trying to steal data and re-use/sell it, you don't plant a big flag and show what you did.

midnightbluS10
Member
Member
Posts: 188
Joined: Sun Oct 20, 2013 8:41 am

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by midnightbluS10 » Fri Sep 22, 2017 2:28 am

Add to everything so far that someone set up a spoof site and without ever noticing, Equifax was promoting it instead of their own site, which was the one you went to to check and see if you were affected. Fortunately, the guy that made the spoof site wasn't doing it for personal gains so no one should have had any negative effects from going to http://www.securityequifax2017.com instead of the real site, http://www.equifaxsecurity2017.com


http://www.npr.org/sections/thetwo-way/ ... -fake-site

After a cyberattack that potentially exposed the personal information of 143 million people, the credit reporting agency Equifax set up www.equifaxsecurity2017.com, a website to help people determine whether they had been affected.

However, on multiple occasions over the span of weeks, the company's official Twitter account responded to customer inquiries by apparently directing them to a fake phishing site called www.securityequifax2017.com.

Luckily, the fake site — blocked or flagged by many Internet browsers, then taken down Wednesday afternoon — was set up by software engineer Nick Sweeting to educate people rather than steal their information. A banner on the top read: "Cybersecurity Incident & Important Consumer Information Which Is Totally Fake, Why Did Equifax Use A Domain That's So Easily Impersonated By Phishing Sites?"

Equifax Breach Puts Credit Bureaus' Oversight In Question
POLITICS
Equifax Breach Puts Credit Bureaus' Oversight In Question
Still, it's an embarrassing development for the company that is struggling to regain public trust, especially considering that customers may have been directed to the fake site at precisely the moment they were seeking reassurance about the safety of their data.

The personal information leaked earlier this month included names, Social Security numbers, birthdates, addresses and, in some cases, driver's license numbers and credit card information.

It's not clear exactly how many times Equifax tweeted the fake site. Sweeting posted a screenshot that appears to show three different tweets, dating to Sept. 9.





"All posts using the wrong link have been taken down. We apologize for the confusion," an Equifax spokesperson told NPR, adding:

"Consumers should be aware of fake websites purporting to be operated by Equifax. Our dedicated website for consumers to learn more about the incident and sign up for free credit monitoring is https://www.equifaxsecurity2017.com/, and our company homepage is equifax.com. Please be cautious of visiting other websites claiming to be operated by Equifax that do not originate from these two pages."
Equifax is facing criticism because after the security incident it chose to create an entirely new domain for customers to check whether they were affected — www.equifaxsecurity2017.com — rather than keep the response page within its own primary domain, equifax.com.

That makes it more difficult for customers to determine whether it is a real Equifax site, even as they are being asked to provide their last name and a portion of their Social Security number to check the safety of their personal information. Equifax did not immediately respond to NPR's request for comment about its choice of domain.

Equifax Confirms Another 'Security Incident'
THE TWO-WAY
Equifax Confirms Another 'Security Incident'
After Equifax Hack, Consumers Are On Their Own. Here Are 6 Tips To Protect Your Data
BUSINESS
After Equifax Hack, Consumers Are On Their Own. Here Are 6 Tips To Protect Your Data
"I recommend companies direct people to a site that is trusted and part of their main domain, in order to make sure that something like this doesn't happen," Tarah Wheeler, a cybersecurity consultant at Red Queen Technologies, told NPR. "I'm grateful that the domain was registered by someone who was doing educational work and pointing out a problem like this, and not someone who's malicious."

That's because she has seen multiple sites that are close in name to www.equifaxsecurity2017.com but are actually phishing scams. These schemes are "100 percent anticipated," Wheeler says, and a reason many large companies buy up domains that are common misspellings of their domain.

3 Equifax Executives Sold Stock Days After Hack That Wasn't Disclosed For A Month
THE TWO-WAY
3 Equifax Executives Sold Stock Days After Hack That Wasn't Disclosed For A Month
"It's in everyone's interest to get Equifax to change this site to a reputable domain," Sweeting, a software engineer based in Medellín, Colombia, told NPR in a written statement. He called the site "dangerously easy to impersonate," adding that it "only took me 20 minutes to build my clone."

"The 'wget' command on linux allows you to download a website, including all images, html, css, etc. Using this command, it was very easy to just suck their whole site down and throw it on a $5 server. It currently has the same type of SSL certificate as the real version, so from a trust perspective, there's no way for users to authenticate the real one vs my server. They should either change it to https://equifax.com (with an EV cert), or take it down altogether.
"I hope other companies are able to learn from this mistake, and remember to publish content only on trusted domains. ... I just hope the employee who posted the tweet doesn't get fired, they probably just Google'd for the URL and ended up finding the fake one instead. The real blame lies with the people who originally decided to set the site up badly."
Wheeler stresses that responding to a security incident like this is "extraordinarily difficult."

"The level of anger and hatred being directed at Equifax doesn't take into account how difficult good cybersecurity incident response is to pull off," she says, adding that it's crucial for companies to rehearse their response in advance. Equifax's response to this breach, she says, "showed I think very clearly that the kind of preparation that goes into good incident response hadn't been done in advance."

User avatar
Ken0069
Guru
Guru
Posts: 3192
Joined: Sun Jun 05, 2005 10:25 am
Location: Historic Appomattox County, Va
Contact:

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by Ken0069 » Fri Sep 22, 2017 7:52 pm

I finally got my credit freeze done with Equifax yesterday via a phone number that was posted on Clark.com, Clark Howard's website. It was an automated process that took about 5 minutes to complete. That number is 800-685-1111 if you need it.

http://clark.com/personal-finance-credi ... haw-guide/

Now I've frozen all three of them so at least identity theft shouldn't be an issue.
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)


Big Boyz Toyz!

Global Warming Is a FRAUD!

User avatar
Ken0069
Guru
Guru
Posts: 3192
Joined: Sun Jun 05, 2005 10:25 am
Location: Historic Appomattox County, Va
Contact:

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by Ken0069 » Wed Sep 27, 2017 9:43 am

Looks like too little too late if you ask me!! And what about that 18 MILLION dollar pension benefit he gets to keep?? A WTF moment indeed!

Trying to Stem Fallout From Breach, Equifax Replaces C.E.O.

https://www.nytimes.com/2017/09/26/busi ... ml?mcubz=3
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)


Big Boyz Toyz!

Global Warming Is a FRAUD!

exhaustgases
Expert
Expert
Posts: 998
Joined: Sun Oct 06, 2013 9:03 pm

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by exhaustgases » Wed Sep 27, 2017 7:33 pm

So what kind of personal information do you have to give out again to effect a credit freeze? Also a credit freeze ruins your credit as well.

Any problems who ever lost my info is responsible. And its here is writing as well.

User avatar
Ken0069
Guru
Guru
Posts: 3192
Joined: Sun Jun 05, 2005 10:25 am
Location: Historic Appomattox County, Va
Contact:

Re: Massive Data Breach At Equifax – 143 Million Consumers Impacted…

Post by Ken0069 » Wed Sep 27, 2017 10:37 pm

exhaustgases wrote:So what kind of personal information do you have to give out again to effect a credit freeze? Also a credit freeze ruins your credit as well.

Any problems who ever lost my info is responsible. And its here is writing as well.
WRONG! I can thaw and freeze it any time I want and it has absolutely NOTHING to do with my credit. Checked mine the other day AFTER I had frozen two of the three and it was 822!!

https://www.google.com/search?newwindow ... zQYXny43BI
"Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves."
William Pitt, British Prime-Minister (1759-1806)


Big Boyz Toyz!

Global Warming Is a FRAUD!

Post Reply