Equifax data breach
On July 29th, the folks at Equifax detected breach of the Personally identifiable information (PII) of 143 million Americans and they got around to warning us yesterday. From the News York Times;
“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”
Equifax has set up a website that can tell you if your records were affected. Yes, my records were affected;
But I have Lifelock, I have for years since the VA lost my data when an employee lost a computer with my PII on it.
On the brighter side, three of Equifax managers were able to dump some of their Equifax stock ahead of the announcement of the breach.
Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers.
The trio had not yet been informed of the incident, the company said.
Sure, I believe that.
Category: Crime
You are not alone now.
Equifax + OPM = Identity is a thing of the past.
Add me to the list
I wonder if the three execs who cashed in before releasing the news will get a visit from the feds?
Probably not…
Cocksuckers
BOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOM!!!
BOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOM!!!
BOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOM!!!
Depends, are they Republicans? If so then the Feds will be all over them and give the full perp walk for the evening news.
I froze all three of those credit reports a while back, but you never know. I have no need for credit cards at all.
But I checked anyway. Nada.
I’ll give the CHICOMs their due…..three executives would be marched into a crowded stadium and shot…
unless they were also commutard office holders in which case they would be promoted for their “original thinking”
Believed to not be impacted. I’ll keep checking.
I will also be receiving (another) free credit monitoring service.
The executives selling their stock are actually pretty short-sighted if they sold their stock because of this incident. Stock prices generally recover quickly from this sort of thing. The wise thing to do is to increase holdings now at the temporarily depressed price.
The stock pays a dividend of $1.56 ($0.49 qtr) per share so it’s like a person would go broke holding onto it.
I won’t even go into the possible tax implications…
*not like a person would go broke
So you’re saying be using their profits from selling before the crash to buy back in? Playing the long game.
Yeah, it’s called shorting the stock. Quite legal and a good way to make some cash with no effort.
The only issue with that strategy is that there may be a heavy tax on the sale of the current shares.
Jonn, so Lifeloc did or didn’t give you the heads up?
I suppose if not, their ability to report it is only as good as the data they get from the big three, Equifax included.
Lifelock only tells me when my PII is being used.
Once they called me when my wife was buying car and put me down as the co-signer. Lifelock alerted me while she was still at the dealer.
I have lifelock too. Were you able to stop her from getting that Priussssss?
It was a Chevy. Malibu – she was tired of the Cobalt.
I don’t pay for lifeloc, but thanks to Equifax I now have a third service for free, one from each time my data was ‘compromised’.
Sometimes I think this is just a sophisticated advertising scheme – hack a big corporation (perhaps with said corporation’s acquiescence) offer a 1-year or 3-year loss leader then sell subscriptions.
I have Lifelock as well, and I get notifications if I have a charge on my CC or a debit transaction in excess of a certain amount.
They do pretty well, imo.
Lifelock alerted me to the fact that I was shopping for furniture in Peoria, Arizona one fine January day 3 years ago. Which was strange, because I was watching the wind blow little snow drifts into big snow drifts in Michigan, while I talked to the guy. Then, my credit card company called me while I was on the phone with Lifelock.
So, I do believe I’m good. That’s the only credit card I have. And, no complaints about Lifelock.
Maybe All-Points Logistics is not so bad……
Yeah.
No.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Richard F. Smith, chairman and chief executive of Equifax, said in a statement.
I wonder if Smith would be “disappointed” to be chained at the ankles and dragged behind a backhoe…
Thanks to the DoD, OPM, VA, etc. I have had overlapping credit protection for almost 20 years…
I grew up around computers – literally. I’ve worked with computers for more than 3 decades.
THERE IS NO SUCH THING AS A UNHACKABLE COMPUTER.
The only exception being the computer which is connected to absolutely nothing on the internet, has no USB connections, and no other way of loading information onto it or taking information off of it, and is locked up tighter than Fort Knox.
All computer security does is minimize the chances, and ensure that the professional hackers have to know their stuff to get to your data.
“The only exception being the computer which is connected to absolutely nothing on the internet, has no USB connections, and no other way of loading information onto it or taking information off of it, and is locked up tighter than Fort Knox” … … in a Faraday cage.
Thanks for the summary and links, Jonn. I hope you don’t mind a cut and paste of your info to family and friends.
and by “your info” I mean the summary you wrote in the original post; NOT your PII.
The problem is, “most” of these PII exposures aren’t due to someone being a better hacker. It is due to people being stupid, lazy, incompetent, apathetic, etc.
This is just one instance where it ‘may’ be a better hacker.
True that, but the illusion of security is just that – an illusion.
As we say in the programming world, when you write a fool-proof program the universe goes and builds a bigger fool.
AKA “You can’t fix stupid.” But duct tape can muffle the sound.
Exactly…and like Cmdr Genda is reported to have told an Admiral (dramatized in Tora! Tora! Tora!), “The unsinkable battleship is a myth. Anything that floats can be sunk.”
INFOSEC is a field I am just breaking into…and whenever I see someone with crossed arms and a smug grin bragging about his or her “impenetrable” network, I just chuckle to myself that this person is just begging to be made an example of.
Anyone who claims a network or even a PC is impenetrable is cut from the same cloth as the folks who described the Titanic as ‘unsinkable’ – and we know how that turned out.
You can make a network impenetrable from a given vector. If you completely air-gap a system, no possible internet connection at all, you cannot be hacked from the outside. Only put data in via text – have some analog step like a monitor displaying info for a camera does OCR. Provide a separate set of low security computers for looking at This Ain’t Hell, using USB drives, and other useful stuff that is not mission-critical.
That still leaves the chance of an inside job, but that’s absolutely unavoidable. People could also just crash in the door with guns blazing. That’s not really network penetration, though.
People who brag their system is impenetrable usually have a few hundred assholes going, “Challenge accepted!”
I am “believed impacted”.
I got fooked by OPM too.
Lucky me.
Between the DoD, the VA, and OPM I’ve already gotten 6 letters about “your information ‘might’ be exposed!” already.
Though someone on the news mentioned something about board members having sold off stock right around when this happened, though they said “it had nothing to do with the hack!” I found the story for it. Yeah, bullshit it was unrelated.
http://money.cnn.com/2017/09/08/investing/equifax-stock-insider-sales-hack-data-breach/index.html?iid=EL
You and me both. All the protection letters I received were for 2 years of…Equifax monitoring. Wonder who they will use to cover their breach.
God damn it, I just bought a fucking house. Thanks, assholes!
Equifax says I’m affected.
I’ve had Lifelock for years, and they’ve come in handy a time or three.
In the past, I’ve seen evidence that Equifax has allowed someone else (my ex-wife?) to assume my identity, and Equifax refused to accept my evidence contesting it, nor would they accept evidence verifying my current identity, so as far as I’m concerned, Equifax is useless.
I only have one savings account, one checking account, and one Visa debit/credit card, as that’s all I need.
Of course, the PX has now issued me a Military Star credit card, which I’ll never use.
My income from the VA and Social Security go direct deposit to my checking account, and I do almost all of my shopping on the Internet, usually at Amazon, and pay all of my bills and do my tithing automatically.
The only time I go to the store is to buy groceries and snacks, or to get gasoline, or for scheduled maintenance on my truck.
Unfortunately, I’m forced to write a check to pay my rent (i.e., they won’t allow electronic payment!), but that’s the only check I write, and I hate doing that.
I haven’t noticed anything abnormal or unauthorized in my credit union statement.
Yesterday, I did receive a bogus e-mail attempting to get my Social Security number and credit card information.
At first glance, it looked authentic, but when I saw, “Expiry Date” for the credit card info, I knew it was a scam.
JRM: You were issued a Military Star Card, but you said you will never use it?
That’s strange. Unless things have changed, a person has to apply (fill out an application)for that card and be approved, just as one has to apply and be approved for a credit card.
Maybe someone else sent in an application for you without you knowing?
I did apply for it when I was being pre-approved to shop at the PX (on line, not on an installation).
The really remarkable thing was they gave me a credit limit far in excess of my actual income.
No, I’ll never use that card.
I don’t even use my Visa card unless I already have the money in my checking account to pay for what I’m buying.
I never buy anything on credit.
If the hack came from a foreign location, at what point do we start treating these things as “hostile acts”, and hold the host country responsible?
If some organized band of foreigners torched a US neighborhood, “act of war” would be a fair description. Until we start treating the cyber-crime perpetrators as pirates, and the protecting nations as pirates, this is only going to get worse.
says my info was taken
i pitty the fool that tries to use it to buy a car or something…..
i started to “Enroll” today9/8/17 but have to go back to the page on 9/12/17 to finish up….
seems screwy to me.
Nice to know the folks supposedly securing are data are as fucking incompetent as their government counterparts…143 million people? Taking kids and folks in nursing homes into account means 50% of us got fucked in this mess…
nice to know the cocksuckers running the operation made a tidy profit on the sale of their stock…rat bastards.
The difference here is that Equifax will be held responsible for some of the damage – not a fucking thing happened with the OPM breach. One politico resigned a couple years later, rather than testify in front of congress – that’s it. Equifax will be fined out the ass…won’t make up for the damage they’ve caused, but there will be SOME consequences…
Could be…I’ve noticed that very savvy attorneys work deals in class action suits that give the plaintiffs some “free or discounted stuff” as compensation that actually benefits the defendants in the long run…so what if these attorneys broker a deal with various Attorneys General that all of us compromised get three years of “free protection” instead of the one initially offered….they avoid a fine and we all are buying that “protection” for years four and beyond….protection from a problem the defendants created….incredible…just grease up and enjoy it…we might as well since we’re getting gang raped no matter what
https://www.cbsnews.com/…/equifax-breach-response…/
Eqifax doesn’t disclose this anyplace on their webpages put in place pertinent to the hack and loss significant personal information of millions of people.
https://www.cnet.com/news/equifax-breach-hacked/
There was some question about this due to certain language in the terms of use for Equifax’s TrustedID Premier program, which offers a year of free credit monitoring as a result of the hack. The terms of use suggested that if you signed up for TrustedID, you’d give up the right to sue Equifax over the breach in a class action (though you could still sue as an individual in a small claims court).
I just checked and it says I may have been compromised. These rotten bastards are trying to sell me protection from their own incompetence. I had my credit card info stolen a while ago and who ever did it used it to obtain my Trans Union credit report for $1.00 among other unauthorized purchases. I think I will return to a cash only basis.
You can request a free credit report to find out if you’ve been affected, without “agreeing” to Equifax’s arbitration clause.
So thanks to the OPM hack, my PII was already compromised (thank you asshole in Colorado for using my SSN and getting the IRS to do a colonoscopy on me and my taxes). Now Equifax has come in for sloppy seconds.
Think I might want to pay a visit to 2 or 3 individuals when I get back from this deployment.
You might want to heed this advice from Clark Howard.
http://clark.com/
Just saw this on Slashdot this AM… some are thinking that Equifax may be playing games about telling people that their data was compromised:
https://yro.slashdot.org/story/17/09/10/0128214/techcrunch-equifax-hack-checking-web-site-is-returning-random-results
He’s info on their new CSO – she has a Bachelors and Masters degrees in – I SHIT YOU NOT – “Music Composition”…
https://twitter.com/Wintery_Knight/status/906647087516979201