Equifax - Now with 50% more data breaches!

[strawman]

So 143 million people (about half the adult population of the USA) have had their names, birthdates, and social security numbers, along with a lot of other personal account information, released due to a data breach by a major credit rating agency, Equifax.

This occurred over a month ago, and the press just found out.

They've set up a website to allow people to find out if their information was part of the breach, but due to the overwhelming response they've created a process that allows you to request the information, and it gives you a day after which they'll allow you to complete the request. So I signed up last night, and they told me I can come back next Wednesday to find out. It's odd, but at least the website is up and running.

https://www.equifaxsecurity2017.com/

May the odds be ever in your favor!

 

[jwhouk]

Nothing here, but I did sign up for their monitoring service.

 

[GasBandit]

Yep, it said my info "may be compromised." I signed up for the credit monitoring as well.

Rowrbazzle.

 

[blotsfan]

Don't check their site. If you do, you waive your right to be in a class-action lawsuit.

 

[Dave]

Don't check their site. If you do, you waive your right to be in a class-action lawsuit.

Wait, what? So if you sign up for their monitoring system you are waiving your rights? I doubt that will hold up in court.


Also...

https://www.bloomberg.com/news/arti...utives-sold-stock-before-revealing-cyber-hack

 

[Dave]

Welp. I guess you do give up you rights, even though the New York AG has already said it's unenforceable.

https://arstechnica.com/tech-policy...im-you-must-give-up-right-to-sue-to-find-out/

 

[blotsfan]

And the Supreme Court has already ruled banning involvement in a class-action suit in terms and conditions is fine.

https://en.m.wikipedia.org/wiki/AT&T_Mobility_LLC_v._Concepcion

In related news, Hell is too nice for Antonin Scalia.

 

[Bubble181]

That's completely insane. So...Either you don't check if you're a victim, and you have no reaosn to go get involved in the class action suit, or you check if you're a victim, and you can't sue?

Any type of contract that says "and even if you get hurt by our fault, you can't sue us! Nyah!" should be illegal. That's beyond horrible.

 

[Dave]

And then there's this:

http://www.zdnet.com/article/we-tes...c64629f&bhid=22856446893065142791845377672775

 

[PatrThom]

Plus there's the fact that the checker website is even less secure than their usual website, doesn't have a matching domain registration, and several other things that make people uneasy.

--Patrick

 

[figmentPez]

Yep, it said my info "may be compromised."

That may not mean anything. Reports are saying that even fake names combined with random numbers can turn up results of "may be compromised". See the article Dave linked.

 

[Frank]

You fucking irresponsible idiot, you fucking moron, you piece of trash, you missed a credit card payment 5 years ago and you think you deserve to own a home? Go fuck yourself. Also, someone in Russia and or India now has your SSN and all of your personal information. Sorry about that.

 

[figmentPez]

Also, someone in Russia and or India now has your SSN and all of your personal information. Sorry, not sorry.

FTFY

 

[fade]

Don't know if this is true but

 

[strawman]

Wow, this just gets better and better.

 

[figmentPez]

Don't know if this is true but

CNN, NPR, Business Insider, etc. are all reporting that story. Someone in the company knew about the data breach on Jul 29th (Saturday) and three major executives sell stock on Aug 1 & 2 (Tuesday and Wednesday) and you expect me to believe that none of those three heard about a breach as soon as it was known, let alone 2 - 3 business days later? That should be criminal either way.

 

[PatrThom]

The executives thing is a known fact (executives kinda HAVE to report that stuff), the question is whether or not they knew of the breach prior to initiating their respective sales.

--Patrick

 

[figmentPez]

The executives thing is a known fact (executives kinda HAVE to report that stuff), the question is whether or not they knew of the breach prior to initiating their respective sales.

If it really did take 3 business days for the Information Solutions President to learn of a massive security breech, it should be criminal, even if it isn't. It shouldn't be legal to be that lax about the protection of consumer data, not for such a major monetary institution.

 

[Cheesy1]

If it really did take 3 business days for the Information Solutions President to learn of a massive security breech, it should be criminal, even if it isn't. It shouldn't be legal to be that lax about the protection of consumer data, not for such a major monetary institution.

"Hmm? Oh, a poor person, who cares!"

 

[Dave]

And I posted about it on the first page...

 

[Covar]

I feel like we're at the point where there needs to be some kind of criminal prosecution taken for these data breaches. Giving away 1 year of monitoring is just bullshit.

 

[PatrThom]

A class action lawsuit has already been filed...in Atlanta, GA, which is where Equifax is based.
One of the people heading up the case is the former Governor of GA.
This could go badly for Equifax.

--Patrick

 

[DarkAudit]

The stupid just keeps on coming...

Quoted tweet...

 

[Jay]

https://www.theverge.com/2017/9/11/16290730/equifax-chatbots-ai-joshua-browder-security-breach

 

[PatrThom]

Equifax had 'admin' as login and password in Argentina

We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cyber-security event that occurred in the United States last week

That's two...

--Patrick

 

[GasBandit]

 

[PatrThom]

Hey now, I resemble that remark.
...granted, I probably would've made sure the machines were up to date on all their patches, so there's that.

--Patrick

 

[PatrThom]

Looks like the CIO and CSO have both suddenly "retired."

--Patrick

 

[mikerc]

Plus there's the fact that the checker website is even less secure than their usual website, doesn't have a matching domain registration, and several other things that make people uneasy.

--Patrick

Yeah, someone set up a website at securityequifax2017.com pointing out why the way the checker website was set up was a bad idea. And have now been proved correct by Equifax's twitter sending people to the fake site rather than the real one. They could just have easily have been sending people to a phishing site.

 

[MindDetective]

 

[PatrThom]

Equifax CEO Richard Smith resigns.
"You can't fire me, I quit!"

--Patrick