Search forums

Forums

Export thread

Equifax - Now with 50% more data breaches!

Sep 8, 2017#1

strawman

So 143 million people (about half the adult population of the USA) have had their names, birthdates, and social security numbers, along with a lot of other personal account information, released due to a data breach by a major credit rating agency, Equifax.

This occurred over a month ago, and the press just found out.

They've set up a website to allow people to find out if their information was part of the breach, but due to the overwhelming response they've created a process that allows you to request the information, and it gives you a day after which they'll allow you to complete the request. So I signed up last night, and they told me I can come back next Wednesday to find out. It's odd, but at least the website is up and running.

https://www.equifaxsecurity2017.com/

May the odds be ever in your favor!

Sep 8, 2017#2

jwhouk

Nothing here, but I did sign up for their monitoring service.

Sep 8, 2017#3

GasBandit

Yep, it said my info "may be compromised." I signed up for the credit monitoring as well.

Rowrbazzle.

Sep 8, 2017#4

blotsfan

Don't check their site. If you do, you waive your right to be in a class-action lawsuit.

Sep 8, 2017#5

Dave

blotsfan said:
Don't check their site. If you do, you waive your right to be in a class-action lawsuit.

Wait, what? So if you sign up for their monitoring system you are waiving your rights? I doubt that will hold up in court.

Also...

https://www.bloomberg.com/news/arti...utives-sold-stock-before-revealing-cyber-hack

Sep 8, 2017#6

Dave

Welp. I guess you do give up you rights, even though the New York AG has already said it's unenforceable.

https://arstechnica.com/tech-policy...im-you-must-give-up-right-to-sue-to-find-out/

Sep 8, 2017#7

blotsfan

And the Supreme Court has already ruled banning involvement in a class-action suit in terms and conditions is fine.

https://en.m.wikipedia.org/wiki/AT&T_Mobility_LLC_v._Concepcion

In related news, Hell is too nice for Antonin Scalia.

Sep 8, 2017#8

Bubble181

That's completely insane. So...Either you don't check if you're a victim, and you have no reaosn to go get involved in the class action suit, or you check if you're a victim, and you can't sue?

Any type of contract that says "and even if you get hurt by our fault, you can't sue us! Nyah!" should be illegal. That's beyond horrible.

Sep 8, 2017#9

Dave

And then there's this:

http://www.zdnet.com/article/we-tes...c64629f&bhid=22856446893065142791845377672775

Sep 8, 2017#10

PatrThom

Plus there's the fact that the checker website is even less secure than their usual website, doesn't have a matching domain registration, and several other things that make people uneasy.

--Patrick

Sep 8, 2017#11

figmentPez

GasBandit said:
Yep, it said my info "may be compromised."

That may not mean anything. Reports are saying that even fake names combined with random numbers can turn up results of "may be compromised". See the article Dave linked.

Sep 8, 2017#12

Frank

You fucking irresponsible idiot, you fucking moron, you piece of trash, you missed a credit card payment 5 years ago and you think you deserve to own a home? Go fuck yourself. Also, someone in Russia and or India now has your SSN and all of your personal information. Sorry about that.

Sep 8, 2017#13

figmentPez

Frank said:
Also, someone in Russia and or India now has your SSN and all of your personal information. Sorry, not sorry.

FTFY

Sep 8, 2017#14

fade

Don't know if this is true but

Sep 8, 2017#15

strawman

Wow, this just gets better and better.

Sep 8, 2017#16

figmentPez

fade said:
Don't know if this is true but

CNN, NPR, Business Insider, etc. are all reporting that story. Someone in the company knew about the data breach on Jul 29th (Saturday) and three major executives sell stock on Aug 1 & 2 (Tuesday and Wednesday) and you expect me to believe that none of those three heard about a breach as soon as it was known, let alone 2 - 3 business days later? That should be criminal either way.

Sep 8, 2017#17

PatrThom

The executives thing is a known fact (executives kinda HAVE to report that stuff), the question is whether or not they knew of the breach prior to initiating their respective sales.

--Patrick

Sep 8, 2017#18

figmentPez

PatrThom said:
The executives thing is a known fact (executives kinda HAVE to report that stuff), the question is whether or not they knew of the breach prior to initiating their respective sales.

If it really did take 3 business days for the Information Solutions President to learn of a massive security breech, it should be criminal, even if it isn't. It shouldn't be legal to be that lax about the protection of consumer data, not for such a major monetary institution.

Sep 8, 2017#19

Cheesy1

figmentPez said:
If it really did take 3 business days for the Information Solutions President to learn of a massive security breech, it should be criminal, even if it isn't. It shouldn't be legal to be that lax about the protection of consumer data, not for such a major monetary institution.

"Hmm? Oh, a poor person, who cares!"

Sep 10, 2017#20

Dave

And I posted about it on the first page...

Sep 10, 2017#21

Covar

I feel like we're at the point where there needs to be some kind of criminal prosecution taken for these data breaches. Giving away 1 year of monitoring is just bullshit.

Sep 10, 2017#22

PatrThom

A class action lawsuit has already been filed...in Atlanta, GA, which is where Equifax is based.
One of the people heading up the case is the former Governor of GA.
This could go badly for Equifax.

--Patrick

Sep 11, 2017#23

DarkAudit

The stupid just keeps on coming...

Quoted tweet...

Sep 12, 2017#24

Jay

https://www.theverge.com/2017/9/11/16290730/equifax-chatbots-ai-joshua-browder-security-breach

Sep 13, 2017#25

PatrThom

Equifax had 'admin' as login and password in Argentina

We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cyber-security event that occurred in the United States last week

That's two...

--Patrick

Sep 14, 2017#26

GasBandit

Sep 14, 2017#27

PatrThom

GasBandit said:

Hey now, I resemble that remark.
...granted, I probably would've made sure the machines were up to date on all their patches, so there's that.

--Patrick

Sep 15, 2017#28

PatrThom

Looks like the CIO and CSO have both suddenly "retired."

--Patrick

Sep 20, 2017#29

mikerc

PatrThom said:
Plus there's the fact that the checker website is even less secure than their usual website, doesn't have a matching domain registration, and several other things that make people uneasy.

--Patrick

Yeah, someone set up a website at securityequifax2017.com pointing out why the way the checker website was set up was a bad idea. And have now been proved correct by Equifax's twitter sending people to the fake site rather than the real one. They could just have easily have been sending people to a phishing site.

Sep 20, 2017#30

MindDetective

Sep 26, 2017#31

PatrThom

Equifax CEO Richard Smith resigns.
"You can't fire me, I quit!"

--Patrick

Forums