It’s time to build our own Equifax with blackjack and crypto | TechCrunch

https://techcrunch.com/2017/09/08/its-time-to-build-our-own-equifax-with-blackjack-and-crypto/?utm_source=tcfbpage&sr_share=facebook

This article talks about security breach that will affect verty many people in the USA. It can cause need to rethink the current sloppy security practices on many companies – the identifying data many companies use has now leaked out.

The private data of 143 million Equifax “customers” is now available for download. Have no doubt: This means you will be hacked. This means your SIM card can be spoofed. This means someone will try to get into your email and online accounts. This means someone will try to open a credit card in your name. 
First, we cannot allow our most precious data to be accessible via the last four digits of our social security number. 

Further, we must also outlaw SMS two-factor authentication. In fact, thanks to the data stolen from Equifax, that process can be easily broken.

Mistakes happen. Ultimately we must hold these companies that keep leaking sensitive data accountable for their fails. In short, it’s time for those who are careless big data to die.

USA might need to look outside the US for leadership in security. 

141 Comments

  1. Tomi Engdahl says:

    Security News This Week: Equifax Was Warned of Vulnerability Months Before Breach
    https://www.wired.com/story/equifax-warned-of-vulnerability-months-before-breach/

    Reply
  2. Tomi Engdahl says:

    Lessons from Equifax: Open Source Security & Data Privacy Compliance
    https://www.brighttalk.com/webcast/13983/286873?utm_campaign=Webinars&utm_content=62159126&utm_medium=social&utm_source=facebook

    The Equifax breach provided a unique look into “how” many breaches occur. In Equifax’s case, hackers exploited an unpatched Apache Struts component, resulting in the exposure of over 140 million consumer records. The exploit of this vulnerability highlights the need for visibility to open source in custom applications and just how ineffective traditional security solutions are when it comes to open source vulnerabilities.

    Further, while class action lawsuits have already begun, Equifax faces other regulatory challenges as well. The US Federal Trade Commission started investigations into the company’s security policies and controls that will likely result in financial penalties. Since the exposed data included non-US citizens, foreign data protection and data privacy regulations also come into play.

    Reply
  3. Tomi Engdahl says:

    Equifax Says Execs Unaware of Hack When They Sold Stock
    http://www.securityweek.com/equifax-says-execs-unaware-hack-when-they-sold-stock

    Equifax said Friday an internal review found that four executives who sold shares ahead of disclosure of a massive data breach at the credit agency were unaware of the incident ahead of the sale.

    The company released the findings of its review of the stock sales worth some $1.8 million just prior to public disclosure of the hack affecting sensitive data of some 145 million as well as some British and Canadian nationals.

    The “special committee” investigating for the company concluded that “none of the four executives had knowledge of the incident” and that none engaged in insider trading.

    The committee reviewed more than 55,000 documents including emails, text messages, phone logs and other records, according to a company statement.

    “I’m grateful for the timely and thorough review,” non-executive chairman Mark Feidler said in the statement.

    Reply
  4. Tomi Engdahl says:

    Equifax: Hack Related Expenses Cost Company $87.5 Million in Q3
    http://www.securityweek.com/equifax-hack-related-expenses-cost-company-875-million-q3

    Equifax on Thursday said that during the third quarter of 2017, it incurred $87.5 million in expenses related to the massive hack that was disclosed on September 7, 2017.

    The credit reporting agency provided a breakdown of expenses as follows: $55.5 million in product costs, $17.1 million professional fees—a good portion which likely was paid to FireEye’s Mandiant division, attorney’s, and any other firms hired as part of the incident investigation and response. Customer support costs was marked at $14.9 million.

    The expenses related to the cybersecurity incident, the company says, include “costs to investigate and remediate the cybersecurity incident and legal and other professional services related thereto, all of which were expensed as incurred.”

    The company also said that it would be liable for additional costs stemming from the free credit file monitoring and identity theft protection that it is offering all U.S. consumers.

    Reply
  5. Tomi Engdahl says:

    Wall Street Journal:
    At a congressional hearing, the interim Equifax CEO said he’s not sure if the company is encrypting consumer data stored on its computers

    Equifax CEO to Congress: Not Sure We Are Encrypting Data
    Interim chief should have asked his staff ‘the day he took over,’ analyst says
    https://www.wsj.com/articles/equifax-ceo-to-congress-not-sure-we-are-encrypting-data-1510180486

    Reply
  6. Tomi Engdahl says:

    Hayley Tsukayama / Washington Post:
    Equifax says it is facing 240 consumer class-action lawsuits, 60 government investigations, and has recorded $87.7M in hack related costs in Q3

    Equifax faces hundreds of class-action lawsuits and an SEC subpoena over the way it handled its data breach
    https://www.washingtonpost.com/news/the-switch/wp/2017/11/09/equifax-faces-hundreds-of-class-action-lawsuits-and-an-sec-subpoena-over-the-way-it-handled-its-data-breach/?utm_term=.4e989a290075

    Equifax, the credit reporting firm, is facing more than 240 class-action lawsuits from consumers — in addition to suits from shareholders and financial institutions — over the way it handled a massive data breach that affected 145.5 million Americans.

    The lawsuits were detailed in the company’s third-quarter earnings report Thursday, its first since revealing the breach in September. The incident prompted three top officials to leave the company, including former chief executive Richard Smith.

    Equifax also said in its filings that it had received subpoenas from the Securities and Exchange Commission, as well as the U.S. Attorney’s Office for the Northern District of Georgia “regarding trading activities by certain of our employees in relation to the cybersecurity incident.”

    To date, SEC Chairman Jay Clayton has not confirmed or denied that the SEC is investigating those executives for insider trading, according to the Associated Press.

    The credit bureau is also facing more than 60 government investigations from states, U.S. federal agencies and the British and Canadian governments, the earnings report revealed.

    Equifax estimates that the breach-related costs will total $87.5 million, including the cost of the free credit-monitoring services it provides to breach victims.

    Equifax reported $834.8 million in revenue in its third quarter, which is up 4 percent from the same time last year; analysts had expected this, as the bulk of the company’s money comes from selling services to other business, not consumers. Profits, however, were down 27 percent from the previous year at $96.3 million — in large part due to the breach.

    Reply
  7. Tomi Engdahl says:

    Lessons from Equifax: Open Source Security & Data Privacy Compliance
    https://www.brighttalk.com/webcast/13983/286873?utm_campaign=Webinars&utm_content=62159126&utm_medium=social&utm_source=facebook

    The Equifax breach provided a unique look into “how” many breaches occur. In Equifax’s case, hackers exploited an unpatched Apache Struts component, resulting in the exposure of over 140 million consumer records. The exploit of this vulnerability highlights the need for visibility to open source in custom applications and just how ineffective traditional security solutions are when it comes to open source vulnerabilities.

    Further, while class action lawsuits have already begun, Equifax faces other regulatory challenges as well. The US Federal Trade Commission started investigations into the company’s security policies and controls that will likely result in financial penalties. Since the exposed data included non-US citizens, foreign data protection and data privacy regulations also come into play

    Reply
  8. Tomi Engdahl says:

    Equifax Q3 results: Not as bad as you might have hoped – hack only cost biz about $87m
    Sales up, profits not so much
    https://www.theregister.co.uk/2017/11/10/equifax_q3_results/

    Reply
  9. Tomi Engdahl says:

    Did you know that the Apache Struts Vulnerability exploited by hackers to disastrous effect at Equifax existed in the code for over four years? This infographic outlines the vulnerability from bug to

    https://www.blackducksoftware.com/download/apache-struts-breach?utm_campaign=Black%20Duck%20Content&utm_content=61636186&utm_medium=social&utm_source=facebook

    Reply
  10. Tomi Engdahl says:

    Senators Propose New Breach Notification Law
    http://www.securityweek.com/senators-propose-new-breach-notification-law

    Senators Propose New Data Protection Bill Following Equifax and Uber Breaches

    Following the Equifax breach and the hidden Uber breach, three U.S. senators have introduced the Data Security and Breach Notification Act. Its purpose is to ensure better protection of personal information, and to provide a nationwide standard breach notification requirement. It is effectively a re-introduction of the 2015 bill of the same name.

    “The recent data breaches, from Uber to Equifax, will have profound, long-lasting impacts on the integrity of many Americans’ identities and finances, and it is simply unacceptable that millions of them may still not know that they are at risk, nor understand what they can and should do to help limit the potential damage,” said Senator Baldwin.

    “We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” said Nelson. “Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what’s best for consumers, the choice is clear.”

    There are three noteworthy aspects to this bill: 30 days to disclose following a breach; up to five years in prison for failure to do so; and the FTC with NIST to draw up recommendations on the technology or methodologies necessary to avoid such sanctions.

    Reply
  11. Tomi Engdahl says:

    John McCrank / Reuters:
    Equifax expects $275M in 2018 costs from the data breach, says 2.4M additional customers were affected by 2017 cyber attack

    Equifax breach could be most costly in corporate history
    https://www.reuters.com/article/us-equifax-cyber/equifax-breach-could-be-most-costly-in-corporate-history-idUSKCN1GE257

    Equifax Inc (EFX.N) said it expects costs related to its massive 2017 data breach to surge by $275 million this year, suggesting the incident at the credit reporting bureau could turn out to be the most costly hack in corporate history.

    Equifax Inc (EFX.N) said it expects costs related to its massive 2017 data breach to surge by $275 million this year, suggesting the incident at the credit reporting bureau could turn out to be the most costly hack in corporate history.

    Reply
  12. Tomi Engdahl says:

    Equifax exec charged with insider trading, selling shares ahead of hack news
    https://techcrunch.com/2018/03/14/equifax-exec-charged-with-insider-trading-selling-shares-ahead-of-hack-news/?utm_source=tcfbpage&sr_share=facebook

    Former Equifax exec Jun Ying has been charged with insider trading, according to the Securities and Exchange Commission. Ying is accused of knowing that Equifax had been hacked and selling company shares before the public was notified.

    Reply
  13. Tomi Engdahl says:

    Security
    Equifax reveals full horror of that monstrous cyber-heist of its servers
    https://www.theregister.co.uk/2018/05/08/equifax_breach_may_2018/

    146 million people, 99 million addresses, 209,000 payment cards, 38,000 drivers’ licenses and 3,200 passports

    Equifax has published yet more details on the personal records and sensitive information stolen by miscreants after they hacked its databases in 2017.

    The good news: the number of individuals affected by the network intrusion hasn’t increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant’s ongoing audit of the security breach.

    In February, in response to questions from US Senator Elizabeth Warren (D-MA), Equifax agreed that card expiry dates and tax IDs could have been among the siphoned data, but it hadn’t yet worked out how many people were affected.

    As well as the – take a breath – 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers’ licenses and 3,200 passport details lifted, too.

    The further details emerged after Mandiant’s investigators helped “standardise certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen.”

    The cyber-break-in occurred because Equifax ran an unpatched and therefore insecure version of Apache Struts, something it blamed on a single employee.

    Reply
  14. Tomi Engdahl says:

    Equifax reveals full horror of that monstrous cyber-heist of its servers
    https://www.theregister.co.uk/2018/05/08/equifax_breach_may_2018/

    146 million people, 99 million addresses, 209,000 payment cards, 38,000 drivers’ licenses and 3,200 passports

    Reply
  15. Tomi Engdahl says:

    A year later, Equifax lost your data but faced little fallout
    https://techcrunch.com/2018/09/08/equifax-one-year-later-unscathed/?sr_share=facebook&utm_source=tcfbpage

    Equifax is financially stable and legally in the clear, but lawmakers aren’t backing down.

    A
    A year later, Equifax lost your data but faced little fallout
    Equifax is financially stable and legally in the clear, but lawmakers aren’t backing down.
    Zack Whittaker
    @zackwhittaker / Yesterday

    Former Equifax CEO Richard Smith Testifies To Senate Banking Committee On Company’s Recent Massive Data Breach
    A lot can change in a year. Not when you’re Equifax.

    The credit rating giant, one of the largest in the world, was trusted with some of the most sensitive data used by banks and financiers to determine who can be lent money. But the company failed to patch a web server it knew was vulnerable for months, which let hackers crash the servers and steal data on 147 million consumers. Names, addresses, Social Security numbers and more — and millions more driver license and credit card numbers were stolen in the breach. Millions of British and Canadian nationals were also affected, sparking a global response to the breach.

    It was “one of the most egregious examples of corporate malfeasance since Enron,” said Senate Democratic leader Chuck Schumer at the time.

    Yet, a year on from following the devastating hack that left the company reeling from a breach of almost every American adult, the company has faced little to no action or repercussions.

    Reply
  16. Tomi Engdahl says:

    Attackers Made 9,000 Unauthorized Database Queries in Equifax Hack: Report
    https://www.securityweek.com/attackers-made-9000-unauthorized-database-queries-equifax-hack-report

    It took Equifax 76 days to detect the massive 2017 data breach, despite the fact that attackers had conducted roughly 9,000 unauthorized queries on its databases, according to a new report from the U.S. Government Accountability Office (GAO).

    In mid-May 2017, malicious actors exploited a known vulnerability in the Apache Struts development framework to gain access to Equifax systems. The company said the breach affected roughly 145 million customers – mostly in the U.S., but also in Canada and the United Kingdom.

    According to the GAO report, attackers started scanning Equifax’s systems for the Struts vulnerability just a few days after the existence of the security hole was made public. One of the affected systems was an online dispute portal, on which the attackers gained the ability to execute system-level commands. That enabled them to start querying tens of databases in an effort to find personally identifiable information (PII).

    Equifax’s security systems not only failed to detect the Struts vulnerability in the online portal, they also failed to detect the attackers once they gained access.

    The GAO says the hackers executed roughly 9,000 database queries, some of which returned personal information. The breach was ultimately detected by the company’s security team during routine checks.

    Reply
  17. Tomi Engdahl says:

    Android September 2018 Patches Fix Critical Flaws
    https://www.securityweek.com/android-september-2018-patches-fix-critical-flaws

    Google has released its September 2018 security patches for Android, which resolves more than 50 vulnerabilities in the operating system.

    Reply
  18. Tomi Engdahl says:

    US government releases post-mortem report on Equifax hack
    https://www.zdnet.com/article/us-government-releases-post-mortem-report-on-equifax-hack/

    GAO report takes us inside Equifax from March 2017 onward, showing how a few slip-ups led to one of the biggest breaches in US history.

    Reply
  19. Tomi Engdahl says:

    Equifax IT staff had to rerun hackers’ database queries to work out what was nicked – audit
    https://www.theregister.co.uk/2018/09/17/gao_report_equifax_mega_breach/

    And let security kit fail for 10 months due to bad cert

    Equifax was so unsure how much data had been stolen during its 2017 mega-hack that its IT staff spent weeks rerunning the hackers’ database queries on a test system to find out.

    During that attack, hackers broke into the credit check agency’s systems, getting sight of roughly 150 million people in America plus 15 million Brits, and others.

    Computer security breaches are rarely examined in this much detail, however, several departments of the US government are Equifax customers

    We’ll call that the “holy crap” moment but there were other failings, including a lack of segmentation, a technique that could have isolated the databases from one another, or at least triggered an alarm when the intruders tried to move sideways through the network.

    attackers to execute approximately 9,000 such queries

    Equifax did get lucky on one score: had the attackers erased some of the logs, reconstructing what they’d been up to during all those weeks of easy access may have been much harder.

    Reply
  20. Tomi Engdahl says:

    Equifax fined £500,000 over customer data breach
    https://www.zdnet.com/article/equifax-fined-500000-over-customer-data-breach/

    If the security incident had taken place after GDPR came into play, the fine may have been far higher.

    Equifax has been issued a £500,000 fine after a catastrophic data breach in 2017 led to the compromise of data belonging to up to 15 million UK citizens.

    The credit monitoring service experienced a data breach last year in which 146 million records were stolen. Customers worldwide were affected, with the majority living in the United States.

    The information exposed due to lax security practices included names, dates of birth, addresses, phone numbers, driver’s license details, Social Security numbers, and credit card data.

    Reply
  21. Tomi Engdahl says:

    Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading
    https://www.zdnet.com/article/equifax-engineer-who-designed-breach-portal-gets-8-months-of-house-arrest-for-insider-trading/

    SEC said engineer figured out on his own that the website he was building was for the company’s security breach.

    A former Equifax engineer who coded parts of the company’s breach notification website for last year’s security incident was sentenced this week to eight months of home confinement and restitution of ill-gotten funds after using insider information about the Equifax breach to make over $75,000 from insider trading.

    The US Securities and Exchange Commission (SEC) charged Bonthu in June. He pleaded guilty a month later.

    According to court documents, Bonthu was one of the engineers who worked on coding the equifaxsecurity2017.com website where Equifax sent customers to see if they were affected by last year’s security breach during which a hacker stole the personal details of over 145 million users.

    More specifically he created “an online user interface into which users could input information to determine whether they had been impacted by the breach.”

    The SEC said in an indictment that Bonthu realized on his own –based on test data and discussions on internal mailing lists– that the secretive Project Spart client was, in reality, his employer.

    The SEC said that Bonthu abused this information and used his wife’s brokerage account to buy 86 “put options” in Equifax stock worth $2,166.11. Bonthu’s stock options would come through if Equifax’s stock had gone below $130 per share by September 15.

    As expected, Equifax stock plummeted after the company disclosed its breach on September 7, 2017

    Reply
  22. Tomi Engdahl says:

    One single patch could’ve prevented one of the largest breaches in U.S. history.

    Equifax breach was ‘entirely preventable’ had it used basic security measures, says House report
    https://techcrunch.com/2018/12/10/equifax-breach-preventable-house-oversight-report/?utm_source=tcfbpage&sr_share=facebook

    A House Oversight Committee report out Monday has concluded that Equifax’s security practices and policies were sub-par and its systems were old and out-of-date, and bothering with basic security measures — like patching vulnerable systems — could’ve prevented its massive data breach last year.

    Reply
  23. Tomi Engdahl says:

    U.S. House Report Blasts Equifax Over Poor Security Leading to Massive 2017 Breach
    https://www.securityweek.com/us-house-report-blasts-equifax-over-poor-security-leading-massive-2017-breach

    The company confirmed last year that an Apache Struts vulnerability that had been exploited in the wild for months was used to gain access to its systems. Equifax was even warned about the vulnerability, but failed to properly patch it.

    The attack on Equifax started in May, but was only detected in July, although the adversaries sent 9,000 queries on 48 unrelated databases during that time.

    Reply
  24. Tomi Engdahl says:

    Kate Fazzini / CNBC:
    After the Equifax breach, experts are puzzled about why data from 143M Americans didn’t end up for sale online; one theory suggests a nation-state is using it

    The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme
    https://www.cnbc.com/2019/02/13/equifax-mystery-where-is-the-data.html

    Equifax’s data breach on Sept. 7, 2017, stunned markets and American consumers, but where the data of those 143 million people disappeared to has remained a mystery.
    CNBC talked to experts, intelligence officials, dark web data “hunters” and Equifax to discover where they expect the data has gone, and what it is being used for.
    The prevailing theory today is that the data was stolen by a nation-state for spying purposes, not by criminals looking to cash in on stolen identities.

    Reply
  25. Tomi Engdahl says:

    The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme
    https://www.cnbc.com/2019/02/13/equifax-mystery-where-is-the-data.html

    Equifax’s data breach on Sept. 7, 2017, stunned markets and American consumers, but where the data of those 143 million people disappeared to has remained a mystery.
    CNBC talked to experts, intelligence officials, dark web data “hunters” and Equifax to discover where they expect the data has gone, and what it is being used for.
    The prevailing theory today is that the data was stolen by a nation-state for spying purposes, not by criminals looking to cash in on stolen identities.

    Reply
  26. Tomi Engdahl says:

    Mitä ihmettä tapahtui jättimurrossa viedyille tiedoille? Turvatutkijat äimän käkenä – yksi huolestuttava mahdollisuus
    https://www.tivi.fi/Kaikki_uutiset/mita-ihmetta-tapahtui-jattimurrossa-viedyille-tiedoille-turvatutkijat-aiman-kakena-yksi-huolestuttava-mahdollisuus-6758340

    Reply
  27. Tomi Engdahl says:

    Experts think Equifax was hacked by Russia or China to recruit spies
    https://boingboing.net/2019/02/14/experts-think-equifax-was-hack.html

    In 2017 the private credit information of 143 millions Americans was stolen from Equifax. But the records have never been offered for sale on the black market, which is highly unusual. (The only person who has so far profited from the breach seems to be Equifax CEO Richard F. Smith, who resigned with an $80 million retirement package.)

    So, who stole the records of 1/2 the US population, and why? CNBC interviewed “experts, intelligence officials, dark web data ‘hunters’ and Equifax” and the consensus seems to be China or Russia did it as a way to recruit spies.

    Reply
  28. Tomi Engdahl says:

    Where’s the Equifax Data? Does It Matter?
    https://threatpost.com/equifax-data-nation-state/141929/

    Threat-hunters say the breached data from the massive Equifax incident is nowhere to be found, indicating a spy job.

    Reply
  29. Tomi Engdahl says:

    Equifax Was Aware of Cybersecurity Weaknesses for Years, Senate Report Says
    https://www.securityweek.com/equifax-was-aware-cybersecurity-weaknesses-years-senate-report-says

    The massive Equifax data breach that impacted 148 million Americans in 2017 was the result of years of poor cybersecurity practices, a new Staff Report from the United States Senate’s Permanent Subcommittee on Investigations reveals.

    Reply
  30. Tomi Engdahl says:

    Equifax’s Data Breach Costs Hit $1.4 Billion
    Massive 2017 Breach Continues to Bite the Credit Reporting Giant’s Bottom Line
    https://www.inforisktoday.com/equifaxs-data-breach-costs-hit-14-billion-a-12473

    Credit reporting giant Equifax has spent nearly $1.4 billion on cleanup costs as well as overhauling its information security program following its massive 2017 data breach.

    Two years after the data breach, which began on May 13, 2017, and the company discovered and began remediating on July 29, 2017, resulting legal costs and investigations haven’t stopped taking a big bite out of the company’s bottom line.

    On Friday, Atlanta-based Equifax announced its financial results for the first quarter of 2019, ending March 31, reporting a loss of $555.9 million, compared to net income of $90.9 million in the first quarter of 2018. Equifax’s quarterly revenue was $846.1 million, down 2 percent compared to the first quarter of 2018 although up 1 percent on a local currency basis.

    Breached Impacted Half of All Americans

    Equifax’s data breach resulted in the exposure of the personal data of 148 million individuals in the U.S., or 56 percent of all American adults – representing nearly half of the total U.S. population. The breach also exposed information for 15 million U.K. citizens and about 20,000 Canadians.

    A House report into the breach released last December concluded that the breach “was entirely preventable,” while a Senate report from last month concluded that the breach response was “inadequate and hampered by Equifax’s neglect of cybersecurity”

    Data Breach Costs Mount

    Equifax had a $125 million cybersecurity insurance policy at the time it was breached, with a $7.5 million deductible. “We have received the maximum reimbursement under the insurance policy of $125 million, all of which was received prior to 2019,” it says.

    Meanwhile, costs arising from the data breach continue to mount.

    The company’s 2019 first quarter balance sheet lists $82.8 million in technology and data security costs arising from the data breach, including “incremental costs to transform our technology infrastructure and improve application, network, data security, and the costs of development and launch of Lock and Alert.” The latter is an Equifax product that allows individuals to lock and unlock their credit report with Equifax.

    The balance sheet also lists $12.5 million in quarterly legal and investigative fees, referring to costs associated with “legal, government and regulatory investigations.”

    $1.35 Billion in Breach Costs

    With that accrual, the company says it has recorded $1.35 billion in costs resulting from the data breach, including not only incident response but also new technology and data security changes.

    Breach costs may continue to increase.

    Such factors include ongoing investigations, lawsuits as well as uncertainties over how consumer lawsuits, seeking class-action status, might resolve.

    Reply
  31. Tomi Engdahl says:

    FTC hits Equifax with fine of up to $700M for 2017 data breach
    https://techcrunch.com/2019/07/22/equifax-fine-ftc/?tpcc=ECFB2019

    Credit agency Equifax will pay up to $700 million in fines as part of a settlement with federal authorities over a data breach in 2017.

    The Federal Trade Commission said in a statement Monday that Equifax has agreed to initially pay at least $575 million in fines as part of the settlement with the federal government and states over its “failure to take reasonable steps to secure its network” that led to the breach.

    Reply
  32. Tomi Engdahl says:

    Equifax settlement for data breach will only cost it $4 per person
    https://www.engadget.com/2019/07/22/equifax-settlement-over-data-breach/

    There are concerns the penalty is just a drop in the bucket.

    Reply
  33. Tomi Engdahl says:

    Equifax owes you a lot more, but here’s how to get $125 from this week’s settlement
    https://www.theverge.com/2019/7/25/8930233/equifax-data-breach-ftc-settlement-claim-sign-up-how-to

    Reply
  34. Tomi Engdahl says:

    You won’t see that $125 from Equifax, so don’t bother claiming it, says FTC
    https://tcrn.ch/2K5emgS

    Reply
  35. Tomi Engdahl says:

    Millions of Equifax customers have applied for compensation following the 2017 breach affecting the data of 147 million people. Now the FTC has confirmed there’s not enough money to go around.

    http://on.forbes.com/6181ELckz

    Reply
  36. Tomi Engdahl says:

    Equifax used ‘admin’ as username and password for sensitive data: lawsuit
    https://finance.yahoo.com/news/equifax-password-username-admin-lawsuit-201118316.html

    Equifax (EFX) used the word “admin” as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia.

    “Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes, a password that ‘is a surefire way to get hacked,’” the lawsuit reads.

    The lawsuit also notes that Equifax admitted using unencrypted servers to store the sensitive personal information and had it as a public-facing website.

    The class-action suit consolidated 373 previous lawsuits into one. Unlike other lawsuits against Equifax, these don’t come from wronged consumers, but rather shareholders that allege the company didn’t adequately disclose risks or its security practices.

    The lawsuit claims damages from the fact that the investments lost value due to “multiple false or misleading statements and omissions about the sensitive personal information in Equifax’s custody, the vulnerability of its internal systems to cyberattack, and its compliance with data protection laws and cybersecurity best practices.”

    Reply
  37. Tomi Engdahl says:

    Jeff Stone / CyberScoop:
    Equifax to pay $380.5M to members of a class action suit whose data was compromised in 2017 breach, after a federal judge approved the final settlement Monday — Equifax has agreed to pay $380.5 million to resolve allegations related to the 2017 data breach in which hackers stole information belonging …

    quifax to pay customers $380.5 million as part of final breach settlement
    https://www.cyberscoop.com/equifax-data-breach-settlement/

    Reply
  38. Tomi Engdahl says:

    Charging people that will never stand trial – and were more than likely following orders……was it worth the effort other than to remind the public who the perceived enermy is?

    BBC News – Equifax: US charges four Chinese military officers over huge hack
    https://www.bbc.co.uk/news/world-us-canada-51449778

    The US has charged four Chinese military officers over the huge cyber-attack of credit rating giant Equifax.

    More than 147 million Americans were affected in 2017 when hackers stole sensitive personal data including names and addresses.

    Reply
  39. Tomi Engdahl says:

    Justice Dept. charges four Chinese military hackers over the Equifax data breach
    https://tcrn.ch/37ahBM9

    Reply
  40. Tomi Engdahl says:

    Four members of Chinese army charged with stealing 145 million Americans’ data in 2017 Equifax hack.
    https://www.usatoday.com/story/news/politics/2020/02/10/doj-chinese-army-hacked-equifax-stole-145-million-americans-data/4711796002/

    Finally out, they were supposed to announce this last week

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*