Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Equifax Data Breach Could Affect 143 Million Americans [Updated]

posted by martyb on Friday September 08 2017, @01:24AM   Printer-friendly
from the Quis-custodiet-ipsos-custodes? dept.

We had three Soylentils send in notice of a major breach at Equifax. The company has a web site specifically for this breach: https://www.equifaxsecurity2017.com/.

Equifax Data Breach Could Affect 143 Million Americans

takyon writes:

Equifax, one of the big three US consumer credit reporting agencies, says that criminals exploited a web application vulnerability to gain access to "certain files":

Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.

Is there a silver lining to this event?

Also at NYT, Ars Technica, and CNN.

Huge Cyber Theft from Equifax!

realDonaldTrump writes:

"Cyber security expert Morgan Wright weighs in on the Equifax Inc hack, which may have exposed the personal details of potentially more than 143 million people." http://www.foxbusiness.com/features/2017/09/07/equifax-143m-us-consumers-affected-by-criminal-cyber-security-breach.html

Equifax Hacked - Data Breach of *Basically Everyone's* PII

el_oscuro writes:

According to ARS, Consumerist, and others:

Equifax announced today that it discovered “unauthorized access” to their systems — i.e. a data breach — on July 29. 143 million records, basically *everyone* in their database.

That query must have taken a long time to run.

Whoever got into their systems had access from mid-May through the end of July, so about two-and-a-half months.

Equifax says it has “no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases,” but plenty of Equifax systems were accessed, and data purloined. The company adds the standard adage about reporting the incident to law enforcement and working with both independent forensic investigators as well as the relevant authorities to sort out who’s responsible.

What was stolen?

This one is bad. The illicitly accessed data includes:

  • Names
  • Dates of birth
  • Addresses
  • Social Security numbers
  • Driver’s license numbers

That is, of course, basically the identity theft jackpot. Every account that needs verification that you’re you asks for that exact set of data, so now anyone can be you.

So, all of your PII are belongs to us.

Original Submission #1Original Submission #2Original Submission #3

 
This discussion has been archived. No new comments can be posted.
Equifax Data Breach Could Affect 143 Million Americans [Updated] | Log In/Create an Account | Top | 55 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by richtopia on Friday September 08 2017, @02:41AM (3 children)

    by richtopia (3160) on Friday September 08 2017, @02:41AM (#564900) Homepage Journal

    Honestly we need to replace the SSN. However I have no good solution, and I'm not sure if anyone does. The number is designed to track people for Social Security, however it has expanded into a national ID number.

    Maybe we can do something involving a decentralized currency blockchain. Buzzwords really work, right?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 3, Funny) by fyngyrz on Friday September 08 2017, @06:05AM

    by fyngyrz (6567) on Friday September 08 2017, @06:05AM (#564960) Journal

    Honestly we need to replace eliminate the SSN.

    FTFY.

  • (Score: 0) by Anonymous Coward on Friday September 08 2017, @08:49PM

    by Anonymous Coward on Friday September 08 2017, @08:49PM (#565312)

    the cto of the opm says they're looking into this "bitchain stuff".

  • (Score: 2) by cykros on Friday September 08 2017, @10:51PM

    by cykros (989) on Friday September 08 2017, @10:51PM (#565363)

    If we really need a national identifier to take the role of the SSN, it should be a public key, issued and signed at a government agency (perhaps your local post office?), able to be replaced in the event of a compromise (and perhaps on a schedule). The real trouble would come in ensuring that people manage to keep their private key safe and not lose it. Perhaps some rugged memory built into one's driver's license?

    The idea of a number that is used everywhere being a secret key that opens up all manner of doors is completely asinine. While it might be okay enough to differentiate between John Smith (822-37-8324) and John Smith (836-82-5724), it's not remotely up to the task of providing authentication and should cease to be used as such.