Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday September 08 2017, @01:24AM   Printer-friendly
from the Quis-custodiet-ipsos-custodes? dept.

We had three Soylentils send in notice of a major breach at Equifax. The company has a web site specifically for this breach: https://www.equifaxsecurity2017.com/.

Equifax Data Breach Could Affect 143 Million Americans

Equifax, one of the big three US consumer credit reporting agencies, says that criminals exploited a web application vulnerability to gain access to "certain files":

Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.

Is there a silver lining to this event?

Also at NYT, Ars Technica, and CNN.

Huge Cyber Theft from Equifax!

"Cyber security expert Morgan Wright weighs in on the Equifax Inc hack, which may have exposed the personal details of potentially more than 143 million people." http://www.foxbusiness.com/features/2017/09/07/equifax-143m-us-consumers-affected-by-criminal-cyber-security-breach.html

Equifax Hacked - Data Breach of *Basically Everyone's* PII

According to ARS, Consumerist, and others:

Equifax announced today that it discovered “unauthorized access” to their systems — i.e. a data breach — on July 29. 143 million records, basically *everyone* in their database.

That query must have taken a long time to run.

Whoever got into their systems had access from mid-May through the end of July, so about two-and-a-half months.

Equifax says it has “no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases,” but plenty of Equifax systems were accessed, and data purloined. The company adds the standard adage about reporting the incident to law enforcement and working with both independent forensic investigators as well as the relevant authorities to sort out who’s responsible.

What was stolen?

This one is bad. The illicitly accessed data includes:

  • Names
  • Dates of birth
  • Addresses
  • Social Security numbers
  • Driver’s license numbers

That is, of course, basically the identity theft jackpot. Every account that needs verification that you’re you asks for that exact set of data, so now anyone can be you.

So, all of your PII are belongs to us.


Original Submission #1Original Submission #2Original Submission #3

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by Justin Case on Friday September 08 2017, @01:18PM (15 children)

    by Justin Case (4239) on Friday September 08 2017, @01:18PM (#565071) Journal

    somebody else can take out credit for you. Looks like you still lost the game

    Why should I care in the slightest if Criminal A tricks stupid careless sloppy Bank B into giving money to A because A claims to be me?

    I'm not involved in this transaction in any way. I am not a "victim" of "identity theft". My identity wasn't stolen; I still have it.

    Now I suppose clueless Bank B might ask me to pay back the loan someday. My response: What loan? Show me the contract bearing my signature. Oh you don't have one? Fuck off.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2, Informative) by Anonymous Coward on Friday September 08 2017, @02:59PM (11 children)

    by Anonymous Coward on Friday September 08 2017, @02:59PM (#565128)

    Because Bank B will file on your credit, causing your legitimate creditors to review the conditions they provide you, your insurance providers to raise your rates, and credit to be denied to you should you suddenly need it.

    • (Score: 2, Interesting) by Anonymous Coward on Friday September 08 2017, @04:36PM (4 children)

      by Anonymous Coward on Friday September 08 2017, @04:36PM (#565180)

      Because Bank B will file on your credit, causing your legitimate creditors to review the conditions they provide you, your insurance providers to raise your rates, and credit to be denied to you should you suddenly need it.

      Actually, those are among the least of his worries. What is truly terrifying is if some twizzledick owes back taxes on your stolen identity. The IRS typically won't give a fuck if you plead that this was someone else that fraudulently ran up a tax bill in your name. And need I point out that, with the IRS, they don't need to prove you are guilty, you need to prove you are innocent? Also, bad credit rating could affect access to medical care. Be afraid. Be very afraid.

      • (Score: 0) by Anonymous Coward on Friday September 08 2017, @05:19PM (3 children)

        by Anonymous Coward on Friday September 08 2017, @05:19PM (#565208)

        And need I point out that, with the IRS, they don't need to prove you are guilty, you need to prove you are innocent?

        Is that actually true? Yes, any kind of identity theft will be a PITA, and possibly legally expensive, for the victim to sort out. Given adequate defense, do legitimate tax court cases usually end unfairly?

        • (Score: 0) by Anonymous Coward on Friday September 08 2017, @07:07PM (2 children)

          by Anonymous Coward on Friday September 08 2017, @07:07PM (#565261)

          And need I point out that, with the IRS, they don't need to prove you are guilty, you need to prove you are innocent?

          Is that actually true?

          From the section titled "Spread and impact" (at the bottom of the wiki page) [wikipedia.org]:

          In a widely publicized account, Michelle Brown, a victim of identity fraud, testified before a U.S. Senate Committee Hearing on Identity Theft. Ms. Brown testified that: "over a year and a half from January 1998 through July 1999, one individual impersonated me to procure over $50,000 in goods and services. Not only did she damage my credit, but she escalated her crimes to a level that I never truly expected: she engaged in drug trafficking. The crime resulted in my erroneous arrest record, a warrant out for my arrest, and eventually, a prison record when she was booked under my name as an inmate in the Chicago Federal Prison."

          Also, Identity Theft Victims Are Waiting Months for Their Tax Refunds, TIGTA Says [accountingweb.com] Yep, unfortunately it's true.

          • (Score: 0) by Anonymous Coward on Friday September 08 2017, @07:40PM (1 child)

            by Anonymous Coward on Friday September 08 2017, @07:40PM (#565278)

            Your quote doesn't match the question.

            The question was whether process in the tax court could be described as fair. That it may take longer to claim a tax refund in the case of identity theft is obvious.

            • (Score: 0) by Anonymous Coward on Friday September 08 2017, @09:50PM

              by Anonymous Coward on Friday September 08 2017, @09:50PM (#565340)

              Your quote doesn't match the question.

              The question was whether process in the tax court could be described as fair.

              ????? Michelle Brown found herself in the position of having to clear her name and prove that she was not a convicted felon. In what rational universe could that possibly be construed as fair?!? Meanwhile, here in the real world, defendants are (supposed to be) considered innocent until proven guilty.

    • (Score: 2) by edIII on Friday September 08 2017, @05:25PM (4 children)

      by edIII (791) on Friday September 08 2017, @05:25PM (#565212)

      Ohhhh, I hope they fucking do. Please, please, please let this happen to me. Banks have what lawyers masturbate to at night; Deep Pockets.

      If Bank B fucked up that big, I can get Lawyer C to put the big D into Bank B. Afterwards, I get a tidy sum after splitting it with the lawyer.

      In a court of law, they need to prove it was me.

      --
      Technically, lunchtime is at any moment. It's just a wave function.
      • (Score: 0) by Anonymous Coward on Friday September 08 2017, @07:45PM (3 children)

        by Anonymous Coward on Friday September 08 2017, @07:45PM (#565280)

        Months and $$$ later, yeah, you may receive justice. Depends if you can afford to front the $$$ and spend months fighting. Seems unlikely to me that a lawyer would take such a case purely on contingency.

        • (Score: 3, Informative) by edIII on Friday September 08 2017, @09:23PM (2 children)

          by edIII (791) on Friday September 08 2017, @09:23PM (#565329)

          Then you have no imagination, and are largely ignorant of the processes involved.

          Sue them in small claims court. The top limit is $5k, but it will only cost you $75 max to initiate the lawsuit. By law, Equifax must appear and send an executive down with the lawyer. This is why when a large corporation fucks up they will settle on the $5k, if they are smart. That's much less than the cost of sending a lawyer and executive to a small claims court in California. If they don't appear it's also very likely I receive a default judgement against them, as my arguments are not about pain and suffering using facts they themselves put out in public.

          If/When I win the case, it sets precedence. Then I speak with the lawyer and inform him that the $5k will be used to put up a how-to website describing how everyone else can sue them in small claims court too. Death by 10,000 cuts to follow. Unless I get $100k, and for that, I would be willing to agree to no class actions or websites created. Either way, I fucked them out of thousands just by filing the damn suit. Even funnier is just to sue for the costs of the suit plus $1 for principles. I know the plane costs and paying the lawyer and executive far exceed whatever I could get, so they get fucked.

          Often companies like to not pay. Lawyers have told my family, "Good luck collecting". Bwahahahahhahahahhha!! You show up with a sheriff at their headquarters and start taking chairs, desks, computers, etc. It's all legal, and I can do it until the sale of their shit can get rid of my judgment. I've been there looking at the lawyers face and his response was, "I will have the check by tomorrow".

          Yes, there are lawyers that would eat that up on contingency in a second. Remember, if he wins, there are 143 million (minus 1) other prospects for doing the exact same thing. Plus the possibilities of class actions. I've never been in an agreement with Equifax, so they don't get arbitration.

          --
          Technically, lunchtime is at any moment. It's just a wave function.
          • (Score: 0) by Anonymous Coward on Saturday September 09 2017, @11:05AM

            by Anonymous Coward on Saturday September 09 2017, @11:05AM (#565585)

            It only sets a precedent if the case is published.

          • (Score: 0) by Anonymous Coward on Saturday September 09 2017, @10:36PM

            by Anonymous Coward on Saturday September 09 2017, @10:36PM (#565784)

            Idea: ask the court to grant an injunction against Equifax keeping records about the plaintiff. Unintended consequences may ensue. :-)

    • (Score: 0) by Anonymous Coward on Friday September 08 2017, @08:34PM

      by Anonymous Coward on Friday September 08 2017, @08:34PM (#565305)

      About insurance:

      More specifically, the alternative data used in Insight Score for Insurance includes account payment data from the communications, utility and payTV industries to provide you with predictive FCRA consumer data on more than 187 million unique consumers, 27 million of which have no consumer credit file.

      http://www.equifax.com/business/insight-score-insurance [equifax.com]

  • (Score: 3, Informative) by edIII on Friday September 08 2017, @05:31PM (2 children)

    by edIII (791) on Friday September 08 2017, @05:31PM (#565214)

    Yes, Stand your ground. I did it with a wireless carrier that claimed I racked up thousands of dollars in charges on an account opened in my name with my social. Of course... this was Sprint. Who I have never done business with in my life. I never signed any contract, and Sprint is notorious for shitty security and events exactly like this.

    They tried suing me and I laughed my fucking ass off and watched them lose theirs. Reasonable doubt was provided nicely by the thousands of dollars I had being paying a different wireless carrier under contract for several years before the account was opened at Sprint. None of the numbers called belonged to anyone I knew. Anybody with a brain could see it was fraud, which excluded Sprint.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 0) by Anonymous Coward on Friday September 08 2017, @08:38PM

      by Anonymous Coward on Friday September 08 2017, @08:38PM (#565307)

      The standard, I think, is a preponderance of evidence. Had they managed to get criminal charges filed against you, the standard would be reasonable doubt.

    • (Score: 1) by anubi on Saturday September 09 2017, @03:17AM

      by anubi (2828) on Saturday September 09 2017, @03:17AM (#565479) Journal

      I hope you got a nice settlement for all that pain and aggravation they brought upon you.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]