SoylentNews is people
SoylentNews
from the Quis-custodiet-ipsos-custodes? dept.
We had three Soylentils send in notice of a major breach at Equifax. The company has a web site specifically for this breach: https://www.equifaxsecurity2017.com/.
Equifax Data Breach Could Affect 143 Million Americans
Equifax, one of the big three US consumer credit reporting agencies, says that criminals exploited a web application vulnerability to gain access to "certain files":
Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.
Is there a silver lining to this event?
Also at NYT, Ars Technica, and CNN.
Huge Cyber Theft from Equifax!
"Cyber security expert Morgan Wright weighs in on the Equifax Inc hack, which may have exposed the personal details of potentially more than 143 million people." http://www.foxbusiness.com/features/2017/09/07/equifax-143m-us-consumers-affected-by-criminal-cyber-security-breach.html
Equifax Hacked - Data Breach of *Basically Everyone's* PII
According to ARS, Consumerist, and others:
Equifax announced today that it discovered “unauthorized access” to their systems — i.e. a data breach — on July 29. 143 million records, basically *everyone* in their database.
That query must have taken a long time to run.
Whoever got into their systems had access from mid-May through the end of July, so about two-and-a-half months.
Equifax says it has “no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases,” but plenty of Equifax systems were accessed, and data purloined. The company adds the standard adage about reporting the incident to law enforcement and working with both independent forensic investigators as well as the relevant authorities to sort out who’s responsible.
What was stolen?
This one is bad. The illicitly accessed data includes:
- Names
- Dates of birth
- Addresses
- Social Security numbers
- Driver’s license numbers
That is, of course, basically the identity theft jackpot. Every account that needs verification that you’re you asks for that exact set of data, so now anyone can be you.
So, all of your PII are belongs to us.
Original Submission #1 Original Submission #2 Original Submission #3
(Score: 0) by Anonymous Coward on Friday September 08 2017, @08:32PM (2 children)
> don't use credit
Yes, the solution is to go off the grid. And pity the fools who have postpaid gas, water, electricity, telephone, cable/satellite TV, or Internet.
(Score: 3, Informative) by The Mighty Buzzard on Friday September 08 2017, @08:57PM (1 child)
Those aren't credit. Those are bills. The former is someone advancing you money and hoping you pay it back, the latter is simply charging you either before or after services have been rendered. In the case of my Internet and insurance bills, it's before because they know exactly what the charge will be for a month. In the cases of gas/water/electricity they have no idea how much to charge until I've used the service in question for a month, so they're forced to charge afterwards.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Saturday September 09 2017, @10:16AM
You may never have asked someone to loan you money, but utility companies do credit inquiries:
(source [howstuffworks.com])
One definition of credit, which applies to utility bills, is [dictionary.com] "confidence in a purchaser's ability and intention to pay, displayed by entrusting the buyer with goods or services without immediate payment." Semantics aside, Experian says [soylentnews.org] that it receives reports from those companies--which it uses in a score that it sells to insurance companies. Were you able to avoid giving your personal information to providers of "gas, water, electricity, telephone, cable/satellite TV, or Internet" when signing up for those services? I'm guessing the answer is no, meaning CRAs have your personal information. If you somehow do without utilities or don't have them in your name, the CRAs still have your informatoin. You provided it when you requested those free credit checks.
Even if you never apply for a loan, CRAs can affect you. In some states, employers are allowed to request records from CRAs as part of a background check. The whole point of the CRA is to buy and sell information about you. If they're careless with it, there could be harm to you even if you never apply for what you define as credit.