The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Huge Hack of Equifax exposes ~140 million US customers' info
BlindPsychic
Registered User regular
Registered User regular
ETA news report: (sorry SIG)
http://www.latimes.com/business/technology/la-fi-tn-equifax-data-breach-20170907-story.html
So the credit reporting agency Equifax is reporting that on July 29, the company lost the information of millions of customers after some kind of hack through a website vulnerability. I'll leave it to the cybersecurity people here to explain it more, because I'm not really an expert
You can check if you're affected here:
https://trustedidpremier.com/eligibility/eligibility.html
infosec guy on twitter
http://www.latimes.com/business/technology/la-fi-tn-equifax-data-breach-20170907-story.html
Equifax, one of the nation’s three major credit reporting firms, announced Thursday that its computer systems had been breached, leading to the unauthorized accessing of Social Security numbers and birth dates of up to 143 million U.S. consumers.
The Atlanta-based company said the intrusion — enabled by a website vulnerability — occurred from mid-May through July. The issue was discovered July 29, and the company spent recent weeks working with a cybersecurity consultant and authorities on an investigation, which is continuing.
ADVERTISING
Equifax said it launched a website for people to check whether their data were affected and to sign up for the company’s credit-monitoring services. But a form on the website purportedly offering to “check potential impact” instead just gives users a date on which they must return to Equifax’s website to enroll in credit monitoring.
The discrepancy drew quick scorn from consumers on social media. Equifax declined to comment on the issue. Several attempts to get through on a phone line that Equifax said was dedicated to consumer calls about the data breach resulted in a busy signal.
So the credit reporting agency Equifax is reporting that on July 29, the company lost the information of millions of customers after some kind of hack through a website vulnerability. I'll leave it to the cybersecurity people here to explain it more, because I'm not really an expert
You can check if you're affected here:
https://trustedidpremier.com/eligibility/eligibility.html
infosec guy on twitter
BlindPsychic on
0
Posts
https://www.ssa.gov/employer/stateweb.htm
Also please put a news story into the OP instead of just three tweets.
Here is an example: https://www.cnbc.com/2017/09/07/credit-reporting-firm-equifax-says-cybersecurity-incident-could-potentially-affect-143-million-us-consumers.html
Here are the official links from Equifax:
https://www.equifaxsecurity2017.com/ (this is linked from Equifax's main home page)
https://www.equifaxsecurity2017.com/enroll/
I realize the site above is linked from Equifax's official page, but asking for your first name, last name, and enough of your SSN to be able to accurately guess the rest is kind of like "Have you been a victim of identify fraud? Would you like to be?"
They (Equifax) are really making a great case for them being incompetent schmucks on every level. What the hell are they thinking, asking for the last 6 digits? Obviously they're trying not to run into duplicates, but... GODDAMNIT THEY ARE SOME DUMB FUCKERS.
Also, wasn't this a plot point from Fight Club, basically? Or was that wiping credit card debt/data, rather than just stealing it? :rotate:
it is likely that it isn't legitimate.
those links should probably be removed
edit: or maybe not if Equifax is actually linking them, but that dodgy as hell.
But it says trusted right there in the domain.
And premier!
I managed to get to that site via Equifax, so I guess it's legit, but jesus, not sure they could get a scammier domain name without a typo.
Link chain:
https://www.equifax.com/personal/ ->
https://www.equifaxsecurity2017.com ->
https://www.equifaxsecurity2017.com/potential-impact/ ->
https://trustedidpremier.com/eligibility/eligibility.html
Someone should probably talk to them about equifaxsecurity2017 too.
They're one of the people that companies/renters/banks/ANYONE checks with when your credit is pulled. They've got your info.
I make no judgments on how Equifax is handling it, just wanted to be clear that it's actually a link from Equifax and not just some random dude on twitter trying to steal people's shit.
She got paranoid about identity theft, etc, and one year bought me a subscription to Trusted ID as a gift. I told her this would probably happen. Kept it up to make her feel better until a few years ago, when I finally said "this is stupid" and cancelled it.
Ehhhhh. All their domains look ... weirdish, IMO. Point taken though.
https://www.bloomberg.com/amp/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack
Odds they get charged with anything?
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
That has to be illegal. If its not it needs to be illegal yesterday.
Yo, this should be (but probably isn't) super illegal.
I'll just have to hope for karmic justice down on my rung of the economic ladder.
Some clarification around this would be helpful, because that website gives you no idea what it means when it says you are enrolled.
Like, it's very clearly trading on non-public material information. I'm pretty sure it's an open and shut insider trading case.
But hey, they're executives, so...
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
Unless the sales were part of regular scheduled sales or were scheduled before they knew about the cyber attack it's super illegal. Insider trading.
Agreed, but there are loopholes. And I guarantee they wouldn't make that boneheaded of a move without having consulted a least a couple decently priced lawyers.
Or they figure the SEC will just give them a love tap for it. Either way, screw the rich etc.
Whelp, good thing we already got the mortgage and don't need any new loans/credit for a long ass time.
There may have been a separate database for public records or utilities only, no credit products, that may not have been breached.
But yeah, basically if you've borrowed money in your lifetime, you're impacted.
You still need to worry about someone opening accounts in your name.
Not if I freeze everything.
With the information that was compromised, "perfect" fake IDs will be pretty easy to make.
As will some other documents lenders rely on for authentication.
This is hilariously bad- while unlikely, something like this could actually produce the same outcome as Project Mayhem (through enough fraud accounts and disputes to erase all confidence in credit reporting and risk based underwriting).
Credit Agencies are going to need to make sure their authentication processes for unfreezing credit can't be bypassed by a fraudster using your info that's available now because of Equifax's fuckup.
it's pretty messed up when this is the upside :rotate:
steam | Dokkan: 868846562
And to add to this, anything us credit-oblivious millennials should do to make sure there's nothing weird in the credit history, other than equifax's breach test thing? Something to worry about regularly or only when one needs to use credit?
in the U.S., increase company liability when breaches happen because of negligent security.
...but that won't happen under the current administration or Congress.
steam | Dokkan: 868846562
It seems kinda clear but the financial statements were also just released on July 27th, 2017. The timing is suspect but it's also coinciding with when their filing happened which might give them a little bit of an alibi
Cool, man.
gross
My first thought was "Neat, now I get double lifetime fraud protection!"
Honestly we need a law which simply states that if you, a bank, open and account or loan money to someone who is not who they claim to be then the BANK is 100% liable for all costs and lost assets which cannot be retrieved by the police, and there will be no impact on the credit of the person who is being impersonated. EVERYONE has been hacked. There is literally nothing you can do to sufficiently secure your identity. Its not our fault any more. Its the banks fault for not implementing better checks.
British comics on this issue a few years ago. Identity theft is a clever re-branding of bank robberies that the banks have persuaded us that we should be liable for. In fact, its them who should be on the hook, Because for literal micro-pennies on the dollar they could just undo the transactions, put the money back, and fix everything.
1) Banks enter into a trust arrangement. No bank will transfer money electronically to ANY financial institution who isn't in it.
2) In the event of money being taken fraudulently, the transaction to the second institution will be undone. The money will be removed from the target account, and restored to the primary account.
3) Those who don't wish to do business under these laws, can find other banks
Working security and IT, my biggest fear is being the next one of these big headlines. But if I've learned anything in many years in the field, it doesn't "hit home" until something bad happens to the execs/decision makers. Then, after it is too late, will they start working with you on things.. Or, alternatively, you go off the deep end in paranoia and piss everyone off.
I'm guessing it's murkier for bank accounts, since you're supposed to own the money the whole time and thus the bank isn't actually paying you anything when you make a withdrawal. They don't actually owe you the money in your account, they're just legally obligated to try to protect it for you.