Black Money Business Jobs : EQUIFAX BREECH WILL HIT ALL OF US!

Discussion in 'Black Money Business Jobs' started by Kemetstry, Sep 9, 2017.

  1. Kemetstry

    Kemetstry going above and beyond PREMIUM MEMBER

    Country:
    United States
    Joined:
    Feb 19, 2001
    Messages:
    22,806
    Likes Received:
    5,296
    Gender:
    Male
    Occupation:
    Chemist
    Location:
    Detroit
    Ratings:
    +6,403
    What you need to know about the Equifax data breach
    [​IMG][​IMG]
    Associated Press


    [​IMG]© The Associated Press This July 21, 2012, photo shows Equifax Inc., offices in Atlanta. Credit monitoring company Equifax says a breach exposed social security numbers and other data from about 143 million Americans. The Atlanta-based…

    NEW YORK — Equifax, one of the three main credit reporting companies, said this week that a major data breach exposed Social Security numbers and other important information of millions of people.
    The breach affected about 143 million in the United States, as well as some people in Canada and the United Kingdom, but Equifax didn't provide a number. Hackers had access to the data between May and July, Equifax said. The company discovered the hack on July 29 and publicly announced it more than a month later on Thursday.
    Here's what else you need to know about the breach:
    ___
    WHAT INFORMATION WAS TAKEN?


    Hackers had access to Social Security numbers, birth dates, addresses, driver's license numbers, credit card numbers and other information. Those are all crucial pieces of personal data that criminals could use to commit identity theft. Those are what John Ulzheimer, an independent credit consultant who previously worked at Equifax, called "the crown jewels of personal information."
    Equifax's security lapse could be the largest theft involving Social Security numbers, one of the most common methods used to confirm a person's identity in the U.S. The data breach is especially damaging to Equifax, since its entire business revolves around being a secure storehouse and providing a clear financial profile of consumers that lenders and other businesses can trust. The credit profiles it holds contain personal information, like how much people owe on their houses and whether they have court judgments against them.
    ___
    AM I AFFECTED?


    Equifax set up a site, equifaxsecurity2017.com , where you can type in your last name and six digits of your Social Security number to find out if your data may have been compromised. Consumers can also call 866-447-7559 for information. The company says it will send mail to all who had personally identifiable information stolen.
    Equifax is also offering free credit monitoring for a year. The company says the service will search suspicious sites for your Social Security number, give you access to your Equifax report and other offerings. You can sign up at the same site listed above, and the deadline to do so is Nov. 21.
    Initially, though, there was a catch — signing up would also commit you to binding arbitration with the credit monitor, which would mean giving up your right to sue. Several politicians and consumer groups have criticized this provision. Democrats in the House and Senate called on the company to pull back that requirement. Late Friday, Equifax said the arbitration language that appears on its website "will not apply to this cybersecurity incident."
    ___
    WHAT SHOULD I DO?


    You can view your credit reports for free at AnnualCreditReport.com. You're entitled to get a free copy of your credit report from each of the three big agencies once every 12 months. Review it closely for unauthorized accounts or any mistakes.
    You can consider freezing your credit reports, but it comes with some downsides. A freeze stops thieves from opening new credit cards or loans in your name, but it also prevents you from opening new accounts. So each time you apply for a credit card, mortgage or loan, you need to lift the freeze a few days beforehand.
    Freezes can be done online at the websites of the three credit reporting agencies -- Equifax , Experian and TransUnion . You'll need to freeze all three reports for the best protection. Each company will give you a code that you'll need again in order to lift the freeze, so keep it in a safe place. When you plan to apply for a credit card, mortgage, or other loan you'll need to go back to each site and lift the freeze.
    The credit reporting agencies may charge a fee, usually under $10, depending on which state you live in. But it's free for residents of some states, including Maine, New Jersey and South Carolina.
    A freeze doesn't protect you from everything: thieves can still file a fraudulent tax return in your name or charge things to your already opened credit card accounts. A freeze won't affect your credit score or report. The report stays open and is updated to keep track of your debts, payments and other information.
    ___
    HOW DID THIS HAPPEN?


    Equifax is blaming an unspecified "website application vulnerability." Security experts say it's hard to say for sure without more information, but such vulnerabilities typically don't require a lot of sophistication to exploit.
    Rich Mogull, who runs the security research firm Securosis, says the web app breach suggests "things are broken down in a couple of different areas." He says someone likely made a programming or configuration mistake.
    Corporate culture could also be a factor. Often, Mogull says, corporate security is underfunded or isn't given the authority it needs to make sure application developers do what's right.
    Ryan Kalember of the security company Proofpoint says that even if the vulnerability was known and fixable, "coordination between app developers and security teams in a lot of organizations are not on the best of terms."
    Another security expert said the website Equifax created to help customers find out if they were affected raises its own security questions. The site looks like the kind set up by attackers to trick people into disclosing information, says Georgia Weidman, founder and chief technology officer for security firm Shevirah.
    "It's teaching people entirely the wrong things about using the internet securely," Weidman said. She said says she's also troubled by Equifax's approach to security generally, including reports that it didn't respond to basic scripting bugs it was warned about last year.
    ___
    WHO'S INVESTIGATING THIS?


    Potentially, a lot of people. Credit bureaus like Equifax are lightly regulated compared to other parts of the financial system.
    U.S. Rep. Jeb Hensarling, chairman of the House Financial Services Committee, said he will call for Congressional hearings. And Rep. Greg Walden, the chairman of the House Energy and Commerce Committee, says he'll hold a hearing examining what wrong and how to better protect against future hackings.
    Several state attorneys general have also said they would investigate, including those from New York, Massachusetts and Pennsylvania. New York's attorney general, Eric Schneiderman, said his office aims to "get to the bottom" of how the breach occurred.
    Company executives are also under scrutiny, after it was found that three Equifax executives sold shares worth a combined $1.8 million just a few days after the company discovered the breach, according to documents filed with securities regulators. Equifax said the three executives "had no knowledge that an intrusion had occurred at the time they sold their shares."



    .
     

    Attached Files:

    • Enjoyed Enjoyed x 1
    • Thank You Thank You x 1
    • List
  2. Kemetstry

    Kemetstry going above and beyond PREMIUM MEMBER

    Country:
    United States
    Joined:
    Feb 19, 2001
    Messages:
    22,806
    Likes Received:
    5,296
    Gender:
    Male
    Occupation:
    Chemist
    Location:
    Detroit
    Ratings:
    +6,403
    143 million people means every working adult in this country




    .
     
  3. Kemetstry

    Kemetstry going above and beyond PREMIUM MEMBER

    Country:
    United States
    Joined:
    Feb 19, 2001
    Messages:
    22,806
    Likes Received:
    5,296
    Gender:
    Male
    Occupation:
    Chemist
    Location:
    Detroit
    Ratings:
    +6,403



    [​IMG]

    Equifax used 'admin' for the login and password of a non-US database
    [​IMG]
    CNBC

    Scores of accounts on Equifax (EFX)'s website in Argentina allegedly were protected by the same generic username and password: "admin."

    Researchers at Hold Security, a Milwaukee-based cybersecurity firm, found that after some guesswork, they were able to uncover personal employee information housed on Equifax's South American site, including names, emails, and Social Security equivalents of over 100 individuals.
    The researchers easily acquired administrative access and quickly discovered consumer complaint records, complete with the Argentine equivalent of Social Security numbers, known as Documento Nacional de Identidad ( National Identity Document).
    "You don't expect anything like that," said Alex Holden, Hold Security's chief information security officer. "An ability to lookup cases for individuals based on a single numeric ID and gender drew our attention."


    The research came as Equifax (EFX) sank deeper into a controversy over its handling of a data breach that could affect 143 million people.
    The credit reporting company is now facing multiple investigations. In a rare public acknowledgement, the Federal Trade Commission announced Thursday that it has opened a probe into Equifax's breach in the United States.
    What Hold Security found is not related to the breach in the U.S., which Equifax disclosed last week. But Equifax promptly shut down the website after the research was made public by a security blogger named Brian Krebs.
    In a statement to CNBC on Thursday, Equifax said:




    "We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cybersecurity event that occurred in the United States last week. We immediately acted to remediate the situation, which affected a limited amount of public information strictly related to consumers who contacted our customer service center and the employees who managed those interactions."

    "What I can tell you is that we fixed the vulnerability immediately upon learning of it, and that this internal portal has not been in use since 2013. The Argentine consumer dispute information that was mentioned in the Krebs article is all publicly available, searchable and not confidential. Additionally, our consumer credit and commercial databases were not accessed or affected."

    Since it announced the U.S. data breach last Thursday, Equifax shares have fallen more than 30 percent through Wednesday's close. But that's just the beginning of Equifax's woes.
    The FTC's spokesman, Peter Kaplan, said Thursday, "In light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach."
    In addition, Massachusetts announced plans Wednesday to file a lawsuit, which will maintain that the company failed to adopt appropriate safeguards to protect the sensitive data. New York, Illinois, Pennsylvania and Connecticut and other states are also investigating, while nearly two dozen class-action lawsuits have already been filed.
    Massachusetts Attorney General Maura Healey said Tuesday the Equifax breach "may be the most brazen failure to protect consumer data" her office has seen. Eric Schneiderman, New York's attorney general, warned people to be vigilant about hacking and other online and email attacks.
    The disclosure of the U.S. data breach prompted Holden to take a look at Equifax's web security outside the U.S., he said. After first exploring the Argentine website, which initially required a national identification number, the researchers arrived at a different login interface after shortening the site's URL.


    "We put in admin, admin [as credentials] and to our surprise we were in," he continued.
    "We obviously did not state that there was a breach. We highlighted a horrendous security practice which, perhaps, was indicative of the overall data care that led to the breach in the US. But in my professional opinion, if any hacker would look at this part of the website, it would be breached," Holden told CNBC.
    After making the initial discovery, Holden turned to security researcher Brian Krebs to assess his findings.
    "Worse still," Krebs said, "each employee's username appears to be nothing more than their last name, or a combination of their first initial and last name. In other words, if you knew an Equifax Argentina employee's last name, you also could work out their password for this credit dispute portal quite easily."
    Krebs is a widely followed blogger on security issues. "I don't have much advice for Argentinians whose data may have been exposed by sloppy security at Equifax," he said in a blog post on Tuesday. "But I have urged my fellow Americans to assume their SSN and other personal data was compromised."




    .
     
    • Enjoyed Enjoyed x 1
    • Thank You Thank You x 1
    • List
  4. Lunar Cycle

    Lunar Cycle Well-Known Member MEMBER

    Country:
    United States
    Joined:
    Jul 16, 2017
    Messages:
    158
    Likes Received:
    28
    Ratings:
    +134
    This is an old data mining con perfected by the NSA. Equifax along with it's two cousins in crime TransUnion and Experian will pay a fine (Tribute) to America's legal Mafioso a/k/a the USDOJ as ordered by the Congressional Oversight Committee and it will be business as usual. The SEC red flag surfaced when stocks were traded. Greed will always tear asunder the most insidious schemes. Martha Stewart found that out the hard way with illegal trades on her ImClone business model through Merrill Lynch. Nothing safer and more profitable then "White Collar Crime" because even if you're convicted and hit with a stiff fine and a token prison sentence, you can write a tell all book and recoup 5 times the value of your original fine. Isn't America great?
     
  5. Kemetstry

    Kemetstry going above and beyond PREMIUM MEMBER

    Country:
    United States
    Joined:
    Feb 19, 2001
    Messages:
    22,806
    Likes Received:
    5,296
    Gender:
    Male
    Occupation:
    Chemist
    Location:
    Detroit
    Ratings:
    +6,403


    Until massive people start showing damage from identity theft




    .
     
  6. Lunar Cycle

    Lunar Cycle Well-Known Member MEMBER

    Country:
    United States
    Joined:
    Jul 16, 2017
    Messages:
    158
    Likes Received:
    28
    Ratings:
    +134
    This Equifax circle jerk is basic deflection pure and simple. The average high level hacker who sells massive amounts of personal data from corporate and government databases to crime syndicates like the Russian Mafia or the Chinese Government wouldn't waste their time and resources on The Big 3's debt ridden clientele data, they'd just keep hacking into global trading and corporate funds accounts or the average banking mainframe servers. This data auction wouldn't have even been a pimple on the Cyber Security grid if Equifax management didn't allow it's corporate greed to feed on itself by transferring stocks to make a few million dollars more. One thing to be a crook or to be greedy but a greedy crook should be left to his own devices.
     
  7. Kemetstry

    Kemetstry going above and beyond PREMIUM MEMBER

    Country:
    United States
    Joined:
    Feb 19, 2001
    Messages:
    22,806
    Likes Received:
    5,296
    Gender:
    Male
    Occupation:
    Chemist
    Location:
    Detroit
    Ratings:
    +6,403


    This type of breech is not just going to hit on the debt ridden. There are millions of financially ok people in that group stolen




    .
     
  8. Lunar Cycle

    Lunar Cycle Well-Known Member MEMBER

    Country:
    United States
    Joined:
    Jul 16, 2017
    Messages:
    158
    Likes Received:
    28
    Ratings:
    +134
    You are so right Mr. K but the wealthy will have their accountants write any personal losses off and if they have corporate losses due to this "not" security breach their tax attorneys will file chapters for them. Unfortunately the 400- credit rated clientele will start receiving bogus credit repair offers from Nigeria, India, Russia, Mexico, The Philippines or whoever else put bids in on this list. On a more humorous note I see Equifax sent it's director of Cyber Security packing, you know, the individual with zero law enforcement or corporate security experience. But she sure can play a flute. You can't make this stuff up.

    https://www.linkedin.com/in/susan-m-93069a

    1505011269742.png
     
  9. Kemetstry

    Kemetstry going above and beyond PREMIUM MEMBER

    Country:
    United States
    Joined:
    Feb 19, 2001
    Messages:
    22,806
    Likes Received:
    5,296
    Gender:
    Male
    Occupation:
    Chemist
    Location:
    Detroit
    Ratings:
    +6,403


    Well, either she played the flute for someone like a pro :lol: or, she's related to someone. The rich is why this will continue. It's no big deal for them





    .
     
  10. Lunar Cycle

    Lunar Cycle Well-Known Member MEMBER

    Country:
    United States
    Joined:
    Jul 16, 2017
    Messages:
    158
    Likes Received:
    28
    Ratings:
    +134
    1299337081292_3394261.png
     
Loading...
Similar Threads - EQUIFAX BREECH
  1. Therious
    Replies:
    4
    Views:
    623
  2. Cia
    Replies:
    11
    Views:
    1,827