Welcome, Guest. Please login or register.

Login with username, password and session length

 
Advanced search

1087345 Posts in 72018 Topics- by 19243 Members - Latest Member: CABurton159
Jump to:  
The Trombone ForumPractice BreakChit-Chat(Moderators: bhcordova, RedHotMama, BFW) Equifax data breach... biggest ever.
Pages: [1]   Go Down
Print
Author Topic: Equifax data breach... biggest ever.  (Read 763 times)
0 Members and 1 Guest are viewing this topic.
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6301

View Profile
« on: Sep 08, 2017, 11:28AM »

 
LA Times...
Credit giant Equifax says Social Security numbers, birth dates of 143 million consumers may have been exposed

Quote
Equifax, one of the nation’s three major credit reporting firms, announced Thursday that its computer systems had been breached, leading to the unauthorized accessing of Social Security numbers and birth dates of up to 143 million U.S. consumers...

...Besides Social Security numbers and birth dates, the accessed information “primarily” includes names, addresses and, in some cases, driver’s license numbers, according to the company...


Quote
Eric Gibbs, whose law firm is involved in a consumer lawsuit against Experian over a 2015 breach affecting 15 million people, said the Equifax situation may end up fitting into a pattern.

“The one thing that has held consistent in recent years is there’s substandard internal practices that lead to these breaches,” said Gibbs, a partner at Girard Gibbs. “Time and time again, the [breaches] are then blamed on sophisticated hackers. But the sophistication of the hacker doesn’t have to do with it, it’s the internal practices.”

Sounds bad.
 
The big danger seems to be people using the info to open new credit accounts in your name, for which you get stuck with paying or pursued for collection.
 
If you're like me and rarely need to let anyone do a credit check on you, this advice from the NYT sounds wise...
 

 
Quote
What if I’m certain my data has been stolen from Equifax?
 
Set yourself up with fraud alerts in case someone tries to apply for credit in your name. To be safe, do this at all three credit reporting agencies, Equifax, Experian and TransUnion.


Then, consider spending a few dollars to set up security freezes at Equifax, Experian and TransUnion. This will lock down your credit files permanently, so that only companies that you currently do business with can see them. That way, if a thief applies for credit in your name, the company getting the application will not be able to access your credit file. No file means no new account. You will be able to temporarily open them each time you want to apply for new credit.


 
I just did the Security Freezes.  They were $10 apiece.

Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
Baron von Bone
Fear is the Mind-Killer.

*
Offline Offline

Location: Athens, GA (USA)
Joined: Jul 16, 2002
Posts: 18583
"Reality Junkie"


View Profile
« Reply #1 on: Sep 08, 2017, 11:47AM »

The cost of freezing and unfreezing your credit depends upon which state you live in. Here in GA it's $5.00ea, both for freezing and unfreezing.
 
It's not really a hassle--just make sure you have your PIN numbers. When you unfreeze your credit you can just unfreeze at the bureau that will be checked for a specified number of days.
 
My wife and I have had our credit frozen for several years now. Aside from once, recently, when Equifax had some sort of "known issue" with unfreezing my credit for a check, we've had no problems ... but then we don't often have a need to unfreeze.
Logged

- Feeding a troll just gives it a platform and amplifies its voice.
 
- Science is what we have learned about how to keep from fooling ourselves.  - Richard Feynman
- He who knows not and knows not that he knows not is a fool.   - Confucius
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6301

View Profile
« Reply #2 on: Sep 08, 2017, 12:01PM »

And those PIN numbers are essential. They only reveal them to you at the end of the enrollment process, they don't email them to you so need to copy them down and store them safely or you'll be stuck.
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
JESimmons
*
Offline Offline

Location: St. Simons Island, Georgia
Joined: Feb 12, 2013
Posts: 140

View Profile WWW
« Reply #3 on: Sep 09, 2017, 03:49AM »

I saw a news story that seemed to say that if you sign up for the free monitoring service Equifax is offering, you wave any claims for damages against the company. I could be wrong about this but read everything concerning the offer.
Logged

Olds O-21
1955 Conn 6h
1967 Conn 88h
1974 Holton TR-180
Edwards B454
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6301

View Profile
« Reply #4 on: Sep 09, 2017, 05:38AM »

I saw a news story that seemed to say that if you sign up for the free monitoring service Equifax is offering, you wave any claims for damages against the company. I could be wrong about this but read everything concerning the offer.

Equifax has come back to say that the arbitration agreement only applies to the monitoring service and not claims on the data breach, but the wording seemed unspecific enough that I wonder if they thought they might get away with it.
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6301

View Profile
« Reply #5 on: Sep 09, 2017, 05:48AM »

However... the credit monitoring offer still requires a credit card to sign up and they'll start charging you automatically if you don't cancel before the free year is up.

Equifax Is Trying To Make Money Off Its Massive Security Failure
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6301

View Profile
« Reply #6 on: Sep 11, 2017, 07:42AM »

Just when you thought it was safe to trust the big credit corporation that couldn't be trusted...

After Equifax Breach, Here’s Your Next Worry: Weak PINs

Quote
When Helene Muller-Landau first heard the news about the Equifax security breach, she set about freezing her credit files and those of her husband and mother.

Very quickly, however, Ms. Muller-Landau, a Smithsonian research scientist, noticed something strange: The personal identification numbers that Equifax was assigning her family members (to use for eventually lifting the freezes) were awfully similar.

At first, she thought it was a mistake. Maybe it had to do with the fact that she was in Panama, or that her web browsers were acting up. But no: The Equifax PINs are based on the date and time that you set up your freeze.

“The whole point of a 10-digit PIN is that it’s supposed to be hard to guess,” she said. “And then, they have this totally transparent algorithm for assigning them.”
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
harrison.t.reed
*
Offline Offline

Location: Colorado
Joined: Apr 5, 2007
Posts: 2712
"Spartan Brass Band!"


View Profile
« Reply #7 on: Sep 11, 2017, 12:13PM »

What percentage of Americans with credit cards does that 143 million number represent? 99.9%?
Logged

"My technique is as good as Initial D"
T-396A - Griego 1C
88HTCL - Griego 1C
36H - DE XT105, C+, D Alto Shank
3B/F Silversonic - Griego 1A ss
pBone (with Yellow bell for bright tone)
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6301

View Profile
« Reply #8 on: Sep 11, 2017, 12:41PM »

What percentage of Americans with credit cards does that 143 million number represent? 99.9%?

This site says there were 167 Million credit card holders in the US in 2014 out of 235 million adult consumers.

However, the information lost isn't necessarily on people with credit cards. It could be anyone with a credit history. Certainly bill payment history, debts in collection... court judgements, liens?
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
harrison.t.reed
*
Offline Offline

Location: Colorado
Joined: Apr 5, 2007
Posts: 2712
"Spartan Brass Band!"


View Profile
« Reply #9 on: Sep 11, 2017, 01:32PM »

Yeah it's still a high enough number to be all but certain that if you're an adult in the US, your personally identifiable info has been stolen.

7/7.2 or 7/8 are bad odds
Logged

"My technique is as good as Initial D"
T-396A - Griego 1C
88HTCL - Griego 1C
36H - DE XT105, C+, D Alto Shank
3B/F Silversonic - Griego 1A ss
pBone (with Yellow bell for bright tone)
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6301

View Profile
« Reply #10 on: Sep 11, 2017, 05:35PM »

What’s Struts Got to Do with It?


Quote
According to a report on the data breach by William Baird & Co., the hackers used a flaw in open source Apache Struts software. The source of this information was not provided, but there have in fact, been two major Apache Struts vulnerabilities disclosed in 2017: one in March and the other - CVE-2017-9805 -  (coincidentally) on September 4 - just a  few days prior to Equifax’s data breach announcement.

The Apache Struts Web Framework is an extremely popular programming framework for building web applications in Java. The most recent vulnerability, according to a report in lgtm.com, has existed in Struts since 2008. The security experts who discovered the vulnerability warned: “At least 65% of the Fortune 100 companies are actively using web applications built with the Struts framework. Organizations like Lockheed Martin, the IRS, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot, and SHOWTIME are known to have developed applications using the framework. This illustrates how widespread the risk is.”

Including the IRS. So maybe we will see those tax returns, after all!

Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6301

View Profile
« Reply #11 on: Sep 15, 2017, 01:18PM »

I have not investigated this development to ascertain if this company which I'm previously unfamiliar with has a useful solution to your troubles. 

None-the-less, FYI...

Credit Karma to launch free ID monitoring following Equifax hack
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6301

View Profile
« Reply #12 on: Sep 16, 2017, 07:47AM »

Broad horizons for music majors...

Equifax hired a music major as chief security officer

Quote
When Congress hauls in Equifax CEO Richard Smith to grill him, it can start by asking why he put someone with degrees in music in charge of the company’s data security.

And then they might also ask him if anyone at the company has been involved in efforts to cover up Susan Mauldin’s lack of educational qualifications since the data breach became public.

Quote
Equifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.

This is the person who was in charge of keeping your personal and financial data safe — and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.


As a person with a music degree who then made a career in something technical I have some sympathy for her but the most data I ever lost was a ZIP disk.
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
Baron von Bone
Fear is the Mind-Killer.

*
Offline Offline

Location: Athens, GA (USA)
Joined: Jul 16, 2002
Posts: 18583
"Reality Junkie"


View Profile
« Reply #13 on: Sep 16, 2017, 09:56AM »

Broad horizons for music majors...
 
Equifax hired a music major as chief security officer
 
As a person with a music degree who then made a career in something technical I have some sympathy for her but the most data I ever lost was a ZIP disk.

Obviously that's fake news ... UGA has a great music school.
Logged

- Feeding a troll just gives it a platform and amplifies its voice.
 
- Science is what we have learned about how to keep from fooling ourselves.  - Richard Feynman
- He who knows not and knows not that he knows not is a fool.   - Confucius
robcat2075

*
Offline Offline

Location: Dallas, Texas
Joined: Apr 19, 2009
Posts: 6301

View Profile
« Reply #14 on: Sep 21, 2017, 06:49AM »

Someone Made a Fake Equifax Site. Then Equifax Linked to It.

Quote
“Their site is dangerously easy to impersonate,” Mr. Sweeting said in an email, noting that he had created the site solely to draw attention to the weakness of Equifax’s security. “It only took me 20 minutes to build my clone. I can guarantee there are real malicious phishing versions already out there.”

“It’s in everyone’s interest to get Equifax to change this site to a reputable domain,” he added. “I knew it would only cost me $10 to set up a site that would get people to notice, so I just did it.”
Logged

Robert Holmén

Hear me as I Play My Horn


Get your Popper, Dotzauer, or Kummer play-alongs!
Pages: [1]   Go Up
Print
Jump to: