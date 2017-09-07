Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Credit Reporting Firm Equifax Announces 'Cybersecurity Incident Impacting Approximately 143 Million US Consumers' (cnbc.com) 43

Posted by BeauHD from the data-breach dept.
Equifax, which supplies credit information and other information services, said Thursday that a cybersecurity incident discovered on July 29 could have potentially affected 143 million consumers in the U.S. "The leaked data includes names, birth dates, social security numbers, addresses and potentially drivers licenses," reports CNBC. "209,000 U.S. credit card numbers were also obtained, in addition to 'certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers."

Chairman and Chief Executive Officer, Richard F. Smith said in a statement: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident." Equifax is now alerting customers whose information was included in the breach via mail, and is working with state and federal authorities.

  • Free Credit Reporting? (Score:3)

    by Lothsahn ( 221388 ) <Lothsahn@@@SPAM_ ... u_bastardsyahocm> on Thursday September 07, 2017 @05:21PM (#55155637)
    Do I get free credit reporting for this? Is it from Equifax?

  • Public Info? (Score:3)

    by nealric ( 3647765 ) on Thursday September 07, 2017 @05:22PM (#55155639)

    At this point, is there anybody left in the U.S. who has not had their names, addresses, and socials stolen in from a hack somewhere?

  • I have one thing to say (Score:4, Interesting)

    by Gerald Butler ( 3528265 ) on Thursday September 07, 2017 @05:25PM (#55155657)

    CLASS ACTION LAWSUIT! These companies that want to collect all this personal data of people and fail to protect it need to be sued into non-existence!

    • If that doesn't work, perhaps a law stating that the person who is the subject of a credit check gets to designate which credit reporting agency is to be used by their potential creditors.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      This could be a lawsuit goldmine. Not just for the beech, but for errors people will now be able to discover in their reports.

  • Until accountability is found.

  • Obviously having a lifelong single password (SS#) is not enough anymore. But we still want identification that is relatively quickly accessed and verified. Could we reissue with a public and private key pair for each citizen? Could we trust the certs? What options can the slashdot crowd think of?

    • Social Security numbers are fine. The problem is that organizations have foolishly been using them for authentication ("Prove you are you!"), rather than merely identification ("Who are we talking about?"), which was all they were ever designed to do. As a means for identification, it generally still works just as well today as it did when it began. As a method for authentication, it was lousy from the start and has been getting worse by the day.

      • Social Security numbers are fine. The problem is that organizations have foolishly been using them for authentication ("Prove you are you!"), rather than merely identification ("Who are we talking about?"), which was all they were ever designed to do.

        Even more narrowly than that. It's original purpose was to track workers solely for use in determining SS benefits - that's it. From The Story of the Social Security Number [ssa.gov]

        The Social Security number (SSN) was created in 1936 for the sole purpose of tracking the earnings histories of U.S. workers, for use in determining Social Security benefit entitlement and computing benefit levels.

  • They sat on this? (Score:3)

    by djembe2k ( 604598 ) on Thursday September 07, 2017 @05:37PM (#55155755)
    Wait. TFA says they discovered this on July 29, and that their "private investigation into the breach is complete." Only now are they going public with this? How much damage could have already been done in the month of August? The breach alone creates a huge liability for them. This delay makes it worse, because they can't blame that on some other bad actor.
  • ...society is over. Back to subsistence living and bartering.

  • Most of their customers have no recourse (Score:3)

    by misnohmer ( 1636461 ) on Thursday September 07, 2017 @05:43PM (#55155791)

    Typically when a company screws its clients, they risk clients no longer using their service, so usual market forces apply. This is not the case here. Most of their customers never chose to use Equifax or even given any explicit permission for them to collect their data. Yet, they do collect it and sell credit scores. The problem is that market forces don't work here, i.e. those customers who got hurt are not really paying, or even willing, customers and have no choice to opt out of the service, and those who buy credit scores are not really affected much.

    As much as I am generally against regulation, this is one area I think they should be held fully liable, including compensating any affected customers for ALL of their expenses, including their time at some reasonable rate at or above what that customer usually makes per hour - that includes any waiting on hold while calling any of the companies to clear things out. Maybe this would cost Equifax its life, so be it, the next company will be much more careful what they do with the data. This would be no different than an airline being held liable for damaging property of killing people because their planes are shedding parts - the people hurt are not airline customers, they are the homeowners who had an aircraft parts crash through their roof into their living room.

    • The breach only effects consumer data, which is not really a client or customer of Equifax. Those would be the banks and lenders that use their data conglomeration services.

      The thing about this that bugs me is why in the hell were public facing computers holding access to basically everything someone needs to completely take your identity. Why is that company even allowed to hold anything other than your address, ss# and reporting history ? They shouldn't have credit card or even bank account number info im

    • Reminds me of when Experian [krebsonsecurity.com] basically let all thier data be stolen too. The purchased a company that then stole the data. Or when all 3 credit agencies [crn.com] had a breach. But they sure got thier due when the hundred billion dollar fines rolled in!!! Just kidding of course, barely a slap on the Wrist. Nothing is going to happen and Equifax will promise not to do it again - until it happens again in about 18 months.

  • Update your account info now... (Score:1)

    by Anonymous Coward

    Seems like now would be a good a time as any to update all online accounting info, passwords especiallly.

    Be sure to do from a 'one off' browser session, and promptly delete afterwards.

    Cookies are evil, remember? Browsers aren't much better, so that doesn't help...

    Naturally, you can always move back to 'paper checks', which I contemplate every day...

  • Someone filed a fraudulent return for me on March 30 of last year. They had their "refund" sent to a debit card. I've used the same CPA for 30 years, which gives you and idea of how well the IRS detects fraud. I have no idea how my information was stolen. A few points:

    1. The best defense is to file early (e.g., February).
    2. As a victim of id theft, you should qualify for a free credit freeze. Good luck. Out of six requests (3 each for me and my wife) only one was accepted. You can waste your time

