Equifax Increases Number of Britons Affected By Data Breach To 700,000 (telegraph.co.uk) 58
phalse phace writes: You know those 400,000 Britons that were exposed in Equifax's data breach? Well, it turns out the number is actually closer to 700,000. The Telegraph reports: "Equifax has just admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised. The company originally estimated that the number of people affected in the UK was 'fewer than 400,000.' But on Tuesday night it emerged that cyber criminals had targeted 15.2 million records in the UK. It said 693,665 people could have had their data exposed, including email addresses, passwords, driving license numbers, phone numbers. The stolen data included partial credit card details of less than 15,000 customers."
Please let one of them be Queen Elizabeth (Score:2, Funny)
Then we can be sure heads will roll, literally, in the Equifax C-suite.
Re: Please let one of them be Queen Elizabeth (Score:2, Funny)
I'm sure the Queen would be furious if someone knew her information. Why, they might try to take out a loan in her name, or steal her tax return, or cash known bad checks in her name.
Re: Please let one of them be Queen Elizabeth (Score:1)
2nd Question: When would the queen have need to buy anything using credit?
3rd Question: Who, when conducting business with the west, would deny the Queen what she requests? When that is a matter or purchasing a desired good or product or service?
Re: Please let one of them be Queen Elizabeth (Score:4, Funny)
And ended up with Donald Trump as president
Re: (Score:3, Insightful)
Because Killary would have been so much better...
Yes, Hillary would have been better without doubt.
Re: (Score:2)
Because Killary would have been so much better...
Yes, Hillary would have been better without doubt.
Yup, you keep feeding off those 'unbiased' media reports there and preaching about freedom and rights while telling others their opinions are hate speech crimes that should be prosecuted.
You don't have to be a fan of Trump to see the stupidity surrounding the rabid Hillary supporters.
Re: Please let one of them be Queen Elizabeth (Score:4, Insightful)
George W Bush sans two thirds of his brain would have been better. A lobotomized trout would have been better.
Re: Please let one of them be Queen Elizabeth (Score:5, Insightful)
Literally any fucking eligible human citizen would be better. Including Killary. Open a phone book and point. Better than Trump.
You fell for Russian psyops, dopey cunt.
Re: (Score:2)
Decades of GOP attack on critical thinking has succeeded. Attack scientists, attack news, attack (defund) education/npr and you can eliminate questions about trick-down economics, religion, climate change, fracking, scientific method and push though what ever pseudo-crap you want to ensure the oligarchy continue to pillage people and the environment for profit at will with an eve
Re: (Score:1)
No sense crying in your beer because your president can't get anything done.
There's a lesson for you in it all: when somebody submits a resume that clearly shows they are not qualified for the job, you don't fucking hire them.
Of course Hillary would have been better. On top of her own political experience, she would have been backed by her husband's experience, who, if I recall correctly, carried a fucking booming economy during his two terms in office. But lemme guess, you're going to try to spin it to g
Re: (Score:2)
Re: (Score:2)
If it was the NSA who conducted the breach, than they already have the Queens details, knowledge of tax evasions scams, corruption of democracy plots and the predilection of her family members for minors. When you are descended from homicidal maniacs who publicly tortured to death anyone who disagreed with them (also the rest of their family and even pets) and this without shame and embarrassment, in fact quite the opposite, celebrating the ancestors psychopathic douche baggery, you and your family are boun
Financial CEOs (Score:5, Interesting)
Re: Financial CEOs (Score:1)
However, I would surmise that it is unlikely.
You have to ask yourself, what did these companies hire Equifax to do? It wasn't to safeguard the data of their customers.
Re:Financial CEOs (Score:5, Insightful)
The wealthy aren't affected by these breaches. They can simply hire other people to worry about that sort of bothersome thing on their behalf. Any sort of problem like "identity theft" is resolved with a simple phone call to their bank's manager, with whom they occasionally golf on the weekends.
700,000 Britons, so how many Chavs? (Score:1)
I love imperial math units.
Come on now, Equifax (Score:3)
No need to mete out the bad news. We know it was everyone.
Re: (Score:1)
Re: Come on now, Equifax (Score:1)
Re:Come on now, Equifax {no - thank them} (Score:1)
Good News (Score:1)
This is good news! The fact that this affected people outside the US means that maybe a government without a mouth full of corporate dicks will actually do something about it.
Re: Good News (Score:2)
Re: Good News (Score:4, Interesting)
They're lucky it happened now, maximum fine is £500,000.
Come May next year when GDPR comes into force they could've been charged 4% of global turnover.
There is legislation in the UK to allow individuals to be held responsible though, so it's possible Equifax's security chief, CTO, or CEO could be held personally responsible if there's sufficient evidence they mishandled it.
This industry is incredibly tightly regulated in the UK though, Equifax could lose it's license to practice as a CRA if there is evidence of severe negligence.
Sucks (Score:1)
When you get caught with something ( in this case data ) you're not even supposed to have . . . . . . .
I like how they try to downplay it by pretending it was only X or Y. Completely avoiding the whole question of why they have it in the first place. :|
Should just assume *all* data is compromised (Score:2)
I don't know why they don't just admit that *everyone's* information is compromised and just be done with it.
And then all credit bureaus should be forcibly shut down their databases burned. They are completely unneccessary and it's not even clear they provide a benefit to the lenders that use (and pay) them.
Can we get a quote from Prince Phillip? (Score:2)
He usually has some wise words.
Re: (Score:2)
He usually has some wise words.
Ahem, His Royal Highness has recently retired from public life, so, no.
Whitelist (Score:2)
Perhaps it would be simpler to just start a list of everyone not affected by this data breach? It might sound like it would still be a long list, but after another year of revelations I think it will top out to a few dozen, maybe 50, people at most.
Re: (Score:2)
Perhaps it would be simpler to just start a list of everyone not affected by this data breach? It might sound like it would still be a long list, but after another year of revelations I think it will top out to a few dozen, maybe 50, people at most.
That many people in Equifax’ upper management?
Re: (Score:2)
Obviously they cannot publish a whitelist. The only people who weren't affected are the people Equifax doesn't know about.
Re: (Score:2)
Perhaps it would be simpler to just start a list of everyone not affected by this data breach?
What you mean both of them?
The Only Safe Course Of Action... (Score:3)
The UK's data regulator, the Information Commissioner's Office, must immediately demand that Equifax provide them with proof that every single UK citizen on whom Equifax has held data has been contacted and has acknowledged that contact.
Why so extreme? Because if one thing is apparent from this appalling incident it is that Equifax simply don't know what they are doing when it comes to safeguarding the data of their users. It is borderline offensive that a company can go public with a statement to admit that they have just detected a hack which took place months previously, only to then turn round within a matter of days and claim to know exactly what was accessed, what was stolen.
The bottom line is that if an attacker was good enough to get into their systems and wander around for days, weeks or months without being detected, then it stands to reason that they were also good enough to make sure that logs of their activities were disabled and/or wiped. The mere fact that Equifax were hacked in the first place should tell us everything that we need to know about placing reliance on their IT Security or IT Forensic skills. [ And no, hiring in an outside specialist consultancy to help may not be good enough. When the data is gone, it's gone - a good attacker will have left few traces].
There is another major problem with the Equifax approach. Publicly, they claim that "several hundred thousand" UK citizens may have been hit by their breach. Given the size of this number, it means that any individual contacted by Equifax will have to assume that "they are one of the unlucky ones". But this leaves us with two problems. Firstly, how do we know that Equifax aren't lying now and just contacting everyone? Are they making deliberately misleading statements to try and placate their regulators? Secondly - and potentially much more significantly - how do you know if you are an "Equifax customer" in the first place? They don't mean customer, do they? They mean data subject: i.e., victim. If you have a credit card or applied for a loan or purchased a car or an expensive product on any form of hire purchase or store credit agreement, then you are potentially an Equifax customer. But when you bought your three-piece suite or that new car, did the store or dealership explicitly tell you that their credit-checking services were provided by Equifax? I doubt it.
I think the British people need to be demanding that Equifax are:-
1. Given a *massive* fine by the Information Commissioner's Office.
2. Made to pay compensation to every UK citizen held in their records.
3. Forced to provide lifelong free credit protection services, including alerting them when people run credit checks against them or attempt to access their records.
3. Forced to disclose, completely, in 100% detail, every last scrap of data held by Equifax against every UK citizen. If necessary, to offer to explain to the person what has been taken and how it could be used, to educate their victims and help them defend against identity theft and fraud.
4. Have their license for operating in the UK revoked, immediately, and be prevented from operating in the UK or taking or collecting data from UK subjects.
Only something as clear and powerful as this will send a message to companies like Equifax that they are putting people at tremendous risk. These companies see themselves as untouchable, see their business model as all up-sides. They get their data for free as part of 2-way deals, and then sell it on for a profit.
These people are parasites.
Re: (Score:2)
Re: (Score:2)
The government concerned needs to send a clear message to other information brokers, to make it very clear to them that there is zero tolerance for this sort of data breach. There needs to be a real, material punishment. I accept that revoking an [information broker] license that would bar the culprit from the market permanently, but I would like to see the participants actually held to personal account for the failures they have presided over.
And if there aren't suff
Re: (Score:2)
You can't punish Equifax too harshly because if they collapse they take millions of people's credit history with them. If, for example, you years of on-time mortgage payments are logged by Equifax and their records go away, all that information will be lost and your perceived risk to creditors will go up.
For Equifax to lose their licence what they did would have to be worse than the consequences of those records being lost.
However...
3. Forced to provide lifelong free credit protection services, including alerting them when people run credit checks against them or attempt to access their records.
3. Forced to disclose, completely, in 100% detail, every last scrap of data held by Equifax against every UK citizen. If necessary, to offer to explain to the person what has been taken and how it could be used, to educate their victims and help them defend against identity theft and fraud.
Those should be mandatory for all credit reference agencies anyway.
Re: (Score:2)
Sorry, I don't buy it. Equifax have already demonstrated that they cannot be trusted to keep consumer data safe. There are only two remedies for this:
1. Take the data away from them.
2. Find a way of providing an absolutely SOLID guarantee that all their data is now and will remain 100% secure...
Think about that second item for a moment. Who among their data subjects would trust them w
Re: (Score:2)
Yes, that's what I'm saying. You could write to them withdrawing your consent for them to hold data about you, but all that would do is damage your ability to get credit.
I agree it's a really bad situation. Taking the data off them wouldn't really solve the problem, just hand it to another bunch of idiots. The core of the problem is relying on such databases to determine credit worthiness.
Re: (Score:2)
We agree it's a bad situation...
With respect to taking the data away from Equifax, we have a slightly different view. In my idea world, the government would step in, bar Equifax from operating, charge the directors with criminal negligance and then take the Equifax data set and offer it for sale to other companies in the market. They would include a set of terms and conditions that
ISO certification (Score:4, Interesting)
From Equifax' website:
Equifax is ISO/IEC 27001:2013 certified by a reputable independent third party.
It is difficult to imagine now that ISO/IEC 27001 (information security management) means anything.
Who is this "reputable independent third party"?
Re:ISO certification (Score:4, Interesting)
Such an audit is valid for a maximum duration of 12 months and thus has to be completed annually. It would be very interesting to compare the results of that audit with details of the system[s] that were breached, to determine what level of diligence was provided by the ISO Auditor.
I wonder if Equifax can substantiate that claim? Interesting...
Re: (Score:2)
Does the auditing process involve proper tiger-team pen-testing?
Re: (Score:2)
They're not going to tell you that! That third party has a reputation to uphold.
Unstated but ultimately correct bottom line (Score:2)
If you have ever participated in the 20th or 21st Century banking or credit system, Equifax has given away your personally identifiable information.