Equifax
Latest
It doesn’t matter if China hacked Equifax
On Monday the FBI and AG Barr announced "an indictment last week charging four members of the Chinese People's Liberation Army (PLA) with hacking into the computer systems of the credit reporting agency Equifax and stealing Americans' personal data and Equifax's valuable trade secrets." China's military refutes the charges.
Federal prosecutors indict four Chinese military officers over Equifax hack
The Justice Department has charged four Chinese People's Liberation Army (PLA) officers in relation to the 2017 Equifax hack in which the personal details of some 145 million US consumers and nearly a million UK and Canadian citizens were stolen. The data included names, addresses, birth dates, Social Security numbers and some drivers license details.
Senators ask credit agencies why they don't report FBI data requests
Tech companies have long disclosed the number of national security letters (NSLs) they get from authorities, but the credit reporting agencies that often dictate your financial future have been silent -- and Congress wants answers. Senators Elizabeth Warren, Ron Wyden and Rand Paul have sent letters to the CEOS of Equifax, Experian and TransUnion asking why the companies don't divulge how many NSLs they receive from the FBI, or release those requests once the non-disclosure orders end. These companies have the "responsibility" to come clean about their information handling when they have loads of "potentially sensitive data," the senators said.
Security fails we’re kinda thankful for
As we gather 'round the fire, warming our facepalm-weary hands, the blaze burning bright with the shreds of our privacy and security, it's important to reflect on what we're grateful for: Companies that did the infosec version of stepping on a rake, forcing them to secure us better. Idiots who tried to "hack" the FCC comment system while leaving their OPSEC cake out in the rain. Whatever geniuses left road signs eminently hackable, and the ones who made ATMs susceptible to malware that literally spits out cash. Here are the "winners" of utter and complete security failures we're almost grateful for. Let's hope the next time these clowns fall off a stack of servers, they don't fail to miss the ground.
FTC warns Equifax claimants will get 'nowhere near' $125 cash payout
When the FTC and other government agencies reached a settlement deal with Equifax over its massive data breach, people affected were offered as much as $125 in cash. Now, the FTC is encouraging claimants to choose the free credit monitoring option instead, because there's absolutely no way everyone is getting $125. Apparently, the money earmarked for cash payments is only $31 million -- a tiny fraction of the $700 million settlement all the parties agreed on.
Equifax settlement for data breach will only cost it $4 per person
The reports of an impending Equifax settlement were true. The company has agreed to settle with the Federal Trade Commission, the Consumer Financial Protection Bureau, attorneys general and New York's Department of Financial Services over its massive 2017 data breach. It will pay between $575 million to $700 million to victims, states and regulators, including a restitution fund that will pay up to $425 million to provide credit monitoring for up to 10 years. About $300 million is guaranteed for the monitoring payout, with $125 million more waiting if that initial amount runs low.
Equifax reportedly close to $700 million data breach settlement
Remember that time Equifax had a data breach and leaked an incredible amount of information -- addresses, social security numbers and even driver's licenses -- on more than 143 million people in the US alone? That was revealed nearly two years ago, and tonight media reports suggest the company is closing in on a settlement with federal and state agencies including the FTC, Consumer Financial Protection Bureau and state attorneys general. The New York Times and Wall Street Journal reported it could pay between $650 and $700 million, near the $690 million figure Equifax told investors it had set aside for a penalty. According to the reports, details will be announced on Monday, and the amount could vary depending on how many people file claims. It's not clear how much those affected could expect in compensation, but the settlement supposedly includes terms to create a fund for that purpose. The Equifax breach came after hackers exploited a known flaw in unpatched software that its former CEO pinned on one employee instead of flawed policies. The data broker already agreed to new rules on security policies in some earlier settlements, and it remains to be seen if or how this will add additional oversight.
New York settles with Equifax and others over lax mobile app security
New York Attorney General Barbara Underwood announced that the state has reached settlements with five companies regarding a security vulnerability present on each of their mobile apps. Going forward, the companies -- Equifax, Western Union, Priceline, Spark Networks and Credit Sesame -- will be required to implement security programs aimed at protecting their customers' information.
House committee says Equifax data breach was 'entirely preventable'
Congress clearly didn't buy Equifax's attempt to pin its massive data breach on one lone technician. The House Oversight and Government Reform Committee has released a staff report declaring that the breach was "entirely preventable" and the result of widespread, systemic flaws in Equifax's security policies. The company didn't have "clear lines of authority" in its IT structure that would have properly enacted policies, for one thing. It also had "complex and outdated" systems that didn't keep pace with its growth, wasn't prepared to help victims and made basic security missteps. Equifax let more than 300 security certificates expire, for example, making it difficult to spot intrusions.
An early test of the GDPR: taking on data brokers
Major data brokers Acxiom and Oracle are among seven companies accused of violating GDPR laws on personal information privacy. Advocates hope the complaints will shed light on the opaque ways that personal data is traded through third parties online both in the EU and the US. The General Data Protection Regulation is a sweeping personal data privacy law that came into force in late May in the EU. For the rest of the world, it's viewed as a bellwether for whether Big Tech can be held in check when immense data leaks seem to happen with painful regularity.
Equifax faces £500,000 fine in the UK over massive data breach
UK officials have slapped Equifax with a £500,000 (US$660,000) fine for failing to protect up to 15 million citizens' personal data. The Information Commissioner's Office (ICO) has announced its verdict after almost a year-long investigation with the Financial Conduct Authority. Together, they looked into the massive Equifax breach that affected 146 million people around the world. Cybercriminals infiltrated the consumer credit reporting agency's systems by using an exploit on its website to gain access to people's names, addresses, birthdates, SSNs, as well as tax and driver's license information.
Equifax confirms data breach included driver's licenses and passports
Equifax has been dribbling out updates to the scope of its 2017 data breach for months, but how much information was compromised, exactly? You now have a better idea. The credit reporting firm has submitted a statement to the SEC explaining how much data was compromised across numerous categories. And... it's not pretty.
Senate set to approve bill that would make credit freezes free
In the aftermath of last year's Equifax data breach, a handful of Senators led by Elizabeth Warren introduced a bill that would allow consumers to freeze their credit at any time for free. Now the Senate appears to be set to approve a broader banking bill that includes that stipulation, the Wall Street Journal reports. Currently, eight states and Washington DC require credit-reporting agencies like Equifax, Experian and TransUnion to provide credit freezes at no cost to the consumer while the other 42 states allow those companies to charge fees in most cases. But this bill, on track to be approved by the Senate next week, would make it so all consumers across the country could request and end a credit freeze without having to pay any fees to do so.
Equifax finds another 2.4 million people affected by its data breach
Last month, reports surfaced that more information than previously thought may have been exposed in Equifax's massive data breach and today, Reuters reports, the has company confirmed it. Along with the 145.5 million individuals already reported to have been affected by the breach, Equifax says another 2.4 million were as well. However, their exposed data was limited to names and partial driver's license information. The company said that in most cases, home addresses as well as driver's license states, issue dates and expiration dates weren't included in the stolen data.
How security became more important than convenience
Since the dawn of infosec, the belief that we users are a group of dullard cattle who blindly trade our own security for convenience at every turn has been trumpeted by the stewards of IT and the infosec-arrogant, while bolstered by old research. Not anymore, says a new in-depth study from IBM on consumers' relationships with biometrics, authentication and the future of identity. If they have a choice, consumers now prefer taking extra security steps over using "123456" as a password.
Equifax breach may have exposed more data than first thought
The 2017 Equifax data breach was already extremely serious by itself, but there are hints it was somehow worse. CNN has learned that Equifax told the US Senate Banking Committee that more data may have been exposed than initially determined. The hack may have compromised more driver's license info, such as the issuing data and host state, as well as tax IDs. In theory, it would be that much easier for intruders to commit fraud.
32 senators want to know if US regulators halted Equifax probe
Earlier this week, a Reuters report suggested that the Consumer Financial Protection Bureau (CFPB) had halted its investigation into last year's massive Equifax data breach. Reuters sources said that even basic steps expected in such a probe hadn't been taken and efforts had stalled since Mick Mulvaney (pictured above) took over as head of the CFPB late last year. Now, 31 Democratic senators and one Independent have written a letter to Mulvaney asking if that is indeed the case and if so, why.
The only thing Equifax's new credit app locks is itself
Equifax still appears to have trouble wrapping its head around the concept of trustworthy software following its massive security breach. The company has launched its promised free credit report locking service, Lock & Alert, but there's one overriding problem: at least initially, the mobile app associated with it doesn't appear to work. The New York Times and Ars Technica both report pervasive problems with the app, ranging from the basic login to... you know, locking your credit report. In the NYT's case, the tester gave up after the locking attempt stalled five times in a row.
2017’s biggest cybersecurity facepalms
2017 was a year like no other for cybersecurity. It was the year we found out the horrid truths at Uber and Equifax, and border security took our passwords. A year of WannaCry and Kaspersky, VPNs and blockchains going mainstream, health care hacking, Russian hackers, WikiLeaks playing for Putin's team, and hacking back. In 2017 we learned that cybersecurity is a Lovecraftian game in which you trade sanity for information. Let's review the year that was (and hopefully will never be again).
Equifax committee says executive stock sales weren’t insider trading
The eyes of the Securities and Exchange Commission and the US Department of Justice have been focused on some questionable stock sales initiated by three Equifax executives a month before the data breach that exposed 143 million US consumers' personal information was revealed to the public. Those agencies have been investigating the sales, which amounted to nearly $1.8 million, and are working to determine whether they were the result of insider trading. However, CNBC reports today that an Equifax committee has reviewed the sales and found no signs of misconduct.