Equifax
Latest
Equifax data breach is also being investigated by UK officials
While 143 million US residents were affected by the Equifax breach, they weren't the only ones impacted. Nearly 700,000 UK residents also had their information stolen -- including phone numbers, driver's license numbers, email addresses, user names, passwords and partial credit card details -- and UK authorities are now investigating the company.
IRS freezes its fraud prevention contract with Equifax
The IRS got a lot of flak from both ordinary citizens and lawmakers when it awarded Equifax a fraud prevention contract earlier this month. After all, they forged their partnership after the credit reporting agency revealed that it recently suffered a massive security breach that affected 145 million Americans. Now, after reports came out that an adware installer lived in the agency's website, IRS has decided to temporarily suspend the $7.2 million, no-bid contract.
Equifax may have been hacked again (update: not a breach)
When Equifax's interim CEO penned a letter of apology on The Wall Street Journal, he admitted that it will take a lot of effort to regain people's trust. Unfortunately, the company still seems to be lacking when it comes to security, because according to Ars Technica, it's been hacked yet again. Independent security analyst Randy Abrams told Ars that he was redirected to hxxp:centerbluray.info and was met with a Flash download when he went to equifax.com to contest a false info on his credit report.
Equifax breach included 10 million US driving licenses
10.9 million US driver's licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers' records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver's licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency's system.
IRS hands fraud prevention contract to Equifax despite massive hack
You'd think that government agencies would be reticent to work with Equifax given that it just exposed the private info of more than 145 million people through a preventable hack, but a massive data breach apparently isn't enough of a deterrent. The Internal Revenue Service recently awarded Equifax a fraud prevention contract that will have it verifying taxpayer identities. And crucially, it was a no-bid, "sole source" contract -- Equifax was deemed the only company capable of fulfilling demand.
Former Equifax CEO blames breach on one IT employee
The Equifax data breach that leaked information on the now-145 million people was caused by a vulnerability in Apache's Struts system. Trouble is, the software provider supplied a patch back in March that should have eliminated that vulnerability. But Equifax's former CEO (who suddenly retired last week) told the House Energy and Commerce Committee that a single IT technician was at fault for the whole thing after they failed to install the patch.
Equifax will warn 2.5 million additional hacking victims by mail
The hack that compromised Equifax was bad enough, but its response only seemed to make things worse. Even the website that verified the potential threat to your data left many people wondering. Equifax wants to remove any doubt, though. In the wake of a just-completed forensic investigation by security partner (and sometimes foe) Mandiant, Equifax has announced that it's mailing written notices to everyone who was confirmed as affected since it disclosed the hack on September 7th. That's no mean feat when 2.5 million more Americans have been added to the tally (which now stands at 145.5 million affected) as a result of the investigation. The website should reflect the additional hack victims no later than October 8th, so you might not have to wait for a letter to find out whether or not you're part of this newer batch.
Equifax breach shows signs of a possible state-sponsored hack
Ever since word of the Equifax hack got out, there's been one lingering question: was it a state-sponsored attack, or just criminals who took advantage of a security hole? At the moment, it looks like it might be the former. Bloomberg sources have shed light on the ongoing investigations into the breach, and they claim there are signs of a government's involvement. The initial group of hackers weren't particularly experienced, according to the tipsters, but they handed things over to a more "sophisticated" team. There are even hints that this might be the work of Chinese intelligence agents, although it's not yet clear who's responsible.
Equifax to launch a free lifetime credit lock service
Equifax's new chief knows it'll take a lot of effort to make people trust the credit reporting agency again. He started by penning a letter of apology published by The Wall Street Journal, wherein he admitted that the company wasn't able to live up to people's expectations. Equifax was hacked, he wrote -- its website "did not function as it should have," and its "call center couldn't manage the volume of calls" the company received after the security breach was made public. The interim CEO has also revealed that Equifax will launch a new service on January 31st that will give you the power to lock and unlock your credit anytime. Best thing about the offer? It will be free for life to all its customers in the US.
Equifax CEO Richard Smith suddenly decides to ‘retire’
Equifax has been in the news lately for all the wrong reasons, following a chain of blunders and mismanagement after it revealed that a security breach leaked the personal data of 143 million people. This morning, the CEO of Equifax and chairman of its board, Richard Smith, retired effective immediately.
Why Equifax’s error wasn’t hiring someone with a music degree
In the wake of the Equifax breach, a significant number of people lost their minds this week upon discovering that one of its newly deposed security executives has a degree in music composition. Despite 14 years of experience as a security professional in other companies, Susan Mauldin was mocked and dragged online for being a "diversity hire" who is "unqualified" for the job.
Experian makes it easy for someone to undo your credit freeze (updated)
Turns out Equifax isn't the only credit reporting agency with garbage security, which probably shouldn't come as a surprise at this point. As Brian Krebs reports on his security news website, Experian has a few issues too, namely some incredibly lax barriers to obtaining a PIN used to unlock a credit freeze.
Equifax stock sales prompt DOJ investigation for insider trading
Things are about to get even worse for Equifax, and rightfully so. According to reports from Bloomberg, the US Department of Justice (DOJ) has opened a criminal investigation into Equifax officials' stock sales just before the announcement of the security breach that exposed data from 143 million US consumers. Equifax CFO John Gamble, President of US Information Solutions Joseph Loughran and President of Workforce Solutions Rodolfo Ploder dumped nearly $1.8 million in stock just after the company discovered the breach and about a month before it was announced. Equifax has maintained that the three didn't know about the breach when they sold the stock.
Equifax's chief security and information officers are out
Equifax's Chief Security Officer Susan Mauldin and Chief Information Officer David Webb have both left the company as it deals with the fallout from a months-long hacking campaign that compromised the personal information of 143 million people this year. Attackers took advantage of an unpatched server flaw to steal names, addresses, dates of birth, social security numbers and other identifying information from Equifax's database from May 13th to July 30th. The server flaw was made public more than a month before the hack began.
Senate bill calls for free credit freezes after Equifax breach
US Senator Elizabeth Warren and a handful of her Democratic peers have introduced a bill intended to give consumers more control over the information collected by credit-reporting agencies including Equifax, TransUnion and Experian. The Freedom From Equifax Exploitation Act is in response to a massive security breach at Equifax that compromised the personal information of 143 million people. Equifax reported the hack on September 7th, though the attack itself was live from mid-May through the end of July.
The FTC is investigating Equifax's data breach
It's been a long week for Equifax, sure, but that's to say nothing about the 143 million consumers affected by the massive financial data breach. In a move that should bode well for the latter while placing more scrutiny on the former, the Federal Trade Commission has officially announced that it's looking into the matter. "The FTC typically does not comment on ongoing investigations," spokesperson Peter Kaplan said in a statement to Reuters. "However, in light of the intense public interest and the potential impact of this matter, I can confirm that FT staff is investigating the Equifax data breach."
Equifax blames breach on a server flaw it should've patched
Equifax's latest update on its unprecedented security breach notifies the public that its investigation has found the cause of the theft. Along with an unnamed security firm (ZDNet and others have reported it's Mandiant) the company confirmed rumors that attackers exploited a flaw in the Apache Struts Web Framework. That bug, CVE-2017-5638, was revealed in March, but the criminals were still able to use it against Equifax to steal personally identifiable information (PII - including names, birth dates, social security numbers and more) for 143 million people in the US in mid-May.
Equifax waives credit freeze fees after facing backlash
Equifax has learned the hard way that people don't appreciate having to pay $10 for protection when it's not their fault their personal details were compromised. Especially if that $10 solution has its own security flaw. That's why it's now offering to waive all credit freeze fees to prevent identity thieves from opening credit lines in the names of the 143 million Americans affected by the massive cyberattack it suffered. You won't even have to give up your right to join a class action by taking up the bureau on its offer. The bad news is that it will only waive fees for the next 30 days, so you may want to tell your friends to tell their friends to take advantage of the offer while it lasts.
Senators call for credit report changes after Equifax breach
In light of the Equifax breach that exposed personal information of over 143 million US citizens, a handful of senators have reintroduced legislation that would put more power in the hands of consumers when it comes to their credit reports. Senators Brian Schatz (Hawaii), Elizabeth Warren (Massachusetts), Claire McCaskill (Missouri), Richard Blumenthal (Connecticut), Bernie Sanders (Vermont) and Jeff Merkley (Oregon) have reintroduced the Stop Errors in Credit Use and Reporting (SECURE) Act.
Equifax's data breach response has its own security flaw
The Equifax data breach is already unnerving thanks to the sheer scale of sensitive data involved, but it's not helped by the credit reporting agency's initial response. Clients have discovered that the PIN codes Equifax is handing out to help lock your credit report (so a thief can't open a line of credit in your name) are generated by the date and time you made the request. An attacker could determine your code simply through brute force, especially if they have an idea as to when you locked your report.
