creditbureau
Latest
Equifax's chief security and information officers are out
Equifax's Chief Security Officer Susan Mauldin and Chief Information Officer David Webb have both left the company as it deals with the fallout from a months-long hacking campaign that compromised the personal information of 143 million people this year. Attackers took advantage of an unpatched server flaw to steal names, addresses, dates of birth, social security numbers and other identifying information from Equifax's database from May 13th to July 30th. The server flaw was made public more than a month before the hack began.
Equifax blames breach on a server flaw it should've patched
Equifax's latest update on its unprecedented security breach notifies the public that its investigation has found the cause of the theft. Along with an unnamed security firm (ZDNet and others have reported it's Mandiant) the company confirmed rumors that attackers exploited a flaw in the Apache Struts Web Framework. That bug, CVE-2017-5638, was revealed in March, but the criminals were still able to use it against Equifax to steal personally identifiable information (PII - including names, birth dates, social security numbers and more) for 143 million people in the US in mid-May.
Senators call for credit report changes after Equifax breach
In light of the Equifax breach that exposed personal information of over 143 million US citizens, a handful of senators have reintroduced legislation that would put more power in the hands of consumers when it comes to their credit reports. Senators Brian Schatz (Hawaii), Elizabeth Warren (Massachusetts), Claire McCaskill (Missouri), Richard Blumenthal (Connecticut), Bernie Sanders (Vermont) and Jeff Merkley (Oregon) have reintroduced the Stop Errors in Credit Use and Reporting (SECURE) Act.
Equifax tries to explain its response to a massive security breach
A day after announcing that hackers stole personal information tied to 143 million people in the US, Equifax's response to the breach has come under scrutiny. Language on the website where people could find out if they were affected seemed to say that by signing up they would waive any right to join a class action suit against the company -- something New York Attorney General Eric Schneiderman said is "unacceptable and unenforceable." The company has since explained it does not apply to the data breach at all, but that hasn't stopped misinformation from spreading.
Equifax security breach leaks personal info of 143 million US consumers
One of the largest security breaches ever has come to light today as Equifax revealed attackers used an exploit on its website to access records for 143 million US citizens (for reference, the US has a population for 323 million or so, that's about 44 percent). The oldest of the three major US credit bureaus, it maintains information on over 800 million people for credit and insurance reports, which is also a juicy target for anyone trying to steal data. Equifax says the breach lasted from mid-May through July 29th when it was detected. The criminals had access to information that could allow them to create or take over accounts for many of the people impacted since they have names, addresses, birth dates, social security numbers and "in some cases" drivers license numbers. An unspecified number of UK and Canadian residents were hit, plus the credit card numbers for 209,000 people and certain dispute documents for 182,000 people in the US.
