Equifax Says Cyberattack May Have Affected 143 Million Customers

Ron CzapalaRon Czapala Posts: 2,384
https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html

excerpt
Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.

The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cybersecurity threat for the agency since 2015.

Equifax, based in Atlanta, is a particularly tempting target for hackers. If identity thieves wanted to hit one place to grab all the data needed to do the most damage, they would go straight to one of the three major credit reporting agencies.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

Criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants. The company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases.

In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken.

Other cyberattacks, such as the two breaches that Yahoo announced in 2016, have eclipsed the penetration at Equifax in sheer size, but the Equifax attack is worse in terms of severity. Thieves were able to siphon far more personal information — the keys that unlock consumers’ medical histories, bank accounts and employee accounts.

“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” said Avivah Litan, a fraud analyst at Gartner.

An F.B.I. spokesperson said the agency was aware of the breach and was tracking the situation.

Equifax has created a website, www.equifaxsecurity2017.com, to help consumers determine whether their data was at risk.

https://www.equifaxsecurity2017.com/

Comments

  • 17 Comments sorted by Date Added Votes
  • Thanks for providing this information. It's a very serious breach for many folks.

    Mekkatronix@yahoo.com
  • Heater.Heater. Posts: 19,540
    edited September 8 Vote Up0Vote Down
    Ron Czapala,

    Ha, that is a hoot. Did you notice their "jingle" at the bottom of that page ?

    Powering the World with Knowledge


    Apparently so!

    english_185x10.png

  • Of course a sensible approach if you think these sharks have leaked everything they know about you is to sign up for their leaky web site and tell them even more.

    Not !
  • I had my identity stolen once...

    They got a lawyer and made me take it back!
  • From USA TODAY

    Equifax cyberattack triggers class-action lawsuit

    https://usat.ly/2vSWy34

    Credit-reporting giant Equifax was hit with a class-action lawsuit within hours after disclosing that a cyberattack had potentially compromised personal information for 143 million U.S. consumers.Filed in Oregon federal court late Thursday, the civil action accuses the Georgia-based company of failing to maintain adequate electronic security safeguards as part of a corporate effort to save money.The lawsuit on behalf of plaintiffs Mary McHill and Brook Reinhard seeks an order requiring Equifax to preserve all records related to the breach and formally designating the case as a class-action for all consumers affected by the cyberattack.
  • Ron CzapalaRon Czapala Posts: 2,384
    edited September 8 Vote Up0Vote Down
    ABC News - "In wake of Equifax breach, what to do to safeguard your info"

    http://abcnews.go.com/Technology/wireStory/equifax-breach-exposes-143-million-people-identity-theft-49694776

    There's no way around it: The news from credit reporting company Equifax that 143 million Americans had their information exposed is very serious.

    The crucial pieces of personal information that criminals may need to commit identity theft — Social Security numbers, birthdates, address histories, legal names — were all obtained. And once your personal data is out there, it's basically out there forever.
    ...
    The strongest possible option a person can take immediately is placing what's known as a credit freeze on their credit files with the major credit bureaus — Equifax, TransUnion and Experian. A credit freeze locks down a person's information, making it impossible to open new accounts and bank cards in their name. But locking your credit also locks you out from opening new accounts as well.

    CNBC

    https://www.cnbc.com/2017/09/08/how-to-protect-yourself-after-the-equifax-data-breach.html
  • Grief.

    Equifax should be barred from any further business. The directors arrested and all computers impounded. Immediately.

    At least then we could contact someone we might trust, the regulators, to find out if our data was published or not.

  • Equifax has the gull.

    If you want help from Equifax, there are strings attached:

    http://money.cnn.com/2017/09/08/technology/equifax-monitoring-services/index.html
  • davejamesdavejames Posts: 3,887
    edited September 10 Vote Up0Vote Down
    Well-written documentation requires no explanation.
  • Updated info at https://www.equifaxsecurity2017.com/
    September 11, 2017

    We are committed to keeping consumers updated on the steps we are taking to provide them with the support they need and address any issues they are facing in response to this incident. We recognize that some consumers continue to face challenges and in response we have made the following updates:

    1) Adjusted our PIN Generation for Security Freezes
    We understand and appreciate that consumers have questions about how a PIN is currently generated for a consumer initiating an Equifax security freeze solution. All consumers placing a security freeze will be provided a randomly generated PIN.

    2) Call Center Support
    When we recognized that Hurricane Irma could impact some of our call center wait times, we arranged to ramp up agents quickly to replace agents impacted by the storm and updated our website to make consumers aware of the situation.

    3) Clarification Regarding Automatic Sign-Up to TrustedID Premier
    We are not requesting consumers’ credit card information when they sign up for the free credit file monitoring and identity theft protection we are offering to all U.S. consumers. Consumers who sign up for TrustedID Premier will not be automatically enrolled or charged after the conclusion of the complimentary year of TrustedID Premier.

    4) Obvious Link from Equifax.com
    To make it easier for consumers to find the website dedicated to providing information about this incident, we have reconfigured our website, www.equifax.com, to feature the link more prominently.

    5) Adjusted the TrustedID Premier and Clarified Equifax.com
    We’ve added an FAQ to our website to confirm that enrolling in the free credit file monitoring and identity theft protection that we are offering as part of this cybersecurity incident does not waive any rights to take legal action. We removed that language from the Terms of Use on the website, www.equifaxsecurity2017.com. The Terms of Use on www.equifax.com do not apply to the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident.

    We are listening to issues consumers have experienced and their suggestions. These are helping to further inform our actions, and we are now sharing regular updates on this website. Thank you for your continued patience and feedback as we continue to improve this process.

  • Interesting letter from them. They did forget the most important part, though:

    6) PRETTY PLEASE DON'T SUE US!
  • They still haven't clarified how they determine whether someone's info has been compromised. There have been reports of different results given for the same last name and SSN digits, along with results for phony names and random digits.

    -Phil
    “Perfection is achieved not when there is nothing more to add, but when there is nothing left to take away. -Antoine de Saint-Exupery
  • Phil,

    Yes indeed: https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/

    These guys should be in jail already and the whole scam shut down.
  • " the TrustedID Premier product being offered to consumers as a result of the cybersecurity incident"

    Yeah, right.

    Besides that the three top execute Officers sold shares worth around $3.500,000 between knowing of the attack and doing a press release about it, they now sell a product to make more money out of their own wrongdoing.

    brilliant

    Mike
    I am just another Code Monkey.

    A determined coder can write COBOL programs in any language. -- Author unknown.

    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this post are to be interpreted as described in RFC 2119.
  • GordonMcCombGordonMcComb Posts: 3,099
    edited September 11 Vote Up0Vote Down
    They still haven't clarified how they determine whether someone's info has been compromised.

    The 143 million figure is probably the number of consumer records they store. They likely don't know what database records were traversed, so they're assuming SELECT *.

    The verification response returns way too quickly for there to be any kind of deep DB lookup. I tried a day after the announcement, and the response came virtually immediately. No hash lookup in the world is that that efficient.

  • "When you make a thing, a thing that is new, it is so complicated making it that it is bound to be ugly. But those that make it after you, they don’t have to worry about making it. And they can make it pretty, and so everybody can like it when others make it after you."

    - Pablo Picasso
  • Simple easy stress free identity theft.
    Equifax had 'admin' as login and password in Argentina - http://www.bbc.co.uk/news/technology-41257576
Sign In or Register to comment.