Domain: equifaxsecurity2017.com
Stories and comments across the archive that link to equifaxsecurity2017.com.
Comments · 8
-
Re:Wait just one damned minute!
I, for one, have NEVER signed any kind of contract with Equifax, so howdahell would this apply to me?
It wouldn't. But don't take my word for it -- read where Equifax itself specifically said so.
Or, is Congress doing the usual "Fuck the poor!" approach, legal rights and non-contracts be damned?
No. This is just another misleading, sensationalist, clickbait headline in whatever it is Slashdot has become these days.
-
Re:Why So Long?
What you signed up for two weeks ago was to give up your right to sue Equifax and agreed to binding arbitration.
That's a well-traveled urban myth that Equifax specifically addressed weeks ago, here:
No Waiver Of Rights For This Cyber Security Incident
In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.
-
Re:Why Java?
and thus far has anyone proven that Struts was the source of the hack?
Yes, Equifax has.
Questions Regarding Apache Struts
The attack vector used in this incident occurred through a vulnerability in Apache Struts (CVE-2017-5638), an open-source application framework that supports the Equifax online dispute portal web application.
Based on the company’s investigation, Equifax believes the unauthorized accesses to certain files containing personal information occurred from May 13 through July 30, 2017.
The particular vulnerability in Apache Struts was identified and disclosed by U.S. CERT in early March 2017.
Equifax’s Security organization was aware of this vulnerability at that time, and took efforts to identify and to patch any vulnerable systems in the company’s IT infrastructure.
While Equifax fully understands the intense focus on patching efforts, the company’s review of the facts is still ongoing. The company will release additional information when available. -
Re:Personal experience with Equifax
So pursuing the matter a bit farther led to this link, which finally helped me get a provisional answer to the first question.
http://fortune.com/2017/09/15/...
Turns out I was looking at it from the "wrong" perspective, but with the hints from the article, I was able to figure out that clicking on "Enroll" button at https://www.equifaxsecurity201... will partly answer my first question. It doesn't actually say whether or not they have a dossier on me, but it does say that they, the wise and inscrutable people owned by the soulless monster Equifax, currently believe my personal information was not included in the big data breach and theft that they know about.
Still don't trust Equifax enough to follow up on the rest of the scam, in spite of the recommendation from the Fortune link. First year's free, eh? How much trouble to make the bills go away next year?
Should I rehash my fundamental principles of personal information protection? On Slashdot?
-
Open source software blamed for the breach huh?
I wonder what they used for their horribly broken website https://www.equifaxsecurity201..., which can't even seem to reliably tell you if you were affected by the incident. But I'm not surprised that a company with such shitty security to allow practically all adult Americans' identities to be exposed can't even get their check to find out if you have been exposed right. But, based on the numbers, and subtract everyone who does not have a credit history (age 17 and under), it's safe to assume that *every* U.S. citizen with a credit history has to watch their asses from here on, for the rest of their life. Is Equifax going to blame open source software for that piece of shit site/impact checker too? Equifax... what a fucking joke.
-
Re:Per Brian Krebs...
Their site is even worse than Krebs points out. I followed a link in a CNN article to the Equifax site. If I enter certain personal info, it purports to tell me if I'm affected by the hack and says it will give me the option to sign up for TrustedID Premier.
I put in my last name, a few digits of my SSN, and passed the captcha. It took me directly to a page thanking me for signing up for TrustedID Premier. It never told me if I was affected. Since others are getting the site to (sorta) work, I'm not sure if it was the fact that I was in incognito mode, my ad blocker, or my various script blockers which caused the site to malfunction. It sure as h*ll better not have signed me up for TrustedID Premier. -
Re:Hopefully this will be the end of equifax
Rotten and incompetent.
The equifax main site sends users to https://www.equifaxsecurity201... which points to https://trustedidpremier.com/e... which then asks for a last name and 6 digits of a social security number. -
in UK and Canada too
https://www.equifaxsecurity201...
As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps.