Slashdot Mirror
Credit Reporting Firm Equifax Announces 'Cybersecurity Incident Impacting Approximately 143 Million US Consumers' (cnbc.com)
Equifax, which supplies credit information and other information services, said Thursday that a cybersecurity incident discovered on July 29 could have potentially affected 143 million consumers in the U.S. "The leaked data includes names, birth dates, social security numbers, addresses and potentially drivers licenses," reports CNBC. "209,000 U.S. credit card numbers were also obtained, in addition to 'certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers."
Chairman and Chief Executive Officer, Richard F. Smith said in a statement: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident." Equifax is now alerting customers whose information was included in the breach via mail, and is working with state and federal authorities.
UPDATE (9/7/17): According to Bloomberg, "three Equifax senior executives sold shares worth almost $1.8 million" in the days after the company discovered the security breach. Regulatory filings show that three days after the breach was discovered on July 29th, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099." Meanwhile, "Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2."
Chairman and Chief Executive Officer, Richard F. Smith said in a statement: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident." Equifax is now alerting customers whose information was included in the breach via mail, and is working with state and federal authorities.
UPDATE (9/7/17): According to Bloomberg, "three Equifax senior executives sold shares worth almost $1.8 million" in the days after the company discovered the security breach. Regulatory filings show that three days after the breach was discovered on July 29th, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099." Meanwhile, "Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2."
CLASS ACTION LAWSUIT! These companies that want to collect all this personal data of people and fail to protect it need to be sued into non-existence!
NOW can we stop using SS# as a national identifier? Jeez!
Which has more power: the hammer, or the anvil?
Typically when a company screws its clients, they risk clients no longer using their service, so usual market forces apply. This is not the case here. Most of their customers never chose to use Equifax or even given any explicit permission for them to collect their data. Yet, they do collect it and sell credit scores. The problem is that market forces don't work here, i.e. those customers who got hurt are not really paying, or even willing, customers and have no choice to opt out of the service, and those who buy credit scores are not really affected much.
As much as I am generally against regulation, this is one area I think they should be held fully liable, including compensating any affected customers for ALL of their expenses, including their time at some reasonable rate at or above what that customer usually makes per hour - that includes any waiting on hold while calling any of the companies to clear things out. Maybe this would cost Equifax its life, so be it, the next company will be much more careful what they do with the data. This would be no different than an airline being held liable for damaging property of killing people because their planes are shedding parts - the people hurt are not airline customers, they are the homeowners who had an aircraft parts crash through their roof into their living room.
Why?
It *is* a national identifier. It needs to stop being used as an authenticator.
SSN and Name first, Name last, Name middle should be interchangeable from a data and security standpoint.
The problem is that SSNs have been used as authenticators for the name and that's not what they were designed for.
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Right now, someone who has your information but no real proof of identity can borrow money as "you", and the creditor gets to libel you via the credit reporting agencies when they don't get paid.
This must stop. Please write Congress and demand that creditors no longer have the right to libel you as a non-payer unless they can prove it was actually YOU who borrowed their money and failed to repay as promised instead of just someone who had some information about you, that they didn't bother doing due diligence on to verify.
I've already written Congress about this several times, but now it's literally EVERYONE'S information that has been stolen, and the whole nation must face the fact that they are vulnerable to this sort of thing now.
--PeterM