Slashdot Mirror

← Back to Stories (view on slashdot.org)

Government Officials Begin Investigating Equifax Breach (thehill.com)

Posted by EditorDavid on from the beyond-PIN-numbers dept.

An anonymous reader quotes the Hill: The massive breach of credit rating firm Equifax is attracting scrutiny from government officials across the country. Lawmakers from both parties have expressed concern over the hack, which could have left vulnerable sensitive personal information for as many as 143 million people. The New York, Pennsylvania and Illinois attorneys general have announced formal investigations into the hack...

The Senate Commerce Committee announced on Thursday that it sent a letter to Equifax seeking answers about the extent of the breach and what Equifax is doing to mitigate its impact. In the House, Financial Services Committee Chairman Jeb Hensarling (R-Texas) said that his committee would hold a hearing on the hacks at a to-be-determined date. Hensarling noted in a statement that such breaches are becoming "too common" and that consumers "deserve answers." House Energy and Commerce Committee Chairman Greg Walden (R-Ore.) said that his committee would hold a separate hearing on the matter as well.

6 of 142 comments (clear)

  1. Re:Quick question... by richy+freeway · · Score: 5, Informative

    https://www.theregister.co.uk/...

  2. Re:Details of breach? by hord · · Score: 5, Informative

    From what few details I have gathered it was an attack on Apache Struts that allowed the attackers to siphon data slowly over a period of time. I haven't seen any verified information about encryption or what was actually copied. My own personal speculation is the attacker got plain-text personal data that leaked out of some API.

  3. Put them out of bussiness by goombah99 · · Score: 5, Informative

    This is a real golden oportunity to finally rebalance the exposure to risk that amassing large data stores creates. Right now all of the risk is on the subject (you) of the data bases and there's almost no liability for the data base holder. Their only liablity comes from public good will not financial liability.

    The best possible outcome in this case is to sue Equifax out of existence. This particular instance is a gift int he sense that equifax disappearing would not harm society at all since it's function are handled redunantly and competitively by two other companies. Anything short of annihilating the company is too little.

    The reasons is those two other companies , and by extention all data base holders, need to be on notice that they will suffer financial liability not just good-will liability

    To understand the status quo better, and to see why this case in particular makes extinction the ideal remedy look at how every data breach to date has been handled in the past.

    there's two ways to deal with data breaches
    1. Credit freeze. (prevents credit accounts from being opened by denying credit reports to inquiring creditors).
    2. Credit monitoring (they let you know after the fact that tour credit just got robbed)

    The latter is nearly free to implement but has almost no value to the injured consumer. The former, the credit freeze, actually fixes the problem, puts power in the hands of the consumer but has the downside that it costs lots of money to implement. (the reason one has to pay for this is because the data base companies make money when they hand over your credit report to an inquiring creditor. If they can't hand it over they can't make any money off your data. Ergo, you have to pay them instead.)

    No one ever offers the Credit Freeze because it's expensive. In this particular case the company that would pay for the credit freeze is actually the one that makes money off these credit freezes and could not make any money if they had to freeze all of the accounts. They might as well not even exist as a company if 100% of their accounts had credit ffreezes

    Thus the proper remedy here is to require them, via class action lawsuits, to require credit freezes on 100% of the accounts. Even without extracting damage payments, this would likely cut their profits massively. And if they had to also pay the other two credit agencies for your credit freeze then they would have negative earnings. They would cease to exist without any tort penalties.

    This would be the perfect outcome for consumers and do no damage to our credit system.

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:Put them out of bussiness by Anonymous Coward · · Score: 2, Informative

      This would be the perfect outcome for consumers and do no damage to our credit system.

      Therefore, the chance of it happening is exactly 0%.

    2. Re:Put them out of bussiness by bigdavex · · Score: 3, Informative

      I froze my credit with all 3 agencies without paying anyone. I think there's an Indiana requirement.

      --
      -Dave
  4. Oh goodie... by CharlesAKAChuck · · Score: 5, Informative

    Would that be the Equifax breach from April 2013 to January 2014, or the Equifax breach from April 2016 to March 2017, or another one in May 2016, or another one from March 2016 to March 2017, or another one in January 2017, or the most recent one in July 2017?