Slashdot Mirror
Government Officials Begin Investigating Equifax Breach (thehill.com)
An anonymous reader quotes the Hill:
The massive breach of credit rating firm Equifax is attracting scrutiny from government officials across the country. Lawmakers from both parties have expressed concern over the hack, which could have left vulnerable sensitive personal information for as many as 143 million people. The New York, Pennsylvania and Illinois attorneys general have announced formal investigations into the hack...
The Senate Commerce Committee announced on Thursday that it sent a letter to Equifax seeking answers about the extent of the breach and what Equifax is doing to mitigate its impact. In the House, Financial Services Committee Chairman Jeb Hensarling (R-Texas) said that his committee would hold a hearing on the hacks at a to-be-determined date. Hensarling noted in a statement that such breaches are becoming "too common" and that consumers "deserve answers." House Energy and Commerce Committee Chairman Greg Walden (R-Ore.) said that his committee would hold a separate hearing on the matter as well.
The Senate Commerce Committee announced on Thursday that it sent a letter to Equifax seeking answers about the extent of the breach and what Equifax is doing to mitigate its impact. In the House, Financial Services Committee Chairman Jeb Hensarling (R-Texas) said that his committee would hold a hearing on the hacks at a to-be-determined date. Hensarling noted in a statement that such breaches are becoming "too common" and that consumers "deserve answers." House Energy and Commerce Committee Chairman Greg Walden (R-Ore.) said that his committee would hold a separate hearing on the matter as well.
that they will find something and some one (or group) who held accountable of the breach. Though, often times, this kind of investigation is just a political stunt to show constituents that they have done something. Nothing will be found, done, or changed according to the history...
So their breach just put the entire population at significantly increased risk of identify theft. There definitely should be consequences and the government is the only recourse the consumers have since they are not direct customers of Equifax, nor will anyone ever be able to prove their identify theft was directly due to Equifax's breach, so they cannot individually sue Equifax.
Maybe the fines should be whatever it costs to re-issue new social security (or social insurance in Canada) numbers to everyone, including costs of managing the transition. Yea, I know this may sink Equifax as a company, so be it - lesson for the other guys to secure the data or maybe to not collect it in the first place. Maybe there is such a thing as too dangerous to collect and keep in one company. Kind of like banks and companies that are too big to fail.
Are we sure it was ONLY US data/personal information that was leaked?
Personally I would not be in any way surprised, if it's uncovered in a few weeks time, that personal information from other countries was also in the leak.
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
I just click here and my banking is done. I just click here and I bought that new iPad. And I just click here and ... Hey! where'd all my money go?
We read daily that the internet functions on our data. We hear constantly, "we are the products, our data is the product."
We are going to hear a million reasons why now this data isn't so valuable. We already see their attempt to flush everyone their "credit monitoring" sham. No one can sue the company in any meaningful way. There are no real remedies that exist for really anyone.
We all do a huge portion of our business online. This hack hits at the true heart of the internet, if we can't figure out who is who, you can not make a transaction. Our internet identities are a very real extension of our physical identities.
This reeks of every single issue that we all see today, from Terms of Service being forced onto folks, one sided contracts that only favor a large company we are forced to deal with whether you want to or not, companies using and selling our data that we have nothing to do with. We are just a commodity, and this really should make everyone feel exactly that.
At what point is having part of us sold and traded ok? Is this where we find out?
Hypocrisy is about to rain down hard. We will not see any meaningful change. We will see all of these folks tell us that in essence, while we can be arrested and profiled online, that our personal data that is essentially "who we are" online, doesn't have the same protections as our person.
...Is congress needs to pass legislation that gives a process to people that allows them to collect damages from lenders that lend to criminals. Such a process needs to burden the lender with proving a debtor owes this money, and that it was actually they who requested such a loan. If they cannot, then if they attempt to collect on such a debit, they can be liable for damages. Probably not a large sum, possibly just a (small) percentage of the loan they gave away to the crook. Of course more aggravated attempts might warrant larger sums. Much such a process require that the fiscal institution cannot collect and store. So that each application must be independently vetted, each time.
Some side effects: More stringent identification taken to link documents to people. Loan processes taking much longer, and people who cannot vet themselves to an institutions satisfaction not receiving loans. An entire new system or vendors and providers revolving around bio metric verification. Also, higher loan rates because they will pass these costs onto the consumer. Less loans in total.
"...whenever any Form of Government becomes destructive...it is the Right of the People to alter or to abolish it..."
From what few details I have gathered it was an attack on Apache Struts that allowed the attackers to siphon data slowly over a period of time. I haven't seen any verified information about encryption or what was actually copied. My own personal speculation is the attacker got plain-text personal data that leaked out of some API.
This is a real golden oportunity to finally rebalance the exposure to risk that amassing large data stores creates. Right now all of the risk is on the subject (you) of the data bases and there's almost no liability for the data base holder. Their only liablity comes from public good will not financial liability.
The best possible outcome in this case is to sue Equifax out of existence. This particular instance is a gift int he sense that equifax disappearing would not harm society at all since it's function are handled redunantly and competitively by two other companies. Anything short of annihilating the company is too little.
The reasons is those two other companies , and by extention all data base holders, need to be on notice that they will suffer financial liability not just good-will liability
To understand the status quo better, and to see why this case in particular makes extinction the ideal remedy look at how every data breach to date has been handled in the past.
there's two ways to deal with data breaches
1. Credit freeze. (prevents credit accounts from being opened by denying credit reports to inquiring creditors).
2. Credit monitoring (they let you know after the fact that tour credit just got robbed)
The latter is nearly free to implement but has almost no value to the injured consumer. The former, the credit freeze, actually fixes the problem, puts power in the hands of the consumer but has the downside that it costs lots of money to implement. (the reason one has to pay for this is because the data base companies make money when they hand over your credit report to an inquiring creditor. If they can't hand it over they can't make any money off your data. Ergo, you have to pay them instead.)
No one ever offers the Credit Freeze because it's expensive. In this particular case the company that would pay for the credit freeze is actually the one that makes money off these credit freezes and could not make any money if they had to freeze all of the accounts. They might as well not even exist as a company if 100% of their accounts had credit ffreezes
Thus the proper remedy here is to require them, via class action lawsuits, to require credit freezes on 100% of the accounts. Even without extracting damage payments, this would likely cut their profits massively. And if they had to also pay the other two credit agencies for your credit freeze then they would have negative earnings. They would cease to exist without any tort penalties.
This would be the perfect outcome for consumers and do no damage to our credit system.
Some drink at the fountain of knowledge. Others just gargle.
After that they will be made to sit in the comfy chair!
love is just extroverted narcissism
It finally hit home and some congresscritters were affected by the fallout.
Good.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Some politicians just found out that their personal information was used to steal their ID. Why should they get active any sooner?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If it was at least a slap. Usually what they get is a pat on the hand and a "there, there..."
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'm pretty sure there have. Why else should there be an investigation?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
It would be nice to be able to issue an authorisation token with the credit agency and pass that to the institution that wants to search my file. Don't have the token? No search, go away.
"Everybody's naked underneath" -- The Doctor
Would that be the Equifax breach from April 2013 to January 2014, or the Equifax breach from April 2016 to March 2017, or another one in May 2016, or another one from March 2016 to March 2017, or another one in January 2017, or the most recent one in July 2017?
The massive breach of [insert] is attracting scrutiny from government officials across the country. Lawmakers from both parties have expressed concern over the hack, which could have left vulnerable sensitive personal information for as many as [insert] million people. The [insert], [insert] and [insert] have announced formal investigations into the hack... The [insert] announced on [insert] that it sent a letter to [insert] seeking answers about the extent of the breach and what [insert] is doing to mitigate its impact. In the House, [insert] Committee Chairman [insert] ld a hearing on the hacks at a to-be-determined date. [insert] noted in a statement that such breaches are becoming "too common" and that [people] "deserve answers." House [insert] and [insert] Committee Chairman [insert] said that [his/her] committee would hold a separate hearing on the matter as well.
I don't care if I get a dime. If the lawyers get it all, but we succeed in anihilating Equifax then I will benefit. All future datebases will take into the account the finincial liability they face if they don't do security right. I win from that. It's not a $10 rebate I want.
Some drink at the fountain of knowledge. Others just gargle.
Credit freezes are hilarious when you think about what they mean.
When I have frozen credit, that means that you can't loan me money without first authenticating me and getting my authorization.
So.. what does unfrozen credit mean?
"Believe me!" -- Donald Trump
1. Immediately protect ALL customers by allowing users to lock and unlock their profiles across all the major credit bureaus at ZERO cost the user.
2. Provide lifelong monitoring of profiles and credit activity at ZERO cost.
3. Investigate the insider trading.
4. Remove protections for Equifax against class action lawsuits for any damages that result.
5. Figure out who the F allowed this happen. I am betting an insider did it.
Then, establish a CENTRAL system to coordinate credit activity (but, not have the profiles themselves) so that protection of one's credit is a very simple process.
“We have this category that Equifax calls unhandled malware, [with] which traditional security approaches haven’t been very helpful. Putting in FireEye has really helped us detect this unhandled malware, then gives us the capability to take action to stay secure.” Tony Spinelli, SVP and CSO of Equifax
An email address that I used ONLY for Equifax started getting spammed in 2011. They were breached back then. I contacted their customer service to report it and their response was that I needed to contact my email provider to check my spam settings.