Slashdot Mirror
Equifax Lobbied For Easier Regulation Before Data Breach (wsj.com)
WSJ reports: Equifax was lobbying lawmakers and federal agencies to ease up on regulation of credit-reporting companies in the months before its massive data breach. Equifax spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017, according to its congressional lobbying-disclosure reports. Among the issues on which it lobbied was limiting the legal liability of credit-reporting companies. That issue is the subject of a bill that a panel of the House Financial Services Committee, which oversees the industry, discussed the same day Equifax disclosed the cyberattack that exposed personal financial data of as many as 143 million Americans. Equifax has also lobbied Congress and regulatory agencies on issues around "data security and breach notification" and "cybersecurity threat information sharing," according to its lobbying disclosures. The amount Equifax spent in the first half of this year appears to be in line with previous spending. In 2016 and 2015, the company's reports show it spent $1.1 million and $1.02 million, respectively, on lobbying activities. While the company had broadly similar lobbying issues in those years, the liability matter was new in 2017.
They knew about the breach when they started lobbying for that. LONG before the poor schmucks were allowed to know about it.
-=This sig has nothing to do with my comment. Move along now=-
If this investment had been poured into their actual infrastructure and IT staff salaries they probably would not have had a breach. Instead they funnel it into lawyers....unbelievable.
... and that it happened a LONG time ago... long enough ago that they tried to get some legal protections from Congress before disclosing it.
This is criminal. Outright criminal. But, they're a bunch of jewish banksters, so they'll probably get another handout from Congress and a pat on the back for trying..
Equifax disclosed the cyberattack
Welcome to the age of "cyber war", where every crap system connected to the internet can hide under the umbrella of an "attack" rather than face the consequences of a complete disregard for properly designed information security.
If only they could have been freed from the yoke of these onerous, confusing regulations, this never would have happened!
---- The above post was generated by the Turing Institute. Maybe.
Then why in the world would you bother coming here?
Inertia.
"Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
Well, whipslash, that's because occasionally there is something interesting (actual news for nerds) posted here that's still worth reading. There aren't a lot of them, but once in awhile Slashdot has something useful. Thanks for asking, whipslash.
Your data wouldn't have been given to criminals if they had invested that $500K in security.
Anons need not reply. Questions end with a question mark.
Then why are you even here, you dumb shit? To have a place to spew your digital diarrhea? GTFO.
Your data wouldn't have been given to criminals if they had invested that $500K in security.
you are beyond-redemption-stupid if you think they would have spent money on security
I clearly remember the banks and Wall Street firms lobbying Bush and Congress not to implement any new regulations back in 2006. Their words were, more or less, any new regulations would kill their competitive nature on the world market. Trust us, we know what we're doing.
The following year we know what happened.
Now here we are again, with a very similar situation. Regulations are evil! Don't kill us with regulations, bro!
I can guarantee not a single executive at Equifax will go to jail or pay a fine. Further, every excuse imaginable will be given why requiring such breaches to be announced immediately should not be done.
In a few years, this will happen again and everyone will look around and ask, "How did this happen?"
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
You think maybe Equifax is exemplar of all the other credit reporting agencies? I think they might be. I think there needs to be some corporate nutsacks put on the congressional anvil, with liberal application of the judicial sledgehammer over this, to ALL of them. It's bad enough that jackass businesses like Facebook and Google and ISPs are invading our privacy, but companies like these credit reporting agencies MUST BE ABOVE REPROACH AT ALL TIMES OR THEY ARE WORSE THAN USELESS. It is totally, completely unacceptable that this happened at all and it has to STOP.
Its normally quite good for the public, though you couldn't convince them of that since they get their swill from big media.
These clowns want access to our data, with which broad reaching decisions about our lives will be made ... but they want to do it in such a way that they have no responsibilities or liabilities in the event they prove to be incompetent morons. Oh wait, they've just been proven to be incompetent morons.
Capitalism is inherently broken, because it assumes people aren't lying, greedy bastards; the problem is time and time again we see that isn't true. You can't have capitalism without regulation, because the free market is a lie, it can't address certain kinds of problems, and when companies are proved to be liars or incompetent it's the consumer who suffers. You have to assume all of the actors are gaming the system, and not stupidly assume the market will fix these things. Because gaming the system is what it is all about.
If Equifax wants access to the banking data of millions of people, it bloody well needs to be regulated the same as a fucking bank. If they don't wish to be regulated, then they have no fucking business accessing this data.
None of us ever signed up with Equifax, they've essentially co-opted our data. And then they tried to argue they shouldn't have any liability. Sorry, but if your business model is built around collecting my data without my consent -- financially sensitive data -- then you don't get to exempt yourself from having a legal requirement to safeguard that data.
Fucking corporate assholes. Sadly, I'm sure some Republicans are all about removing regulations, and if the consumer gets fucked, too bad. Capitalism can really only serve society if society has it on a very short leash.
I firmly think that every C*O in the nation and their families should be doxed to hell and beyond. If they're going to play fast and loose with our data, let's show them what that's like.
If Equifax wants to have this data and not be covered under regulations, Equifax needs to cease to fucking exist.
The editors were fired years ago. Welcome to 2017, dice doesn't own this anymore. /. never broke much news.
Also,
And for like 10 years all stories have to live in the firehose until they get voted up.
Until at least late 2016, there was this hardcoded into their mobile app (http://www.apkmonk.com/app/com.equifax/):
UtilitiesHandler.java
static final String masterKey = "EqUiFaX2468";
Not quite "1...1!...2....2!..." but it's pretty darn close.
To be fair, I couldn't tell if it's actually ever used in the mobile app. It seems like the kind of intentionally stupid/obvious password-but-not-really-a-password string you'd leave hanging around in a file on the network if you were tuning your DLP. (The full Zip code of the company is 30309-2468 so the "plus 4" is probably where the ending came from.)
The parent comment was posted by an editor. Stay classy, Slashdot.
We should just accept that the more of your information is stored on servers the higher the risk of it being harvested. Doesn't help that these companies withhold breeches for such a long time before even notifying anyone including the people affected. I won't take much action now, its too late to bail out a ship already sinking.
They said this data breach took place from May through July. How exactly does one miss terabytes, possibly petabytes of data being transferred to an IP address outside of your network for 3 months? I mean to me this sounds like either the hackers were god like in their ability to hide what they were doing, or the people whose job it was to prevent these things from happening, simply didn't give a shit.
If there were no regulations, this would never have happened, and we would all enjoy perfect internet security.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Corporations minimize/externalize expenses and regulations are another way of achieving that. How much money did other credit agencies spend lobbying for less regulation? Governments need to post lists naming the regulations that lobbyists/corporations want to delete. I doubt there will be any way to avoid the "less regulation will help our customers" propaganda that's been proven false every time it was applied to the finance/credit industry.
Imagine what $500k could buy for labor, software, maintenance and expertise? F-tards. I'm so sick of stupid (corrupt) people in leadership positions.
Laying off Credit Bureaus is part of a larger bill in hearings right now to reduce regulations and “make American business competitive”. Check it out.
Sorry that this is a bit of a tangential question to the OP...
I notice that the amount of "lobbying" being reported in the media seems to be on the rise again, perhaps after a bit of a post-2008 lull.
However, it really isn't clear what is permitted as "legal" lobbying and what is considered "illegal"? Is this in-person requests for meetings to put forward a case? Is this industry-funded "research" offered up as candidate for government policy? Is this the offer of all-expenses-paid "junkets" to take law-makers on expensive trips to "see for themselves" [and be wined and dined in the process].
Forgive the cynicism, but I've reached a point where any time I read "lobbying" my brain substitutes "illegal bribery"... I wondered if anyone could point me at guidelines that help show what is permitted vs not permitted, and/or where this is tracked and monitored for compliance?
Given that the two places with the most lobbyists are Washington and Brussels, it is getting increasingly difficult to see how regular citizens are being properly represented at the "legislative table". Interested in any analysis of that, too...
They should have spent the 500,000$ on system security instead of lobbying. We all would be better off.
They'd rather spend half a million dollars on lobbying versus spending it on InfoSec? Talk about perverted priorities.
Which is slower? Slashdot editors reporting news or Equifax reporting the data breach? The editors are garbage and should be fired. Slashdot is about as worthless as the site to check if your data was compromised in the Equifax data breach.
Yeah, you're totally not getting your money's worth on this site!
Well, whipslash, that's because occasionally there is something interesting (actual news for nerds) posted here that's still worth reading. There aren't a lot of them, but once in awhile Slashdot has something useful. Thanks for asking, whipslash.
So read the articles that interest you and don't read the ones that don't...