Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax Lobbied For Easier Regulation Before Data Breach (wsj.com)

Posted by msmash on from the more-details-emerge dept.

WSJ reports: Equifax was lobbying lawmakers and federal agencies to ease up on regulation of credit-reporting companies in the months before its massive data breach. Equifax spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017, according to its congressional lobbying-disclosure reports. Among the issues on which it lobbied was limiting the legal liability of credit-reporting companies. That issue is the subject of a bill that a panel of the House Financial Services Committee, which oversees the industry, discussed the same day Equifax disclosed the cyberattack that exposed personal financial data of as many as 143 million Americans. Equifax has also lobbied Congress and regulatory agencies on issues around "data security and breach notification" and "cybersecurity threat information sharing," according to its lobbying disclosures. The amount Equifax spent in the first half of this year appears to be in line with previous spending. In 2016 and 2015, the company's reports show it spent $1.1 million and $1.02 million, respectively, on lobbying activities. While the company had broadly similar lobbying issues in those years, the liability matter was new in 2017.

68 of 104 comments (clear)

  1. They knew by Calydor · · Score: 5, Insightful

    They knew about the breach when they started lobbying for that. LONG before the poor schmucks were allowed to know about it.

    --
    -=This sig has nothing to do with my comment. Move along now=-
    1. Re:They knew by Anonymous Coward · · Score: 1

      It sure looks that way. They need to be made an example of by Congress, regardless of who they have in their pocket already.

    2. Re:They knew by PolygamousRanchKid+ · · Score: 2

      They knew about the breach when they started lobbying for that.

      How do we even know if this was a "breach" at all . . . ? Maybe some folks at Equifax were just following the Facebook and Google business model, and were just selling "information services" on the side . . . ?

      Hey, the old, time-tested methods work best: You want something? Bribe or blackmail someone. It works all the time.

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    3. Re:They knew by mi · · Score: 1

      Maybe. But what we can claim with certainty is that the existing regulations did not help prevent the breach...

      --
      In Soviet Washington the swamp drains you.
    4. Re:They knew by HiThere · · Score: 2

      No. We can claim that they did not prevent the breach, but they may well have delayed it or made it more difficult.

      That said, they clearly don't suffice. The executives and management should be held personally responsible for the time, effort, and financial damages that this breach caused to every single individual affected, including only those who had to spend time figuring out how to try to deal with it. At a reasonable hourly rate, say the average hourly rate of the corporation management (figured from their salary and their nominal working time).

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    5. Re:They knew by MickyTheIdiot · · Score: 5, Insightful

      The corporate death penalty, i.e. the loss of charter, needs to be a thing. The possibility of all the stock becoming worthless would be a great tool in getting corporations to actually follow the law.

      However since we have a congress that is OWNED by corporations there isn't a way for it to happen.

    6. Re:They knew by GLMDesigns · · Score: 1

      Really?

      I didn't read the article - but was their request for deregulation regarding security standards or in something else.

      If it's something else then the request is irrelevant,

      --
      If you're scared of your govt then you need to further restrict its powers
      Vote 3rd Party in 2016 and beyond
    7. Re:They knew by MickyTheIdiot · · Score: 5, Insightful

      The executives and management should be held personally responsible

      Though I agree in this case, this is a dangerous line of thinking — not entirely unlike blaming a rape victim for wearing too short a skirt...

      This is the worst simile I have EVER seen on Slashdot. That's saying a lot.

      The corporate CxOs are NOT the victim in this scenario. The corporate worshipers on /. and the Internet love to tell us that the executives deserve huge pay packets because they are responsible. However in *every case* when something happens that hurts thousands of people they are always don't know what happened. Executives hold responsibility and deserve what they are paid or they don't know what is going on and they are overpaid. You can't have it both ways.

      The CxOs were the benefactors of the malfeasance. Calling them rape victim is idiotic.

    8. Re:They knew by phantomfive · · Score: 1

      They need to be made an example of by Congress,

      That's always the wrong approach. It makes the mob of people feel good, even if they get the wrong person, but it doesn't cause any long-term change. What we need is a change in laws so this thing doesn't happen in the future. For one thing, they could have done a better job on security.

      --
      "First they came for the slanderers and i said nothing."
    9. Re:They knew by Anonymous Coward · · Score: 1, Insightful

      Though I agree in this case, this is a dangerous line of thinking — not entirely unlike blaming a rape victim for wearing too short a skirt...

      I think your analogy is a bit flawed. Let me expand...

      EquiFax isn't the one wearing the short skirt. EquiFax is the pimp that forced their entire involuntary stable (those who's credit is checked) to wear short skirts as to be more attractive to the johns (those doing credit checks). The rapists (hackers) are certainly in the wrong but rape or no rape of the stable, the pimp is still in the wrong. The pimp forced the short skirts specifically to entice johns not as a fashion choice. Remember - nobody is in the stable by their own choice and nobody wears short skirts by their own choice.

      This is another case of one party making a decision about risk where they will enjoy any positive consequences but other people will be left to deal with any negative consequences. The word for the phenomenon is 'externality'.

      EquiFax was an accessory if not an accomplice to the crime so stop feeling sorry for them. The victims are the 'stable' who's information, stored against their choice, has been stolen.

    10. Re:They knew by hlavac · · Score: 1

      They need to be treated like a black man at a traffic stop.

      What, smile at them and engage in light conversation about weather? That doesn't seem appropriate at all!

    11. Re:They knew by Xest · · Score: 1

      Really? This sounds like stuff I'd expect vested interests to be lobbying for all the time regardless of the breach.

      Is there any reason to think a firm like this wouldn't want to be deregulated regardless of whether the breach happened or not?

      I'm not sure these two things are related, I think they were lobbying because they lobby for this sort of stuff all the time anyway. Is there any reason to think that lobbying for reduced regulation isn't the norm in this particular area of financial services as opposed to any other?

    12. Re:They knew by Calydor · · Score: 1

      The Summary wrote:

      While the company had broadly similar lobbying issues in those years, the liability matter was new in 2017.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    13. Re:They knew by muecksteiner · · Score: 2

      You would be surprised how fast people start to care a lot more about the performance and character of the CxOs of the companies they have in their 401k accounts once a total, sudden loss due to criminal activity on part of said CxOs becomes a reality.

    14. Re:They knew by muecksteiner · · Score: 1

      I would disagree with that. Nothing is going to change unless the crooks who are running that company are made examples out of. In person. In public. The only thing sociopaths like these vermin are actually afraid of is public humiliation, and loss of the hoard they are trying to amass. Nothing else works. These fuckers take pride in outsmarting a reasonable system. Time to up the stakes a bit.

    15. Re:They knew by Jason+Levine · · Score: 1

      The only thing people like this care about is money. If they can take an illegal action that nets them $1 billion and, if caught, pay a $1 million fine, they'll do it. If they can, they might even do it first and use some of the money to paying off... I mean lobbying politicians to make the action legal (or, at least, hard to prosecute).

      Something along the lines of an Equifax breach should mean that the executives in charge of the company are fined 10 years' worth of their compensation package (including, but not limited to, stock options and salary). Maybe if a decade's worth of their valuation goes up in smoke, they'd get the hint.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    16. Re:They knew by mi · · Score: 1

      The corporate CxOs are NOT the victim in this scenario.

      The point I fully agreed — and continue to agree — with. In this case.

      Executives hold responsibility and deserve what they are paid or they don't know what is going on and they are overpaid.

      You've prevailed over a strawman you yourself erected. Congratulations.

      The CxOs were the benefactors of the malfeasance.

      What malfeasance? The only indication we have of them having done anything wrong so far is the fact, their database was stolen. You may as well denounce a burglarized homeowner for having insufficiently strong walls.

      Calling them rape victim is idiotic.

      Which is, probably, why I didn't call them that. What I said was that blaming a victim of a crime for it simply on the basis the crime took place is a dangerous line of thinking — because some times such victims are completely innocent. Not this time. But some times. Get it?

      The person I was replying to stated, essentially, that the very fact of the breach proves — not "suggests", but proves — that the defensive measures were insufficient.

      --
      In Soviet Washington the swamp drains you.
    17. Re:They knew by sjames · · Score: 1

      Or more likely, that they get a lot more careful where they stick their retirement funds, and perhaps start demanding contractual obligations on fund managers to steer clear of criminal corporations.

    18. Re:They knew by phantomfive · · Score: 1

      I would disagree with that. Nothing is going to change unless the crooks who are running that company are made examples out of. In person. In public.

      You're the kind of person who crucifies the innocent in public, then goes on with your day feeling good, while the real crooks continue what they are doing. But at least you did something, right?

      There's a reason vigilante justice is bad, and it's because of people like you.

      --
      "First they came for the slanderers and i said nothing."
    19. Re: They knew by GuiRoo · · Score: 1

      If you wanted to hold the responsible parties accountable, you'd be going after sysadmins and developers who incorrectly configured / executed their tasks. Which reader here is ready to go to jail for making a mistake in their day to day duties?

    20. Re: They knew by HiThere · · Score: 1

      That may be reasonable ALSO. But many sysadmins don't have the right to control what they work on, so I can't be sure. It's definitely the case that the executives claimed responsibility while everything was (apparently) working well, and it appears that it was the executives who started selling their stock when the problem was detected. But even though the problem was detected, it wasn't fixed, so I suspect the sysadmins didn't have the right to fix it.

      Of course, it might be quite reasonable to charge them as "accessories before the fact".

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    21. Re: They knew by phantomfive · · Score: 1

      please elaborate how the equifax c-suite is innocent?

      Maybe they are, maybe they aren't: we have courts and processes for dealing with that, specifically created to avoid the problems of vigilantism.

      --
      "First they came for the slanderers and i said nothing."
    22. Re: They knew by GuiRoo · · Score: 1

      Those execs sold a small percentage of their holdings, and they know this stuff is public record. The total amount sold is less than any one of them makes in a given year (also public record). If this was malicious, or their golden parachute, why not sell all of it? Or even most of it? None of this makes any sense. It was either their financial advisors executing on their behalf (who wouldn't have known), or they didn't know. Nothing else makes any logical sense.

    23. Re: They knew by HiThere · · Score: 1

      You are right that I should be less definite that they had advance knowledge and took criminal advantage of it. Possibly the trades were scheduled ahead of time. Possibly they can be shown to not have known. (Though I'd be dubious about that. Gossip spreads in ways that aren't officially recorded.)

      However it was their *JOB* to know that things were being managed well. That's how they justify their fancy salaries. I'm not going to let them off the hook for this, unless I consider them criminally negligent in their duties to the stockholders. (Actually, I do consider them so criminally negligent, whether they knew about the break in before they sold their stock or not.)

      OTOH, it's also true that how I feel about them isn't going to affect what happens...and what I believe is going to happen is that if somebody in the company suffers significantly it's going to be a fall-guy who didn't volunteer for the role, and couldn't have prevented the incident.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    24. Re:They knew by DarthVain · · Score: 1

      I doubt they knew about that specific breach that long ago (or that it happened that long ago), otherwise why announce it now?

      It is more likely that they knew their security was a joke, and that they were very vulnerable and it was only a matter of time before something really bad happened.

      The worst part is that they spend millions lobbying government to limit their breach liability when they could have been spending that money on some security folks to do an audit of their systems and fix their actual problem. The fact that the former is seen as a better alternative than the later is surely a sign of what is wrong in the world...

  2. cyberattack? by Anonymous Coward · · Score: 4, Insightful

    Equifax disclosed the cyberattack

    Welcome to the age of "cyber war", where every crap system connected to the internet can hide under the umbrella of an "attack" rather than face the consequences of a complete disregard for properly designed information security.

  3. This will be proof that fewer regs are needed by sandbagger · · Score: 4, Insightful

    If only they could have been freed from the yoke of these onerous, confusing regulations, this never would have happened!

    --
    ---- The above post was generated by the Turing Institute. Maybe.
    1. Re:This will be proof that fewer regs are needed by 140Mandak262Jamuna · · Score: 2

      Dont forget "job killing". Every focus group research done by them have shown the value of that adjective. Always say job killling

      --
      sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    2. Re:This will be proof that fewer regs are needed by Anonymous Coward · · Score: 1

      >or to store it in a way that was predictable and insecure.

      You're saying there was a piece of law or regulation that demands insecurity? I'd love to see you point to it.

    3. Re:This will be proof that fewer regs are needed by JackieBrown · · Score: 1

      It's possible. What are their retention requirements? Do they have to be able to interface that data with other companies / government / people in a regulated determined time-frame?

      Adding more laws is not always the best way and it's just a knee-jerk reaction. Did they already break any laws or regulation? It needs to be determined if the existing rules don't work because of how it's enforced before adding on top of those. There are already so many regulations regarding this industry that no newcomer will ever be able to enter this market.

      In my city, touching your cell phone while driving is against the law - even if stopped at a traffic light. Unsafe and reckless driving was already illegal, did we really need to add another law on top of those? There is not a specific law against eating and driving, reading a book and driving, putting your make up on and driving.

    4. Re:This will be proof that fewer regs are needed by Required+Snark · · Score: 1

      Because your cell phone is a critical part of the financial infrastructure of the country you live in. Or is that an incorrect conclusion.

      --
      Why is Snark Required?
    5. Re:This will be proof that fewer regs are needed by JackieBrown · · Score: 1

      No - just an example of adding laws on top of laws rather than juts enforcing already existing ones.

  4. Re:This was reported days ago by Killall+-9+Bash · · Score: 1

    Inertia.

    --
    "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
  5. Re:That just means they knew about the breach... by Kierthos · · Score: 1

    I was under the impression that a company (at least in the U.S.) had 90 days from the point where they learned of the data breach to notify affected persons. It may vary from state to state though, as I know several states have laws about this. Apparently, the breach started in late May, but Equifax didn't discover it until July.

    So they are technically within that 90 days. (Assuming that I'm not pulling that impression from some poorly remembered article.) Some of the execs are still shady as hell for selling stock right before the data breach was announced, and the company certainly doesn't come off as looking very good overall, even before the lobbying story broke.

    But they were lobbying for this change before the data breach started. And they're hardly unique in lobbying Congress to make it harder for people to sue them.

    --
    Mr. Hu is not a ninja.
  6. Just think... by Gravis+Zero · · Score: 4, Insightful

    Your data wouldn't have been given to criminals if they had invested that $500K in security.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:Just think... by fustakrakich · · Score: 2

      Sorry, but they are the criminals. What they call a "breach", I would call a sale. Why should we believe this was an accident?

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:Just think... by markdavis · · Score: 5, Insightful

      >"Your data wouldn't have been given to criminals if they had invested that $500K in security."

      Actually, according to the summary, they spent at least $2.6 MILLION dollars in just the last 2.75 years, alone. Imagine how much that money COULD have done if they had used it to hire a few good security engineers and made meaningful changes.

    3. Re:Just think... by CaptainDork · · Score: 2

      Well said.

      Security will not be historical subject until after serious litigation.

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:Just think... by tlhIngan · · Score: 4, Interesting

      Actually, according to the summary, they spent at least $2.6 MILLION dollars in just the last 2.75 years, alone. Imagine how much that money COULD have done if they had used it to hire a few good security engineers and made meaningful changes.

      You guys are looking at it the wrong way. You're looking at it as a victim, you should look at it as what it brought them.

      With this one breach, that $2.6M is now completely wasted - in fact, it's even worse since it's now achieving the opposite effect - instead of trying to buy reduced scrutiny, their failure to spend on security is working against their campaigning. Even worse, it's brought government scrutiny on all the credit reporting agencies, with increased regulation likely the result.

      By failing to spend on security, Equifax has basically made life in their industry much harder for everyone. Ezperian and TransUnion should be applying peer pressure for making it much more expensive to do business now.because any law that comes down, any scrutiny that happens will apply equally to all three of them.

      And financial institutions HATE government oversight.; When "too big to fail" banks started having government oversight as required by their bailout packages, they couldn't get rid of them fast enough.

      That's how you're supposed to frame it. Protecting your data? You're not worth that much to them. But ensuring their future is free of government oversight and extra regulation? That's something that does affect them directly and the cost of doing business

    5. Re:Just think... by Zxern · · Score: 1

      Awww you're so optimistic. Considering the stupidly short attention span of the average American, this will be long forgotten before any kind of law or regulation can even be written let alone brought up for a vote.

    6. Re:Just think... by Cederic · · Score: 1

      I think it's reasonable to assume that Equifax spend significantly more than that on security professional employees, more than that on security consultants and service providers, substantially more than that on security infrastructure and probably around that much on audit for all of the above.

  7. how dumb can you get? by Anonymous Coward · · Score: 1

    Your data wouldn't have been given to criminals if they had invested that $500K in security.

    you are beyond-redemption-stupid if you think they would have spent money on security

  8. Re:Investment by Archangel+Michael · · Score: 3, Insightful

    Actually, the cost of doing business it is always cheaper for lawyers than just about anything else. Lawyers keep you out of Legal Danger (or at least are supposed to).

    And until the Corporate board and the CxOs and the Shareholders are held accountable, nothing will actually change.

    The only way to solve this problem is start charging the bigwigs at the top for criminal negligence of the corporate culture they foster. Followed by Corporate Death Penalty where the corporate charter is revoked. When shareholders are caught empty handed with nothing to show, they will DEMAND corporations uphold their due diligence and actually start protecting their data.

    Lastly, I would suggest that the default nature of Credit is keeping it in a frozen state. It should take extraordinary effort to open credit account.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  9. Sounds familiar by smooth+wombat · · Score: 4, Insightful

    I clearly remember the banks and Wall Street firms lobbying Bush and Congress not to implement any new regulations back in 2006. Their words were, more or less, any new regulations would kill their competitive nature on the world market. Trust us, we know what we're doing.

    The following year we know what happened.

    Now here we are again, with a very similar situation. Regulations are evil! Don't kill us with regulations, bro!

    I can guarantee not a single executive at Equifax will go to jail or pay a fine. Further, every excuse imaginable will be given why requiring such breaches to be announced immediately should not be done.

    In a few years, this will happen again and everyone will look around and ask, "How did this happen?"

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    1. Re:Sounds familiar by Tablizer · · Score: 2

      The USA is mostly a bribocracy at the federal level, plain and simple. Both parties are culprits. If you don't kiss up to those who give campaign donations, you get less campaign money and lose elections. It's legalized political prostitution and Americans should be ashamed of such a system.

      --
      Table-ized A.I.
    2. Re:Sounds familiar by Required+Snark · · Score: 2
      The people who run our economy act like meth freaks with rabies where meth == money and rabies == corporate greed.

      Until there is a general understanding that big business is not a noble pursuit, but a socially sanctioned form of criminal activity, we will continue to suffer this kind of crap. The basic assumption should be that corporations always become corrupt and that the law exists to root out that corruption.

      There must be accountability for organizations and the people in charge of those organizations. This means if you are in the executive suite or the boardroom and the company commits crimes that you will end up in jail and penniless. Nothing short of that will have any impact. Investors must also be put at risk; if the company goes over the line they should loose their entire investment. That way they will be keep an eagle eye on the management and keep them honest.

      Note that this is exactly the opposite of our current system. The people at the top of the corporate pyramid pay themselves vast sums of money while they take insane risks so they can gouge even more money. When it all goes sour they keep their fortunes and investors and taxpayers pick up the tab. All this occurs at the same time the same companies engage in international tax avoidance schemes that might as well be evil magic.

      Don't believe me? We are in a yet another bubble and the next crash will happen before 2020, and perhaps as early as next year. And like the last time corporate malfeasance will be the cause.

      --
      Why is Snark Required?
  10. Hangin's too good for 'em by Rick+Schumann · · Score: 5, Insightful

    You think maybe Equifax is exemplar of all the other credit reporting agencies? I think they might be. I think there needs to be some corporate nutsacks put on the congressional anvil, with liberal application of the judicial sledgehammer over this, to ALL of them. It's bad enough that jackass businesses like Facebook and Google and ISPs are invading our privacy, but companies like these credit reporting agencies MUST BE ABOVE REPROACH AT ALL TIMES OR THEY ARE WORSE THAN USELESS. It is totally, completely unacceptable that this happened at all and it has to STOP.

    1. Re:Hangin's too good for 'em by Anonymous Coward · · Score: 1

      If the govt. will not do it, I just hope they get sued into Chapter 7 liquidation. No more Equifax. It's the only solution that will result in real change.

    2. Re:Hangin's too good for 'em by bgalbrecht · · Score: 1

      In the mean time, everyone should freeze their credit information at all 4 credit reporting companies (Equifax, Experian, Transunion and Innovis which is more for fraud detection), and when they need to unfreeze their credit information, only unfreeze it at the other companies and never unfreeze it at Equifax. Between lawsuits and being unable to provide credit information to lenders, they'll lose money.

  11. regulation is always bad for business by Revek · · Score: 4, Insightful

    Its normally quite good for the public, though you couldn't convince them of that since they get their swill from big media.

    1. Re:regulation is always bad for business by HiThere · · Score: 4, Insightful

      It's normally good for the public until regulatory capture happens. Then it continues to be slightly less bad for the public...but often only slightly.

      Regulators need to be forbidden to accept payments from the groups they regulate not only while in office, but also after leaving. And that includes jobs.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  12. Bastards ... by Anonymous Coward · · Score: 1

    These clowns want access to our data, with which broad reaching decisions about our lives will be made ... but they want to do it in such a way that they have no responsibilities or liabilities in the event they prove to be incompetent morons. Oh wait, they've just been proven to be incompetent morons.

    Capitalism is inherently broken, because it assumes people aren't lying, greedy bastards; the problem is time and time again we see that isn't true. You can't have capitalism without regulation, because the free market is a lie, it can't address certain kinds of problems, and when companies are proved to be liars or incompetent it's the consumer who suffers. You have to assume all of the actors are gaming the system, and not stupidly assume the market will fix these things. Because gaming the system is what it is all about.

    If Equifax wants access to the banking data of millions of people, it bloody well needs to be regulated the same as a fucking bank. If they don't wish to be regulated, then they have no fucking business accessing this data.

    None of us ever signed up with Equifax, they've essentially co-opted our data. And then they tried to argue they shouldn't have any liability. Sorry, but if your business model is built around collecting my data without my consent -- financially sensitive data -- then you don't get to exempt yourself from having a legal requirement to safeguard that data.

    Fucking corporate assholes. Sadly, I'm sure some Republicans are all about removing regulations, and if the consumer gets fucked, too bad. Capitalism can really only serve society if society has it on a very short leash.

    I firmly think that every C*O in the nation and their families should be doxed to hell and beyond. If they're going to play fast and loose with our data, let's show them what that's like.

    If Equifax wants to have this data and not be covered under regulations, Equifax needs to cease to fucking exist.

    1. Re: Bastards ... by GuiRoo · · Score: 1

      The credit bureaus are regulated just like a bank. And how do you think they get their data? Your bank sends it to them. And the way the laws and regulations are currently written, it's not YOUR data. It may be data about you, but you do not own it. If you want to change something, change that.

  13. I have the same combination on my luggage! by xxxJonBoyxxx · · Score: 4, Interesting

    Until at least late 2016, there was this hardcoded into their mobile app (http://www.apkmonk.com/app/com.equifax/):

    UtilitiesHandler.java
                    static final String masterKey = "EqUiFaX2468";

    Not quite "1...1!...2....2!..." but it's pretty darn close.

    To be fair, I couldn't tell if it's actually ever used in the mobile app. It seems like the kind of intentionally stupid/obvious password-but-not-really-a-password string you'd leave hanging around in a file on the network if you were tuning your DLP. (The full Zip code of the company is 30309-2468 so the "plus 4" is probably where the ending came from.)

    1. Re:I have the same combination on my luggage! by Xyrus · · Score: 2

      It's all a plot. Cause a massive leak and that forces everyone to freeze their credit reports. Charge $60 a pop to lock and unlock them. Bam, instant profit.

      --
      ~X~
  14. A side effect of everybody having your data by Anonymous Coward · · Score: 1

    We should just accept that the more of your information is stored on servers the higher the risk of it being harvested. Doesn't help that these companies withhold breeches for such a long time before even notifying anyone including the people affected. I won't take much action now, its too late to bail out a ship already sinking.

  15. My question about this mess is... by Stomper_Stoddard · · Score: 2

    They said this data breach took place from May through July. How exactly does one miss terabytes, possibly petabytes of data being transferred to an IP address outside of your network for 3 months? I mean to me this sounds like either the hackers were god like in their ability to hide what they were doing, or the people whose job it was to prevent these things from happening, simply didn't give a shit.

    1. Re:My question about this mess is... by Ol+Olsoc · · Score: 2

      They said this data breach took place from May through July. How exactly does one miss terabytes, possibly petabytes of data being transferred to an IP address outside of your network for 3 months? I mean to me this sounds like either the hackers were god like in their ability to hide what they were doing, or the people whose job it was to prevent these things from happening, simply didn't give a shit.

      Hiring people to monitor this stuff costs money, and why punish the shareholders with a cost cernter? This will all self correct anyhow, amirite?

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  16. Re:Investment by MickyTheIdiot · · Score: 4, Insightful

    The constant whine about regulations when as a country we pretty much allow our large corporations to get away with anything is rather tiresome.

  17. Well duh! by Ol+Olsoc · · Score: 3, Funny
    Regulations are bad and regressive! Business always self polices itself better, and the invisible hand of the free market is never wrong, and always self correcting.

    If there were no regulations, this would never have happened, and we would all enjoy perfect internet security.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  18. Re:That just means they knew about the breach... by jafiwam · · Score: 2

    You are taking their word for when the breach started? LOLOLO ahaha ahaqhaa !! Aren't you cute.

  19. Still Gonna Happen by mschwanke97402 · · Score: 1

    Laying off Credit Bureaus is part of a larger bill in hearings right now to reduce regulations and “make American business competitive”. Check it out.

  20. Question on "Lobbying" by ytene · · Score: 1

    Sorry that this is a bit of a tangential question to the OP...

    I notice that the amount of "lobbying" being reported in the media seems to be on the rise again, perhaps after a bit of a post-2008 lull.

    However, it really isn't clear what is permitted as "legal" lobbying and what is considered "illegal"? Is this in-person requests for meetings to put forward a case? Is this industry-funded "research" offered up as candidate for government policy? Is this the offer of all-expenses-paid "junkets" to take law-makers on expensive trips to "see for themselves" [and be wined and dined in the process].

    Forgive the cynicism, but I've reached a point where any time I read "lobbying" my brain substitutes "illegal bribery"... I wondered if anyone could point me at guidelines that help show what is permitted vs not permitted, and/or where this is tracked and monitored for compliance?

    Given that the two places with the most lobbyists are Washington and Brussels, it is getting increasingly difficult to see how regular citizens are being properly represented at the "legislative table". Interested in any analysis of that, too...

    1. Re:Question on "Lobbying" by MoarSauce123 · · Score: 1

      There should be no lobbying where money changes hands (like Boehner did when handing out checks from the tobacco lobby on the House floor) and all and every lobbying activity has to be publicly announced at least a week before it takes place. Can't have democracy without transparency.

    2. Re:Question on "Lobbying" by ytene · · Score: 1

      I think we can agree on that. However, let me give you a different scenario. Suppose you are a Senator or Congressperson and I come to you and say, "Look, there is a small trade association meeting taking place in a couple of months. All in the public eye and nothing behind closed doors. We'd like you to come along given your role on [such and such] committee. We're going to be based at the Florida Disney resort, in the main resort hotel. We're happy to cover the cost of your flights and because this takes place during a school holiday, you would be welcome to bring your family and let them loose in Disney while you're working with us. The meeting is scheduled to take one or two days, but we're going to book for a week, just in case..." [Nudge, nudge, wink, wink...]...

      Now, no money has changed hands. I haven't "given" you a dime. Instead what I've done is given you a week's free holiday in Florida Disney in return for a day of intense lobbying at something I want you to agree to... And the best bit is, I didn't lobby you at all. I just invited you to attend an industry conference.

  21. A-holes! by MoarSauce123 · · Score: 1

    They should have spent the 500,000$ on system security instead of lobbying. We all would be better off.

  22. So wait a minute by kilodelta · · Score: 1

    They'd rather spend half a million dollars on lobbying versus spending it on InfoSec? Talk about perverted priorities.

    1. Re:So wait a minute by The123king · · Score: 1

      They were quite obviously trying to shut the barn door after the horse bolted. No point spending money of infosec when all the info has already been stolen.

      --
      If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat