Slashdot Mirror
In a Highly Unusual Move, FTC Confirms It Is Investigating Equifax (reuters.com)
The Federal Trade Commission (FTC) on Thursday confirmed it is investigating Equifax's handling of a data breach affecting 143m Americans. "The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach," said Peter Kaplan, the commission's acting director of public affairs. Washington Post reporter tweeted: "To put a finer point on it, this is really, really unusual -- the FTC hardly ever says anything about ongoing probes."
Slap on the wrist, formal apology issued, dinner and drinks at the White House with the executives of the company so that they can swear fealty, and back to #MAGA. Next problem? This is easy.
It would be surprising is there WASN'T an investigation given Equifax has credit and personal info on a huge number of the US population and controls credit access of virtually the entire country. Probably should have been more government monitoring for security which I would guess will occurs after a post-mortem of this incident.
"Imagination is more important than knowledge" - Einstein
Since politicians' identities were compromised along with the unwashed masses, OF COURSE they are going to investigate and make it known.
Probably should have been more government monitoring for security which I would guess will occurs after a post-mortem of this incident.
Seriously, you really think governments care about folks having their data leaked? If top govt execs info was leaked, then maybe we would get something real, but right now, all we'll see is a fake investigation with, as usual, no one going to jail or paying fines.
based on the number of records leaked, there's a good 40% chance per top govt exec that their info WAS leaked
What makes you think that politicians' identities are exempt from this breach?
The head of the FCC is a former Verizon lawyer who is opposed to net neutrality and for allowing ISPs to sell your personal data without you being aware of it.
I guess this is what MAGA means.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
It would be surprising is there WASN'T an investigation given Equifax has credit and personal info on a huge number of the US population and controls credit access of virtually the entire country.
I'm not sure that the FTC actually cares about the data that was leaked. On the other hand those allegations of insider trading due to the breach are certainly to interest to them.
I am Slashdot. Are you Slashdot as well?
To see if there were any casualties in the wreckage
Still we don't know for sure. Maybe their sensitive info is kept in a special, non publicly accessible database. I mean, I don't think Trump, Obama, Bush or Clinton's credit record can really be accessed by usual means. If so, I'd say it is fuc*ing careless.
If the trend means anything, some low level engineer who was hired after the project rolled out will be made an example of, the executives will get huge bonuses for making great improvements in security, and media will spin it to sound like it was all Trump's fault and that Hillary would have prevented it.
I support the death penalty. So much, in fact, that I want to see Equifax executed - in this case, by having its corporate charter revoked. They're not "too big to fail". They're not providing a valuable product to our economy. They're not America's Last Great Hope at manufacturing or anything like that. They're a rent-seeking parasite on the economy who obviously can never again be trusty with the weaponizable data they collect on everyone who lives here. Cut off its head - sacrifice it on the altar of accountability and justice - and call it done.
And as we'd lock up a street-level criminal until their trial, Equifax should be imprisoned by having its bank accounts and stock trades frozen immediately. Sure, that means it can't pay its CEO. Yes, it means its employees will break up with it in favor of more upstanding members of society. Yeah, it means it won't be able to pay rent and will probably get evicted. If all that's good enough for Joe Accused Weed Dealer, it's good enough for Equifax Accused Stalker.
Dewey, what part of this looks like authorities should be involved?
Saw this on Monster this morning:
EQUIFAX (Atlanta GA) is seeking a talented and highly motivated software engineer and security expert to manage the fallout of our recent security breach. Duties will include analyzing failures in security systems, taking the blame for prior failures, and generally being a scapegoat for the breakdown in security that lead to our infamous breach. Contract position is expected to last approximately 3-6 months, or until the end of criminal investigations, whichever is longer. Compensation includes generous exit bonus to compensate for ruining your career.
Interested candidates must have a BS or MS in Computer Science or equivalent work experience, not that it actually matters.
Equifax needs to face SEVERE punishment for negligence. Their incompetence impacts everything from personal finance, to national security. Just think what those nasty Russian's will do with the knowledge of exactly which pesky counter intelligence officer is having credit issues.
the place I used to work had a huge database and it protected the records of politicians, celebrities, and ultra wealthy.
I suspect it is a common practice.
hard time for any H1B fraud at the VP level and up.
If you aren't involved in credit application activities, get a credit freeze at all three agencies now. Then they will not provide information. Make things difficult for any fraudster.
You can lift the freeze when you need to.
Caveat: It costs money, but it's currently free at Equifax (the page is sometimes cratered, however).
Good luck everyone. And kudos to LifeLock's cracker department (JK).
Governments care slightly because upset voters can mean politicians get kicked out. By contrast, Equifax doesn't care at all because we're just data points to them and whether we're happy or upset data points doesn't matter at all. Government regulation might not be perfect, but it's better than just letting Equifax do whatever it wants and assuming that "the market will sort it out."
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Tinfoil hattery:
This beach was state sponsored. Over the next few weeks, American identities will be stolen en-mass, prompting nationwide credit-freeze. Consumers lose trust in the American system of credit/debt as the fraudulently borrowed moneys and goods leave the country before the freeze. People demand companies are punished, and place blame on the money lenders and banks.
People go back to spending only what they've earned. Retail feels the pinch first. Many go under in the first months. Prices rise, as available supply of goods diminishes (no longer produced on a credit-line, volume drops)
When the money stops moving around, the financial sector of the US economy withers and dies within weeks.
The 1% panic. Crisis follows.
I imagine this is what 21st century warfare looks like.
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
It's higher than that. About 25% of the nation's population is under 18, and are less likely to be impacted anyways. Since top execs are typically over 18, it is probsbly closer to 55 or 60 percent
File under 'M' for 'Manic ranting'
One thing is for sure, from a legal standpoint Equifax and EVERY credit reporting must verify EVERY item on EVERY credit report. Why? Because that cannot prove that the data has not been tampered with for any reason. They need to prove they verified it as well. By law, they have to prove that the data about each of us is in fact true. They can not. If they are permitted to stay in business, they should wipe down to 0 for each of us. New slate. Them too. But, I think they should all be put out of business for security reasons.
Doesn't work. The free market can only control a companies behavior when the people affected are the customers of the company. Equifax's customers are other companies, specifically banks, credit unions, rental management companies and the like. They don't really care that individuals who Equifax keeps information on have been compromised. I mean it's short sighted of them, since they are likely to take the brunt of the loss that will result from the identity theft that results, but in the short term, quarter to quarter view they aren't the ones whose data was compromised.
So for the free market to "take care of the problem" Equifax's customers would have to respond by no longer using them. Unless that happens there will be no correction by Equifax, baring a government investigation.
The whole insider trading thing is a separate issue and is definitely a government matter. Unfortunately other members of the market will not punish the inside traders by never doing business with them again. That kind of free market self correction only works in the kind of small tight ethically driven class based markets of Smith's day, not the global market of the 21st century.
The data loss and ID theft seems to have affected the FCC head honchos, too.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The "surprise" is only that the FTC publicly confirmed the investigation, not that there is an investigation (everyone knew there would be one).
based on the number of records leaked, there's a good 40% chance per top govt exec that their info WAS leaked
I would add, based on that percentage, not only is there a good chance that top government executives had their information leaked, but its most likely that information was also leaked about their spouses, adult children, parents, siblings, friends, etc. So I think many would take this personally. If you want to be cynical about it, this leak is going to create a lot of headaches for powerful entities like multinational banks, telecoms, and others who relied on Equifax to vet loans and identities and are going to have to deal with large spikes in fraud for years because of the breach. This kind of breach also helps to further undermine confidence in the banking system they are a part of. They may want this to go forward so they can take a chunk out of Equifax's hide as well. Oh, and their and their families, friends, etc. personal data has also been leaked, so they will probably have some personal motivations as well.
Seriously, you really think governments care about folks having their data leaked? If top govt execs info was leaked, then maybe we would get something real, but right now, all we'll see is a fake investigation with, as usual, no one going to jail or paying fines.
They better do care.
As far as I know, if you know the social security number of someone, you can impersonate them.
If the leak really contains half the SSNs of the country, this could be used to cause quite a lot of trouble to the economy.
Without economy no elite.
"we are all atheists about most of the gods that societies have ever believed in. Some of us just go one god further."
I'd say at best, they are in the same database and marked with some special restriction flags.
And not all adults even have credit history. They pretty much compromised every American who has gainful employment.
See subject.
It's not simply the breach. It's that after the breach, things just kept getting worse.
- Executives sold a bunch of stock between the breach and the report.
- The first "Am I affected?" site was horribly constructed from a security point of view, not to mention not being clear about the legalese regarding liability. There were also reports that it was acting like a simple random-response generator - putting in nonsense IDs gave specific answers - with both types of results.
- The "Freeze my credit" site set up to handle the volume, and the PIN they gave was a simple time-date stamp, easily guessed.
One of these days, I plan to write to my banking institutions saying that Equifax has failed miserably at their primary job - being secure, and my institutions should not be using such a shoddy business.
The living have better things to do than to continue hating the dead.
How many bankers did jail time under Obama for the financial mess?
Only the State obtains its revenue by coercion. - Murray Rothbard
AFAIK insider trading would be SEC territory.
Insider trading is the SEC, not the FTC, right? The SEC actually scares executives and board members, unlike most regulatory bodies.
Socialism: a lie told by totalitarians and believed by fools.
PII data is not well regulated in the US. People are much more concerned with card numbers than your personal information.
I object to power without constructive purpose. --Spock
Same here...we don't keep the real SSN of celebs or execs in the database. They are exempt.
I object to power without constructive purpose. --Spock
to play a few rounds of golf with FTC bigwigs? That's what I'm guessing will happen.
Damping absorbs vibrations. Dampening is caused by moisture.
FTC is saving their ass. Just see all the lawsuiting slow down.
That is not an implausible theory, but it relies on the response sequence that you cite. In reality, events do not happen in a vacuum.
OTOH, the banks and lenders (or the federal government by regulation) could enable better safeguards to validate identity other than SSN (which was never intended to be a universal ID) and require all lenders of any amount greater than $50 to validate and document the identity in person of the borrower using two IDs at least one of which is a photo ID, 2 factor authentication (call the cell number of record on the account to verify identity) and for good measure get a full facial photo and thumb print of the borrower on record as part of the required transaction documents for documentation and comparison to those on file. Ban all anonymous mail and online based credit applications of any kind (a notary public could be used to validate identity in legitimate cases). Require all documents be validated prior to extending credit.
For any victims of identity theft, a single FBI form should be all that is required to report ID theft, at which point all businesses who extended stolen credit are SOL and have no recourse unless they can prove criminal fraud in court first.
99% of identity theft dries up permanently in a couple of weeks, banks and lenders absorb a 2% increase to their cost of doing business, and the general population has one less thing to worry about...
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
I wonder, Where did the leaked data go? Who has it? How can Joe Blow and John Q. get a copy of it?
Next random thought, just exactly what info was in the leak, would it possibly contain say, data on people in WitSec? That could be serious. What about
random other people who are laying low, like victims of domestic violence?
Another though was, was the db editable in any way? Are there transaction logs? Could a person have edited or even completely deleted the credit history of someone? If so the hacker(s) would have been smart to do that to all the bad entries. That would have increased the value of identities they obtained.
Edit: Captcha: ramble
They have no teeth! They investigate them every minute of every day for something and then fine them some pidly amount. They never did anything in the past, why would they do anything now. Just look at their website and all of the complaints. BS. Total F*cking BS! Now they expect us to eat it. They should be investigated too! Why the hell have they waited so long to do something? They are partly to blame for this mess.
UnF*cking believable! The top FTC consumer enforcer used to represent EQUIFAX! This is up there with the fact that a Verizon lawyer is in charge of the FCC! OMF*ckingG! I just can't believe this shit! We are dealing with too much cronyism. This has to stop, truly. DC is totally out of touch. How are we going to fix this systemic corruption?
http://www.nationallawjournal.com/id=1202798002021/FTCs-Top-Consumer-Enforcer-Previously-Represented-Equifax-He-Wont-Lead-the-Probe?mcode=1202617074964&curindex=0&slreturn=20170814155954
Why do we even have 3 companies that handle credit card reports? If we kill off Equifuck, then we still have two more left. Less companies, less chance of security breaches.
I bet not .. and yeah, nobody will get hurt financially, expect some of those 143m, but that's small percentages compared to lynching a couple of executives.