Slashdot Mirror


Equifax Was Warned (vice.com)

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Months before its catastrophic data breach, a security researcher warned Equifax that it was vulnerable to the kind of attack that later compromised the personal data of more than 145 million Americans, Motherboard has learned. Six months after the researcher first notified the company about the vulnerability, Equifax patched it -- but only after the massive breach that made headlines had already taken place, according to Equifax's own timeline. This revelation opens the possibility that more than one group of hackers broke into the company. And, more importantly, it raises new questions about Equifax's own security practices, and whether the company took the right precautions and heeded warnings of serious vulnerabilities before its disastrous hack. Late last year, a security researcher started looking into some of the servers and websites that Equifax had on the internet. In just a few hours, after scanning the company's public-facing infrastructure, the researcher couldn't believe what they had found. One particular website allowed them to access the personal data of every American, including social security numbers, full names, birthdates, and city and state of residence, the researcher told Motherboard.

2 of 86 comments (clear)

  1. Re:Regardless of any warning by atrimtab · · Score: 5, Interesting

    Except most of the harmed never signed any agreement that includes FORCED ARBITRATION in their relations with Equifax, because the harmed are NOT Equifax customers. That means that all effected US citizens who are not Equifax customers CAN sue directly or via class action.

    The issue will be showing that you were damaged specifically by Equifax's negligence. They will likely defend themselves via all the reports of the similar losses of the same and similar personal data via other corporations also piss poor security practices.

    It will be very hard for any specific individual or class to show losses specific to Equifax. Sure , you may be able to show identity theft and losses because of it, but was that specifically because of Equifax? Good luck proving that.

    Equifax certainly does deserve the "Corporate Death Penalty." But there are many ways for them to avoid it, followed by a fresh coat of paint and likely a new name. Just watch....

    Today there is no such thing as a responsible corporate citizen. There probably never was.

    --
    Facebook is billions of individual "Skinner Boxes." And if you use it you are the pigeon!
  2. Re:Regardless of any warning by saltydogdesign · · Score: 4, Interesting

    This is a classic example of perverse incentives. Equifax gets paid when people need fraud protection (directly and indirectly), so the more cavalierly they handle consumer data, the better off they are.

    --
    // This is not a sig.