Hackers In Equifax Breach Accessed More Personal Information Than Previously Disclosed

An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): Equifax said, in a document submitted to the Senate Banking Committee and reviewed by The Wall Street Journal, that cyberthieves accessed records across numerous tables in its systems that included such data as tax identification numbers, email addresses and drivers' license information beyond the license numbers it originally disclosed. The revelations come some five months after Equifax announced it had been breached and personal information belonging to 145.5 million consumers had been compromised, including names, Social Security numbers, dates of birth and addresses. It's unclear how many of the 145.5 million people are affected by the additional data including tax ID numbers, which are often assigned to people who don't have Social Security numbers. Hackers also accessed email addresses for some consumers, according to the document and an Equifax spokeswoman, who said "an insignificant number" of email addresses were affected. She added that email addresses aren't considered sensitive personal information because they are commonly searchable in public domains.

As for tax ID numbers, the Equifax spokeswoman said they "were generally housed in the same field" as Social Security numbers. She added that individuals without a Social Security number could use their tax ID number to see if they were affected by the hack. Equifax also said, in response to questions from The Wall Street Journal, that some additional drivers' license information had been accessed. The company publicly disclosed in its Sept. 7 breach announcement that drivers' license numbers were accessed; the document submitted to the banking committee also includes drivers' license issue dates and states.

Nothing to fear.

[140Mandak262Jamuna]

I mean the bozos who hired music majors as Chief Information Security Officer don't have anything to fear. The Consumer Financial Protection Bureau is being run by the person who hates it. He has returned all the funding back to congress. He has halted the investigation about the breach.

No body will be punished. No body will go to jail. There is nothing to fear, for the corporate CXOs

Corporate death penalty

This probably violates data breach laws in many states, since Equifax seems to have failed to fully disclose the nature of the breach in a timely manner. This corporation has been so irresponsible and harmed so many people that they no longer deserve to exist. Give them the corporate death penalty, which is done by revoking their corporate charter. Put the c-level executives in prison, including those who got golden parachutes to walk away from this situation. Given that they would be grossly negligent, those golden parachutes and the assets of Equifax should be taken and allocated to the victims of the data breach, much like what has happened with Bernie Madoff's estate. Until there are severe enough penalties for negligent security and data practices, these breaches will continue. At some point, they might become irrelevant just because everyone's personal information is already compromised. We actually have the ability to move to more secure methods of authenticating who we are, including public-key encryption and multi-factor authentication. Mandate this for financial institutions who are offering any sort of credit. If the authentication isn't done, the person who is given credit is not liable to pay anything back and make any negative credit reporting by the institution considered libel.

Re:I'm shocked (Not!)- a plague they are

[charliemerritt03]

They are causing damage to people, yet 150 Million have absolutely no recourse? Somehow - where is one of those TV Lawyers with the huge class action (not that I'd join one)? We should go after these guys just like tobacco - they are not worth as much, but they should be made to disappear - a plague they are.