Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers In Equifax Breach Accessed More Personal Information Than Previously Disclosed (cnn.com)

Posted by BeauHD on from the surprise-surprise dept.

An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): Equifax said, in a document submitted to the Senate Banking Committee and reviewed by The Wall Street Journal, that cyberthieves accessed records across numerous tables in its systems that included such data as tax identification numbers, email addresses and drivers' license information beyond the license numbers it originally disclosed. The revelations come some five months after Equifax announced it had been breached and personal information belonging to 145.5 million consumers had been compromised, including names, Social Security numbers, dates of birth and addresses. It's unclear how many of the 145.5 million people are affected by the additional data including tax ID numbers, which are often assigned to people who don't have Social Security numbers. Hackers also accessed email addresses for some consumers, according to the document and an Equifax spokeswoman, who said "an insignificant number" of email addresses were affected. She added that email addresses aren't considered sensitive personal information because they are commonly searchable in public domains.

As for tax ID numbers, the Equifax spokeswoman said they "were generally housed in the same field" as Social Security numbers. She added that individuals without a Social Security number could use their tax ID number to see if they were affected by the hack. Equifax also said, in response to questions from The Wall Street Journal, that some additional drivers' license information had been accessed. The company publicly disclosed in its Sept. 7 breach announcement that drivers' license numbers were accessed; the document submitted to the banking committee also includes drivers' license issue dates and states.

5 of 58 comments (clear)

  1. I'm shocked (Not!) by whoever57 · · Score: 5, Informative

    This revelation comes just as it appears that the investigation of Equifax is being put on ice and that the head of the CFPB thinks that his job included protecting the banks.

    They should have pushed out this news last Friday or Monday when the market news would have buried it.

    --
    The real "Libtards" are the Libertarians!
  2. Nothing to fear. by 140Mandak262Jamuna · · Score: 5, Insightful
    I mean the bozos who hired music majors as Chief Information Security Officer don't have anything to fear. The Consumer Financial Protection Bureau is being run by the person who hates it. He has returned all the funding back to congress. He has halted the investigation about the breach.

    No body will be punished. No body will go to jail. There is nothing to fear, for the corporate CXOs

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  3. Corporate death penalty by Anonymous Coward · · Score: 3, Insightful

    This probably violates data breach laws in many states, since Equifax seems to have failed to fully disclose the nature of the breach in a timely manner. This corporation has been so irresponsible and harmed so many people that they no longer deserve to exist. Give them the corporate death penalty, which is done by revoking their corporate charter. Put the c-level executives in prison, including those who got golden parachutes to walk away from this situation. Given that they would be grossly negligent, those golden parachutes and the assets of Equifax should be taken and allocated to the victims of the data breach, much like what has happened with Bernie Madoff's estate. Until there are severe enough penalties for negligent security and data practices, these breaches will continue. At some point, they might become irrelevant just because everyone's personal information is already compromised. We actually have the ability to move to more secure methods of authenticating who we are, including public-key encryption and multi-factor authentication. Mandate this for financial institutions who are offering any sort of credit. If the authentication isn't done, the person who is given credit is not liable to pay anything back and make any negative credit reporting by the institution considered libel.

  4. No point in even worrying about this anymore by Rick+Schumann · · Score: 5, Interesting

    Not just 'the horse', but all the horses have left the barn, changed their names, and moved to a different planet. That's how far 'done' this is. There's no point in even worrying about whether or not your identity is going to be stolen, it's already done and nothing can change that now. All that's left is whether or not whatever criminals have your data decide it's worth ruining your life with, for fun-and-profit. No amount of anger, raging, hand-wringing, or sleep-losing will do anything about that.

    Equifax, on the other hand, still need to have ALL their senior management dragged out into the street, heads chopped off, and planted on poles on Wall Street, as a WARNING to the rest of these assholes: DO NOT BE NEGLIGENT WITH OUR VERY MUCH PERSONAL DATA EVER AGAIN.

  5. Re:I'm shocked (Not!)- a plague they are by charliemerritt03 · · Score: 3, Insightful

    They are causing damage to people, yet 150 Million have absolutely no recourse? Somehow - where is one of those TV Lawyers with the huge class action (not that I'd join one)? We should go after these guys just like tobacco - they are not worth as much, but they should be made to disappear - a plague they are.