Slashdot Mirror
One Year After the Massive Equifax Data Breach, Pretty Much Nothing Has Changed (axios.com)
The Equifax data breach was supposed to change everything about cybersecurity regulation on Capitol Hill. A year ago, Equifax announced that 145.5 million U.S. adults had their social security numbers stolen in an easily preventable breach. If any data breach was going to be able to shock Washington into enacting sweeping privacy reforms, this should have been it. Axios: But that didn't happen: "The initial interest that was implied by congressional actions didn't pan out," said Michelle Richardson, director of the Privacy and Data Project at the Center for Democracy and Technology (CDT). What was supposed to happen: After the first of several hearings involving Equifax, Sen. Chuck Grassley (R-Iowa), chair of the Judiciary Committee, said it was "long past time" for federal standards for how companies like Equifax secure data.
Data security wasn't the only anticipated reform. Congress appeared poised to create a national breach notification law governing how and how quickly companies must notify anybody whose personal information is stolen in a breach. Currently, to the chagrin of national retailers, those laws vary state to state. Several investigations were supposed to penalize the credit bureau for lax cybersecurity, including failing to patch the vulnerability hackers exploited despite government warnings. What actually happened: The bills petered out. Mick Mulvaney took over the Consumer Financial Protection Bureau in November and halted the bureau's investigation.
Data security wasn't the only anticipated reform. Congress appeared poised to create a national breach notification law governing how and how quickly companies must notify anybody whose personal information is stolen in a breach. Currently, to the chagrin of national retailers, those laws vary state to state. Several investigations were supposed to penalize the credit bureau for lax cybersecurity, including failing to patch the vulnerability hackers exploited despite government warnings. What actually happened: The bills petered out. Mick Mulvaney took over the Consumer Financial Protection Bureau in November and halted the bureau's investigation.
I'd say we should appeal to Donald Trump to change this, but he kind of has his hands full.
Seriously, did anyone expect anything to change?
= nothing gets done
Did you really think they were going to crack down on corporations? Impose regulations and fines? Hahaha, my sweet summer child.
Most of us on Slashdot make a living from computers, so this is likely a bad forum for this question. However, does any good from computers trump distracted driving, identity theft, facebook/twitter addiction, school plagiarism, financial fraud, the end of privacy, etc.? You might have a few more items to add to this list.
Why would anything change without strict federal guidelines and without any real consequences for board members and investors.
1. businesses should be unregulated and allowed to compete in a free market (laissez-faire), except:
2. if the entire industry demonstrates they can't handle it themselves.(regulatory capitalism)
Whatever we have today, it's neither the moderate capitalism of the Anglo-Saxon model nor the more socialized Rhine capitalism (social market economy). What we run today is really a crony capitalism model, unfortunately there is a lot of data on how this ultimately collapses and no examples of where it is successful.
What was your point again?
They're both the same! Obama! Buttery males!
It's the same winner, every time. Money.
Make America grate again!
Politically, nothing happened. But a lot of people locked their credit score. I'm sure credit card companies are now asking for more information to prove your identity to open a new card. People's ssn, date of birth, and drivers license can no longer be trusted as a form of identification for anything. I also had so many friends and family ask what they should do, which opened the door for me to introduce them to things like LastPass, Yubikey, and other security.
And when the whole debate about voting machines came up, one word shut most people up: Equifax.
This industry, the idea that credit is something that can be measured and a value of trust and worthiness ascribed to certain goods and services, is fragile.
Equifax is running out of keys and they just dont seem to care. They are running out of the very currency that funds their business model. If you can no longer trust SSN's because every hacker on the planet has them, and you can no longer trust personal information because its been stolen as well, then the value assigned to the majority of your assets (people) is effectively worthless.
and if all you can report in 20 years is the fact that everyone in your database is categorized as credit-unworthy, then you become worthless as a saleable service to your real customers: banks.
Good people go to bed earlier.
If you look damage done to the company as a result, it really makes no sense to pretend to threaten anyone with costly fines or regulatory oversight. Value indicated by market cap is almost recovered. Their cost for the offered monitoring is marginal, and any other damages related to the incident never exceeded what they were prepared to write off as the cost of doing business. Did they ever even file a claim against their cybersecurity insurance (or rider to umbrella liability)? The red hot iron of outrage was too far from an election cycle to matter. The regulatory climate in DC is ice cold, too. Any cost of compliance or fines for noncompliance would just be passed on to the comsumers. Even if Equifax's structure and business model made it exceptionally insulated from negative impacts of consumer outrage directly, the message from Equifax and our representives in DC in the wake of the incident is clear: it pays to be careless with people's data, and there's little the consumer can do about it.
Bernie Sanders would have changed this by now.
Politically, nothing happened.
To the surprise of absolutely no one given the current state of affairs in Washington.
But a lot of people locked their credit score.
So what? That's about the least interesting bit of data Equifax has about you and it does nothing to prevent mass data breaches.
I'm sure credit card companies are now asking for more information to prove your identity to open a new card.
Citation needed.
also had so many friends and family ask what they should do, which opened the door for me to introduce them to things like LastPass, Yubikey, and other security.
So you told them to use an unregulated and unaudited third party single point of failure? Great plan... You do realize that those things would do nothing to prevent a breach at Equifax right?
The headline can be taken two ways ... the identity theft Armageddon didn't happen either. Did it?
The interesting question would be why ... I know I put a fraud alert on my credit bureau accounts (and have kept renewing it), but did most people really do that?
Equifax and their counterparts are doing the government's dirty work tracking everyone and then selling the data. What would the reaction be if the US government or states did this kind of thing? Nothing is going to change until this "Big Data" is regulated. Nothing will be regulated until something extremely bad happens to them personally or large corporation is toppled because of a breach.
Congress critters see no evil, say no evil, hear no evil until it affects their pocketbook...
Not talking about what or why you WANT it to change. Why SHOULD they change. No accountabiliy, no reason.
If I would steal cookies as a kid and all my mom would do was moan about ot, I would eat them all and demand more.
A light punishment after the first cookie was enough.
Accountability: it somehow matters.
Don't fight for your country, if your country does not fight for you.
You're free.
You're equal.
You are tolerated.
Maybe these are not the right things to be hoping for; perhaps we need reality, sanity, and the ability to address glaringly obvious problems instead.
Alternative Right.
is the short answer. Can't let anything inconvenience the corporations, after all.
Free credit freezes are due this month thanks to Economic Growth, Regulatory Relief, and Consumer Protection Act
https://www.congress.gov/bill/115th-congress/senate-bill/2155/text?format=txt/
I am a customer of Equifax, and have been for almost 20 years.
I have used their services to alert me regarding accounts, my credit history, etc; When I found out what had happened I was deeply disappointed, but I didn't cancel my account, and I still use their services. No, I am not an apologist for Equifax, and think heads should have rolled over their breach... I thought about cancelling, but in the long run, what good would it have done to either myself or to trying to make things change(which they didn't)
I did do a hard credit freeze on all of the credit bureaus however.
There's no incentive, no motive.
Customers are helpless to do anything about it so they just shrug and move on.
Their shit is out there anyway, what with all the other goddam break-ins.
In the spirit of, "too big to fail," Equifax is too big for their breaches.
All your base are belong to us.
It little behooves the best of us to comment on the rest of us.
is if Equifax gets hacked yet again, because there's a fresh new Struts weakness that was announced within the last week that was every bit as bad that lead to this breech. I would fine it hilarious if they're getting cleaned out once again even as we post.
When you sympathize with stupidity, you start thinking like an idiot.
We need to elect politicians who support regulation as a solution. You can't rely on market forces since you're not able to "shop around" for a credit agency. They're assigned to you.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Alexander Peter Kowalski is just mad that his parents still regret not aborting him so he keeps posting that garbage. He is also upset that he keeps getting stomped down when ever he posts his hosts file garbage like the retarded loser he is.
"I'm sure credit card companies are now asking for more information to prove your identity to open a new card."
Which means there will be more information leaked in the next breach, which also means that more information will be no longer trusted as valid forms of identification. In the end this is how trust dies and we are seeing it on a daily basis.
Welcome to the post truth era, chaos to ensue momentarily.
Pretty much nothing has changed. I mean, really, what did you expect?
Of course nothing changed; the politicians, The Rich, they're all already 'protected', they were never in any danger from this, only The Poor, and middle-class working people stood to lose anything -- and our own alleged 'representatives' in our government don't really give a rat's ass about any of us filthy plebians. Politicians are too busy trying to hold on to their power and position, a large part of which is serving corporate interests (whose money got them elected in the first place; thanks so much Citizens United), the rest of which is kowtowing to (you guessed it) The Rich, who likewise funded their campaigns. Meanwhile the rest of us cross our fingers and hope we don't get our bank accounts drained, credit cards maxed out, and identity stolen and ruined forever; I, for one, don't even bother worrying, I have nothing to take, my identity is basically worthless, and there's not a gods-be-damned thing I can do about it all anyway, it's out of my hands, so why make myself sick with worry? I'll be there when Monsieur Guillotine is brought out again, and the people who have shit on us are dealt with, but until then what can we do but try to survive? Also meanwhile, we have to vote for Democrats whether we like it or not, because it's mainly the Republicans who currently hold a majority who are ignoring this shit, and throwing things farther and farther out of balance every month, so regardless of Democrats being just as corrupt, we have to pit them against each other and hope something actually gets done. The alternative is anarchy and chaos, which would complete the descent of the United States from a top-tier first-world country down into a third-world lawless shithole like Libya or Syria or Somalia.
Enjoy your Thursday, everyone!
You are not Equifax's customer, you are their product. (Just like you are facebook and google's product). You are however your credit card companies customer. If there was pressure put on the credit companies not to share information with an insecure entity like Equifax then Equifax would either put some effort into security or go bankrupt. Equifax has to have a near complete picture of everyone's credit score to remain in business. If even a few creditors stopped sharing information with them they would be in big trouble.
Just tell Donald that it's a wall, he'll start pushing for funding.
They repealed net neutrality.
I froze my credit with all three companies and won't use it again anytime in the foreseeable future.
Granted, I'm lucky I'm in a position that allows me to do that, but still... if anyone has the audacity to act like a credit score matters I'll just laugh them out of the room.
The last line of the summary says it all: "Mick Mulvaney took over the Consumer Financial Protection Bureau in November and halted the bureau's investigation."
The current administration is not interested in consumer protection.
They are on the side of business, not consumers.
here you can see its action: https://www.real.video/5831345857001
My credit is fine. Have there been reports of massive fraud that can be traced back to this? What are they doing with it?
I predicted that this won't be a consumer problem. The credit system now has an issue - all of their previously "Secret" data is floating around. As a consumer I don't know what to do or what is happening out there. But if a rash of fraudulent loans start appearing then the credit market will really have a problem.
Just like I have to press "block caller" due to the high level of scam phone calls --- the credit market may need to start doing the same. Then we all have a problem.
Of course Congress should have rushed out some knee-jerk legislation about something that is complex and which they don't understand, as it would have made things much better. In fact why don't they call the bill INHASTE - INvest in HArdended Services, Thanks Equifax
There has been change. The consumer's wariness and resistance has been further eroded. Where as last year, people and Mainstream media wrung their hands and waved their online virtual pitchforks for a few days. Then they came to realize that they weren't making a difference and that nothing too terribly bad happened to the majority. So... Fuck it!
If the same breach occurred today, even fewer people would express and concern or anger. So, what changed? People got more comfortable with their information being amassed by shadowy corporations and more accepting of the fact(FACT) that their data will again be leaked and that there is fuck all that they can do about it.
What a wonderful day!
I fucking love you guys, many laughs comrade!!
I want you to take a look at what happened at equifax and sony and think about how long it will be before the private records of IRA and other troll farms are made public.
One day you will be hunted and dox'd relentlessly and you'll probably get searched on every international flight for the rest of your life... if anyone ever gives you a visa again that is.
You guys generated a lot of data and I don't know how long you, personally have been at it but you guys were a lot sloppier back in 2015. Real names in dns records :( Cribs and logs in public s3 buckets and pastebin tsk tsk tsk.
I saw this shit back then and didn't know what to make of it and I doubt I'm the only one. American intelligence and law enforcement will compile a list of as many of you as possible and then figure out which of you are the most remorseful and of those who has the most valuable information. They'll be placed on payroll and your name and associated information will be shared with all the other 5 eyes nation and leaked to the hacker community after it's stale.
I hope you're well compensated because once you're all dox'd you'll never know when someone will decide to have fun at your expense for the rest of your life. I know guys in the hacker community that are still swatting people over shit that happened decades ago when they were kids.
As we say in USA "food for thot comrade!"
doesnothingwell - funny it says I'm signed in.
People need to see PRISON time before change happens. All large corp execs have immunity from prison, so we will see more crap like this with no changes. More breaches, more excuses, more illegal actions, more fraud, money laundering, etc. Put one in prison, and I guarantee we will see "sweeping reforms". LOL
I would like to know why jews cut their hook noses off to look like us "inferior goyim" who they say we are that are inferior stupid cattle to rob and rape.
Fake news is from FAKE JEWS (fakebook/jewgle)
Khazar Talmudic Jews believe this of all they call goyim/gentiles (any non-jew): Jews = biggest racists of all (for which they "jew guilt" you for no less! They're hypocrites known as thieves all thru history or were Argentines in the 1940 under Peron, Spanish inquistion, France (1306), Egypt (despoiled/robbed by jews), Arabs (pre & post 1948), England (1330 Edward longshanks), Romans under titus, Russia pogroms and Germany who got rid of them from their nations nazi german's too? No. Driven into DESERTS ages ago! Don't wonder why after all those exilings above.
Should anyone doubt any of this see Jacob Javits' crony Rosenthal spill the beans on it https://www.youtube.com/watch?v=D4zMVZ8HnFI/ where he called all Christianity fools for helping Israel and the biggest scam of all time per their beliefs below from their Talmud.
This is the province of the synagogue of Satan (Pharisees whom Jesus Christ himself kicked to the curb out of the temple & they killed him for it. Jeremiah did the same to them also + the Essenes could not stand them either breaking away from the pharisee corruption):
Mark Zuckerberg stole the Winklevoss twins' code for Fakebook (figures as he is a thieving low jew too).
Maria Abramovic satanist spirit cooker pal of Hillary Clinton the Voodoo queen is a jew https://www.google.com/search?...
Like Hillary Clinton's mentor Saul Alinsky author of rules for radicals book dedicated to Lucifer
"Most Jews do not like to admit it, but our god is Lucifer Â- so I wasnÂ't lying Â- and we are his chosen people. Lucifer is very much aliveÂ" Harold Rosenthal http://www.thetruthseeker.co.u...
Jewish rabbi openly admits to satan worship use white children's blood they kill for passover bread, infiltrating and subverting the catholic church, creating the Jesuit order https://www.youtube.com/watch?... and https://www.youtube.com/watch?...
Barbara Spectre, a jew, tells everyone it's jews orchestrating the muslim migrant problem in Europe https://www.youtube.com/watch?v=MFE0qAiofMQ/ . No migrant raping of women in Poland. Tons in Sweden. Do the math. Use common-sense. This is to get muslims and other goyim/gentiles to wipe one another out as incompatible cultures that will clash and always have.
Rabbi A. Finkelstein ADMITS their greatest enemies are ARABS and WHITES (blacks too) whom they wish to kill one another in a 'theater of war' which they find AMUSING https://www.youtube.com/watch?...
Finkelstein also admits JEWS DID 9/11 (perpetrated by the Mossad & Bebe Netanyahu of ISRAEL) https://www.youtube.com/watch?... profiting by it (and that 3,000 jews employed there did not show up for work that day knowing about it beforehand).
Finkelstein also admits JEWS are going to destroy the U.S. Dollar and dumping it for other world currencies and gold to destroy the United States.
George Soros who funds groups to create division in the USA?? A jew. One who sold his own jew people into death for the nazis.
Zucker now FIRED @ CNN is another frying publicly for lying about "russians" and John Bonifield a producer @ CNN said it is bs. Van Jones did also.
Bernie Madoff (who made off with everyone's money, especially construction union pensions) shows the thieving nature of the JUDEN!
Eric Schmidt had to step dow
That's showing him comrade!
I'm sure leader Putin will thank you personally and reward you greatly for your support.
Every year, Microsoft does code and security reviews for my state's department of state. Every year, they point out the same security holes. Every year, they're blown off because the H1Bs don't want to plug the holes. And the executives are too stupid, corrupt, or dickless to push back.