Slashdot Mirror
Two Lawmakers Urge FTC, CFPB To Keep Pressure On Equifax (techcrunch.com)
An anonymous reader quotes a report from TechCrunch about the little fallout Equifax has faced for one of the worst data breaches in U.S. history: The credit rating giant, one of the largest in the world, was trusted with some of the most sensitive data used by banks and financiers to determine who can be lent money. But the company failed to patch a web server it knew was vulnerable for months, which let hackers crash the servers and steal data on 147 million consumers. Names, addresses, Social Security numbers and more -- and millions more driver license and credit card numbers were stolen in the breach. Millions of British and Canadian nationals were also affected, sparking a global response to the breach. Yet, a year on from following the devastating hack that left the company reeling from a breach of almost every American adult, the company has faced little to no action or repercussions.
"There was a failure of the company, but also of lawmakers," said Mark Warner, a Democratic senator, in a call with TechCrunch. Warner, who serves Virginia, was one of the first lawmakers to file new legislation after the breach. Alongside his Democratic colleague, Sen. Elizabeth Warren, the two senators said their bill, if passed, would hold credit agencies accountable for data breaches. "With Equifax, they knew for months before they reported, so at what point is that violating securities laws by not having that notice?," said Warner. "The message sent to the market is 'if you can endure some media blowback, you can get through this without serious long-term ramifications', and that's totally unacceptable," he said. Earlier this year, the company asked a federal judge to reject claims from dozens of banks and credit unions for costs taken to prevent fraud following the data breach. The claims, if accepted, could force Equifax to shell out tens of millions of dollars -- perhaps more. The hundreds of class action suits filed to date have yet to hit the courts, but historically even the largest class action cases have resulted in single dollar amounts for the individuals affected. And when the credit agent giant isn't fighting the courts, federal regulators have shown little interest in pursuit of legal action. Sen. Elizabeth Warren wrote a letter Thursday to the heads of the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) complaining about their lack of action. "Companies like Equifax do not ask the American people before they collect their most sensitive information," said Warren. "This information can determine their ability to access credit, obtain a job, secure a home loan, purchase a car, and make dozens of other transactions that are critical to their personal financial security. The American people deserve an update on your investigations."
"[O]nly the Securities and Exchange Commission has brought charges -- not for the breach itself, but against three former staffers for allegedly insider trading," TechCrunch points out.
"There was a failure of the company, but also of lawmakers," said Mark Warner, a Democratic senator, in a call with TechCrunch. Warner, who serves Virginia, was one of the first lawmakers to file new legislation after the breach. Alongside his Democratic colleague, Sen. Elizabeth Warren, the two senators said their bill, if passed, would hold credit agencies accountable for data breaches. "With Equifax, they knew for months before they reported, so at what point is that violating securities laws by not having that notice?," said Warner. "The message sent to the market is 'if you can endure some media blowback, you can get through this without serious long-term ramifications', and that's totally unacceptable," he said. Earlier this year, the company asked a federal judge to reject claims from dozens of banks and credit unions for costs taken to prevent fraud following the data breach. The claims, if accepted, could force Equifax to shell out tens of millions of dollars -- perhaps more. The hundreds of class action suits filed to date have yet to hit the courts, but historically even the largest class action cases have resulted in single dollar amounts for the individuals affected. And when the credit agent giant isn't fighting the courts, federal regulators have shown little interest in pursuit of legal action. Sen. Elizabeth Warren wrote a letter Thursday to the heads of the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) complaining about their lack of action. "Companies like Equifax do not ask the American people before they collect their most sensitive information," said Warren. "This information can determine their ability to access credit, obtain a job, secure a home loan, purchase a car, and make dozens of other transactions that are critical to their personal financial security. The American people deserve an update on your investigations."
"[O]nly the Securities and Exchange Commission has brought charges -- not for the breach itself, but against three former staffers for allegedly insider trading," TechCrunch points out.
Humility is rare. I applaud you!
I don't see any evidence of pressure on these guys, n'mind keeping it on.
Agreed. I stopped using Equifax years ago and haven't missed them since.
Uh-huh.
Equifax is already facing the largest class-action lawsuit in US history
https://bgr.com/2017/09/08/equifax-hack-lawsuit-class-action-how-to-join/
Equifax's Massive Data Breach Has Cost the Company $4 Billion So Far
http://time.com/money/4936732/equifaxs-massive-data-breach-has-cost-the-company-4-billion-so-far/
How to Get In on a Class-Action Lawsuit Against Equifax
https://www.kiplinger.com/article/credit/T017-C000-S002-get-in-on-a-class-action-lawsuit-against-equifax.html
I won $8,000 from Equifax in Small Claims Court. Here’s how you can, too.
https://blog.legalist.com/i-won-8-000-from-equifax-in-small-claims-court-heres-how-you-can-too-f0ce6925c079?gi=f38cd2b5686f
Equifax will not survive fallout from massive breach, says technology attorney
https://www.cnbc.com/2017/09/14/equifax-will-not-survive-fallout-from-massive-breach-says-technology-attorney.html
There are 23 class-action lawsuits filed and a congressional investigation, as well as lawsuits that may be yet to come, Grossman said.
Sure, there's been little fallout.
I got news for you guys, you ARE using them and there's not a goddamn thing you can do about it.
We are NOT the customers. The banks, credit card companies and everyone else who reports our credit and check people's credit are the customers and they pay Equifax and the other credit reporting companies.
And that what sucks. And as far as the CFPB is concerned, the Trump Administration and the Republicans in Congress neutered it. The most wonderful thing our government has done in 80 years.
We need regulations because the free market is incapable of regulating itself.
You don't get it, dou you? The average Joe is not a customer of Equifax, he/she is the product. The credit companies are the customers and they couldn't care less about the data breach as it doesn't affect them. You can't just "stop using" them as they colect/buy information without consent.
sudo rm -r -f --no-preserve-root /
I don't think you know how Equifax works, or who it's main customers are. One does not need to have ever used Equifax in order to have their data leaked.
...or in other words, nobody with any power right now.
Maybe after the next election we can care what Democrats do, but right now it's irrelevant. And yes, that is a failure of our government, but it's still true.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This is why you should forever not vote democrat. equifax break was funded and caused by clinton and soros to undermine amazing trump. no doubt.
You are the product. (Just like you are facebook and google's product). You are however your credit card companies customer. If there was pressure put on the credit companies not to share information with an insecure entity like Equifax then Equifax would either put some effort into security or go bankrupt. Equifax has to have a near complete picture of everyone's credit score to remain in business. If even a few creditors stopped sharing information with them they would be in big trouble.
So if you want to punish Equifax, somehow convince your bank or credit card company not to share their credit information with them. Not sure you will have any luck, but it's probably your best approach.
I see this all the time in security. The company responsible for the security isn't the one hurt by a security breach so they put almost no effort into security. Banks in the UK used to be the worst example of this. Internal fraud was so bad they would resist any controls so that they could deny it was their fault. Small toy companies and companies printing tickets had the best security. (Military security is in just incompetent by inertia)
What we need are regulations that shift the cost of security breaches onto the entities best able to prevent them. We also need to make stored data toxic so that most companies won't even keep your information.
You aren't who you are pretending to be. You don't believe a word of what you typed.
You are just trying to make conservatives look like idiots by pretending to be one of them and advocating some stupid that is vaguely similuar to, but not actually, what they advocate.
Occam's razor suggests otherwise.
SSID is not a password
She is a raging hypocrite
You should have stopped typing right there. No further qualifiers are necessary. (nor would they improve the accuracy)
Only when it reinforces your biases.
a person should sue the bank for libel if the bank errantly claims that a person borrowed some money. I don't feel like I want to clean up failed transactions between a bank and a criminal that was errantly done in my name - not my responsibility - i'm too tired for their nonsense
But if it enforces yours....
Yep, we're just a bunch of worthless plebians, who gives a flying fuck if our worthless little lives are ruined? The Rich, and D.C. politicians, guaranteed, are 'protected', so why should they give a fuck?
I am capable of making your product stand out by planning product boxes, designing product packaging, insert cards and labels in an aesthetically pleasing way.
we deliver your Product PACKAGING an Labeling ORDER SUPER FAST and SUPER QUALITY. You can count on us and you will never regret about your design reach out and get yours design for only $5.
https://www.fiverr.com/aliarslangorsi2/be-your-seo-agency
It was a PR stunt to funnel business to Experian's Dark Web Scanning service. At the time of the "so-called" breach, this services was just announced. Remember, Experian setup a website, www.equifaxsecurity2017.com, to help consumers determine whether their data was at risk. The site required "customers" to enter their last name and the last six digits of their Social Security number. When they did, however, they did not get a confirmation about whether they were affected by the breach. Instead, the site provided an enrollment date for its protection service, which was still not ready for several days.
Also this was a true data breach, there would have been far more activity in Washington. They had hearings on Facebook's data sharing policies but not this? Seem to me Equifax was able to defuse Congress by informing members confidentially that the breach was a PR stunt.
I have no proof...just circumstantial evidence...is only my humble but wild ass theory out there for all to ridicule...
It was not "one of the worst data breaches". It was THE worst.
With a US population of 325.7 million...
146m names, DOBs, and SSNs were stolen.
99m addresses.
27m genders
20m phone numbers
18m drivers license numbers.
It really doesn't get much worse than that.
...which is fuck-all. The Equifax credit freeze website doesn't work. It just sits and spins forever, like we're expected to do.
After retrying literally about 20 times, I finally got the site to work and placed a freeze. Shouldn't these pricks have to maintain a reasonable level of availability of a site which fulfills a legal requirement?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
True, but if everyone locked their Equifax credit report and refused to ever unlock it (as well as boycotting any potential creditor that tried to require you to unlock Equifax) they would go out of business. That would teach these companies that there are consequences to their actions.
Freeze your credit report and then they can't [legally] sell your info. If enough people do that, it will hurt them in the only place they care about, the balance sheet.