Equifax data breach

[CarolinaSock]

Didn't see this posted anywhere about the 143 million people potentially compromised by a breach a few months ago they just brought to light.

https://www.cnet.com/google-amp/news/equifax-hack-find-out-if-you-were-one-of-143-million-hacked/

They setup a site where you can see if you might be affected. Apparently if you choose to sign up for the free monitoring they are offering you are waiving your right to sue them. Very classy on their part.

[Kevin Greene]

Guess I'll be enrolling. 

[Paintballr]

FYI if you use the site to check it you were effected you are waiving your ability to be in a class action lawsuit.

 

Its really fishy when they have top executives sell loads of shares a few days before this gets announced. It's not like they found out and in 24 hours announced it, they've known for months.

[PurityControl]

I enrolled, they said both my wife and I were compromised. I would rather have them monitor it, then receive a check for $15 in 5yr as part of a class action suit.

 

[Ja Rhule]

21 minutes ago, PurityControl said:

I enrolled, they said both my wife and I were compromised. I would rather have them monitor it, then receive a check for $15 in 5yr as part of a class action suit.

 

I'm already their member.  We are family of 5 all compromised.  Hoping to get a more than $15

[Davidson Deac II]

5 hours ago, CarolinaSock said:

Didn't see this posted anywhere about the 143 million people potentially compromised by a breach a few months ago they just brought to light.

https://www.cnet.com/google-amp/news/equifax-hack-find-out-if-you-were-one-of-143-million-hacked/

They setup a site where you can see if you might be affected. Apparently if you choose to sign up for the free monitoring they are offering you are waiving your right to sue them. Very classy on their part.

I am fairly certain that is not true.  This is from their website.

Quote

2). NO WAIVER OF RIGHTS FOR THIS CYBER SECURITY INCIDENT
In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.

And it wouldnt stand up in court anyway.

[Davidson Deac II]

I have a feeling that some people at Equifax are going to be updating their resume's soon.

https://www.consumerreports.org/equifax/equifax-says-site-vulnerability-behind-massive-data-breach/

Quote

Ars Technica reported on the vulnerability in early March. Means of exploiting the vulnerability were "trivial, reliable, and publicly available," Ars noted at the time, making the flaw high-impact, high-visibility, and leaving major sites vulnerable to an increasing wave of attacks.

 

Quote

Ars notes that applying this particular patch is "labor intensive and difficult," due to the way the software works. But clearly the worse-case outcome of not doing it has proven to have massive consequences for not only nearly half the entire U.S. population, but tens of millions of people around the world as well.

I would imagine a lot of IT security people this week are busy ensuring all their servers are patched and security systems updated to recognize this particular virus.  

[Kevin Greene]

They need to liquidate this company's assets and spend the dollars for life long protection for all the people who got corn holed.

Make an example of these pricks.

https://www.usatoday.com/story/money/2017/09/14/equifax-identity-theft-hackers-apache-struts/665100001/

 

[Davidson Deac II]

8 hours ago, Kevin Greene said:

They need to liquidate this company's assets and spend the dollars for life long protection for all the people who got corn holed.

Make an example of these pricks.

https://www.usatoday.com/story/money/2017/09/14/equifax-identity-theft-hackers-apache-struts/665100001/

 

 

You would have made a great Medieval Lord.

Mistakes are going to happen.  Its a fact of life.  You can try your best to eliminate them, but they are still going to happen.  Its better to learn from the mistakes than to eliminate them.   There are probably thousands of companies and government agencies world wide that did the same thing they did, they just happened to get caught first.

 

[Davidson Deac II]

 I think this points out the need to make significant changes to how credit records are maintained and accessed.   And I think everyone should consider freezing their credit.  I plan on doing it.  

[Kevin Greene]

53 minutes ago, Davidson Deac II said:

 I think this points out the need to make significant changes to how credit records are maintained and accessed.   And I think everyone should consider freezing their credit.  I plan on doing it.  

Yep, gonna freeze mine with all 4 companies. There's really no choice.

[Anybodyhome]

4 hours ago, Davidson Deac II said:

 

You would have made a great Medieval Lord.

Mistakes are going to happen.  Its a fact of life.  You can try your best to eliminate them, but they are still going to happen.  Its better to learn from the mistakes than to eliminate them.   There are probably thousands of companies and government agencies world wide that did the same thing they did, they just happened to get caught first.

 

Yeah, not so much. 

https://www.msn.com/en-us/news/us/equifax-had-patch-months-before-hack-and-didn’t-install-it/ar-AArUSXs

SAN FRANCISCO — Cybersecurity professionals who track down bugs discovered, created a fix for, and told the industry about the vulnerability that allowed attackers into the Equifax network two months before the company was hit by hackers.

"The Equifax data compromise was due to (Equifax') failure to install the security updates provided in a timely manner," The Apache Foundation, which oversees the widely-used open source software, said in a statement Thursday.

I guess if failing to do your job is a mistake, then I see your point. But there's more to it....

If you, Mr. Consumer, go into a place of business and decide to open a credit account, you then voluntarily, of your own choice, give information to the credit bureaus for the purposes of credit monitoring.

However, Equifax collects your data without your express permission and uses it as it sees fit, again without your permission. Their sole mission and purpose is to collect and store personal and financial information on people. And if that company is unable or fails to maintain a level of security over the information they take from you, then they should be held both legally and financially responsible for any issues stemming from the breach. 

 

[Davidson Deac II]

7 minutes ago, Anybodyhome said:

Yeah, not so much. 

https://www.msn.com/en-us/news/us/equifax-had-patch-months-before-hack-and-didn’t-install-it/ar-AArUSXs

SAN FRANCISCO — Cybersecurity professionals who track down bugs discovered, created a fix for, and told the industry about the vulnerability that allowed attackers into the Equifax network two months before the company was hit by hackers.

"The Equifax data compromise was due to (Equifax') failure to install the security updates provided in a timely manner," The Apache Foundation, which oversees the widely-used open source software, said in a statement Thursday.

I guess if failing to do your job is a mistake, then I see your point. 

Failing to do your job is always a mistake, a pretty serious one.  But if you think by disposing the of the company, that will eliminate those mistakes from happening again, then you know nothing of human nature.  I realize that with social media these days, there is a off with their head mentality, but its not realistic.

[Anybodyhome]

1 minute ago, Davidson Deac II said:

Failing to do your job is always a mistake, a pretty serious one.  But if you think by disposing the of the company, that will eliminate those mistakes from happening again, then you know nothing of human nature.

I'm not advocating for "disposal of the company." But I do believe they should be held both legally and financially responsible for any consumer issues that arise as a result of the hack.