[onlooker]

Just posting this because my wife received a notice about possibly be entitled to a portion of the settlement from a lawsuit undertaken against Equifax. I think we all knew this was going to happen, it is a suit, attorneys knew almost certainly they would win. So, my wife received this notice which stated "If you received a discharge in a Chapter 7, no asset bankruptcy , you could benefit from a class action settlement". So my wife did file for bankruptcy some years back, however we checked and the year she filed does not correspond to the years in question which are 2002-2009. I guess the data breach must have compromised data for those years. Curious if anybody else has some pertinent personal perspective on this.

[vox_mundi]

How badly did Equifax breach damage the Social Security system?

$this->bbcode_second_pass_quote('', 'M')illions of Americans are worried that their credit information and Social Security numbers may have been among the 143 million records breached in an unprecedented hack that attacked Equifax, the credit reporting company. But there’s more to the story. While Equifax and the Social Security Administration aren’t talking about it, Equifax was also hired a year ago, on a $10 million contract, to “help the SSA manage risk and mitigate fraud for the mySocialSecurity system, a personalized portal for customers to access some of SSA’s services such as the online statement.”

That's how the company put it in a press release on Feb. 10, 2016. In that announcement, Equifax also boasted that the Social Security Administration “has completed integration with Equifax Inc.”

Despite Equifax’s self-described intimate role in providing security and preventing fraud on the Social Security System’s public access website for current workers and beneficiaries, there has been no indication that the Social Security Administration is concerned about whether weaknesses in Equifax’s own customer portal security -- such as the Apache tool on which the company is blaming the breach -- might have been involved in its security work for the mySocialSecurity portal. ...

[onlooker]

Great links Vox. Well, I can't say I am surprised in this era where more and more things seem to be topsy turvy. Guaranteed that Govts and Corporations are not worried about the little people. So, while this is big, I am still expecting something bigger along the lines of actually creating physical harm to people.

[Outcast_Searcher]

Maybe Equifax is doing us a favor. MANY breaches continue to expose all sorts of information. It's been a drip drip drip, bleeding us.

This is so blatant it should at least wake most folks up.

I'm busy beefing up security protocols on my accounts where I can, chiding banks to wake up where they don't offer consistent two-factor logon access as an option, at a minimum, and taking a much more serious/active role to check on statements and balances (since if you wait too long, you may have no recourse for fraud).

Given how clueless and useless Capitol Hill is re the financial system and their lobbies, I'm pessimistic that this will bring meaningful change to the industry. Let's hope I'm wrong.

[Cog]

Can you or any lawyer prove that this particular data breach at Equifax resulted in harm to you? My answer is no and which is why I just bought EFX at a two year low.

Your information was out on the web long before this particular data breach.

@onlooker Do not have your wife respond to any phishing attempts by firms saying they can get money for her due to an Equifax lawsuit. In due time, Equifax itself will have to inform you about whether you are a plaintiff. Lawsuits have been filed but there is no reason to jump on board with what is a phishing attempt.

[vox_mundi]

$this->bbcode_second_pass_quote('', '[')b]... John J. Kelley III, who is responsible for security, compliance and privacy at Equifax, earned $2.8 million last year.

[onlooker]

$this->bbcode_second_pass_quote('Cog', 'C')an you or any lawyer prove that this particular data breach at Equifax resulted in harm to you? My answer is no and which is why I just bought EFX at a two year low.

Your information was out on the web long before this particular data breach.

@onlooker Do not have your wife respond to any phishing attempts by firms saying they can get money for her due to an Equifax lawsuit. In due time, Equifax itself will have to inform you about whether you are a plaintiff. Lawsuits have been filed but there is no reason to jump on board with what is a phishing attempt.

[careinke]

In my study of Cryptocurrencies, Anarchy, Volunteerism, and debt based currencies, I came across this connection to Equifax. Evidently the alleged hackers are demanding a 600 Bitcoin (~2.4 million USD) ransom to destroy the stolen data.

https://fee.org/articles/equifax-hackers-demand-ransom-in-bitcoin/

$this->bbcode_second_pass_quote('', 'T')here’s a new wrinkle in the story of one of the largest data breaches in history. The hack of Equifax may have compromised the personal data of one in five Americans. The hackers have now demanded a ransom with the threat of releasing that information to the commercial marketplace (“monetizing the information”).
They are demanding 600 Bitcoins, which is worth about $2.4 million.

"We are two people trying to solve our lives and those of our families. We did not expect to get as much information as we did, nor do we want to affect any citizen. But we need to monetize the information as soon as possible.”

All told that is not a high price for this company, given the stakes. If it is paid, it will happen quietly. And at that point, presumably, the newly minted millionaires will have sold the data back to its rightful owners and will move on with their lives.

[Outcast_Searcher]

$this->bbcode_second_pass_quote('careinke', 'I')n my study of Cryptocurrencies, Anarchy, Volunteerism, and debt based currencies, I came across this connection to Equifax. Evidently the alleged hackers are demanding a 600 Bitcoin (~2.4 million USD) ransom to destroy the stolen data.

https://fee.org/articles/equifax-hackers-demand-ransom-in-bitcoin/

$this->bbcode_second_pass_quote('', 'T')here’s a new wrinkle in the story of one of the largest data breaches in history. The hack of Equifax may have compromised the personal data of one in five Americans. The hackers have now demanded a ransom with the threat of releasing that information to the commercial marketplace (“monetizing the information”).
They are demanding 600 Bitcoins, which is worth about $2.4 million.

[onlooker]

They'really is now a common refrain that once data is in cyberspace it can never be completely removed. Sounds right to me, what do others think?

[careinke]

$this->bbcode_second_pass_quote('onlooker', 'T')hey'really is now a common refrain that once data is in cyberspace it can never be completely removed. Sounds right to me, what do others think?

[careinke]

$this->bbcode_second_pass_quote('Outcast_Searcher', 'W')hat are the odds these enterprising thieves are the ones who actually took the data?

That was my first question, I don't know. That's for Equifax to decide.

What are the odds that if the ransom is paid, some or all of the data doesn't show up somewhere else, perhaps delayed and reformatted?

What are the odds of it happening if they don't pay? I'd guess 100 percent.

Paying thieves to destroy "data" which could be copied hundreds or thousands of times and sold many times over. Yeah, that scheme should inspire confidence.

No argument from me.

[Cog]

The information that Equifax has on you, was obtained from the places where you obtained credit. Does a credit bureau have ANY duty to you at all to safeguard this data? The bulk of the profits and cash flow from a credit bureau is obtained from the creditors. Banks, credit unions, credit card companies, etc. Unless you had any sort of contract with Equifax and provided them your personal data, what duty do they have to safeguard this data?

Question for lawyers, judges, and juries to hash out. There is little doubt Equifax has hurt their company's reputation for their actions both before the breach and after it. Their stock value reflects that. But things may not be as grim for them in a legal standpoint as it might appear.

What could plunge Equifax into bankruptcy would be if major creditors started cancelling their contracts with them and stop using their service. The lawsuits would be somewhat irrelevant then as their stock would go to zero in short order.

[careinke]

$this->bbcode_second_pass_quote('Cog', 'T')he information that Equifax has on you, was obtained from the places where you obtained credit. Does a credit bureau have ANY duty to you at all to safeguard this data? The bulk of the profits and cash flow from a credit bureau is obtained from the creditors. Banks, credit unions, credit card companies, etc. Unless you had any sort of contract with Equifax and provided them your personal data, what duty do they have to safeguard this data?

Question for lawyers, judges, and juries to hash out. There is little doubt Equifax has hurt their company's reputation for their actions both before the breach and after it. Their stock value reflects that. But things may not be as grim for them in a legal standpoint as it might appear.

[vox_mundi]

For weeks, Equifax customer service has been directing victims to a fake phishing site

$this->bbcode_second_pass_quote('', 'E')arlier this month, hackers broke into Equifax's servers and stole 143 million people's personal information, including their Social Security numbers. In response to the attack, Equifax set up a website — http://www.equifaxsecurity2017.com — for possible victims to verify whether they're affected. Because the process involves sharing sensitive information, consumers have to trust they're entering their data in the right place, which can be tricky because the breach-recovery site itself isn’t part of equifax.com. If users end up on the wrong site, they could end up leaking the data they're already concerned was stolen.

Today, Equifax ended up creating that exact situation on Twitter. In a tweet to a potential victim, the credit bureau linked to securityequifax2017.com, instead of equifaxsecurity2017.com. It was an easy mistake to make, but the result sent the user to a site with no connection to Equifax itself. Equifax deleted the tweet shortly after this article was published, but it remained live for nearly 24 hours.



Further research revealed three more tweets that had sent potential victims to the same false address, dating back as far as September 9th. These tweets have also since been deleted.

If you're signing up for Equifax's identity monitoring, requesting a credit freeze, or inputting your personal information anywhere online, double check that you've navigated to the right webpage.

[Cog]

The market seems to be ignoring whatever problems exist with Equifax in favor of making money.

From a high of $142/share right before the crash, down to $92/share in a week. Then a rise over the last week back to $105/share at the close today. I'm doubtful it will regain its previous share value for a while but might still gain some ground back. I wonder if those executives who sold out right before the crash bought a bunch back at the low? Wouldn't surprise me any.

[Cog]

Equifax current stock value $108.49. Bailed out a dollar ago for a nice profit. Is there more of an upside potential? Almost certainly, but I learned a long while back not to fall in love with a stock but take the profits you are comfortable with. There are always buying opportunities in the market.

Learned a valuable negative lesson from my father a good while back. He didn't worry so much about losses he had incurred, but fretted constantly about profits he could have made by selling early. Screw that noise. Take the sure thing and move on to the next big thing. When blood is in the streets and the CNBC "experts" are telling you to sell, is a signal to buy.

[Outcast_Searcher]

I wonder how good this thing will be for people selling data security stuff in general.

For me, this was (emotionally) the last straw.

I'm using two factor authentication where-ever possible. Some sites, like Vanguard, indirectly permit this if you always say your computer is a public computer (and therefore use a security token step before you log on).

I'm also looking at encryption technology for all my sensitive data like financial statements, tax records, online password hints, etc.

AxCrypt looks like a pretty decent encryption system, balancing safety and ease of use for Windows PC's and macs, for about $30 a year for support, for AES-256 bit military grade encryption. I like that I can encrypt a folder, and all subfolders and files within, with a right click. I like that using the data, once encrypted seems completely natural, with two exceptions. First, for large files or folders, there can be a small delay when encrypting. Second, you must enter your AxCrypt password the first time you access an encrypted file, or request encryption, during each PC session. Oh, I especially like that they claim they don't keep you password anywhere. They encrypt a few small files when you register which they decrypt when you logon to verify your password. That's it. So even if someone breaks in and steals all their data, they only get some encrypted files -- no passwords. The downside is there is no back door to you files (which I like). So if you forget your password, you're toast.

And since I'm really paranoid about computer technology failing after a career in computers, watching them fail frequently, and having to deal with the fallout), I wanted another solution for another copy of my data -- just in case (also in case I have a stroke and forget my AxCrypt password). There are now USB jump drives with LI batteries and keypads which encrypt the data on them and won't let anyone in without the encryption code. So I'm thinking a pair of these with my critical files AND the AxCrypt solution for my PC's and ordinary jump drive backups seems like a reasonably safe / convenient bet. I chose INNOPLUS or Lepin flash drives on Amazon (hardware seems the same) for ease of use and the price.

That way if someone breaks in and, say, swipes my primary laptop, at least the data is encrypted. This gives me time to notify my account providers, change passwords, change account numbers or lock down accounts, etc. -- in case someone actually does break the encryption. Before I'd been far too lazy about that.

Disclosure: I have no relationship with any computer hardware or software firm, aside from long term indirect ownership of stock through broad based mutual funds. This is information for people concerned about their data security, not an ad.

So in making me do things like that, plus more carefully and consistently check on my accounts / statements, I thank Equifax. (As much as I hate the bastards for not securing peoples' data properly).

It's too bad I can't opt out of Equifax, etc. messing with ANY Of my data. But this is the good old USA. Why should I have that right? After all, it's only my data. (And yes, that was sarcasm).

[vox_mundi]

Equifax Website Apparently Hacked - Again!

$this->bbcode_second_pass_quote('', '[')b]Equifax Inc. has taken part of its website offline after an independent security analyst reported that the site apparently had been hacked. He said clicking a link on the site redirected him to a malicious URL urging him to download malware.

The potential hack comes a month after Equifax revealed that a data breach exposed the Social Security numbers and birthdates of as many as 145.5 million Americans. That earlier hack took place after Equifax failed for several months to fix a software flaw that federal officials had warned about in March.

Late Wednesday night, security analyst Randy Abrams said in a blog post that while he was trying to download his credit report from the Equifax site, he clicked a link that kicked him to a third-party website with “one of the ubiquitous fake Flash Player Update screens.”



Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.

Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. The picture above this post is the higher-resolution screenshot he captured during one visit. He also provided the video below. It shows an Equifax page redirecting the browser to at least four domains before finally opening the Flash download at the same centerbluray.info page.


$this->bbcode_second_pass_quote('', '[')i]... “We are aware of the situation identified on the equifax.com website in the credit report assistance link,” an Equifax spokesperson said in a statement. “Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”

[onlooker]

Was just watching how the computer industry is working to make passwords obsolete. This would be good in that passwords have been identified as a major weakness in protecting against hacking. The way to did this would be primarily via Biometrics. So what do the computer savvy people here think about this?