credit_report   225

« earlier    

Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn’t been patched.
Now it seems the CEO Rick Smith is basically placing the blame on a single employee that failed to pass a message on to the right people, rather than taking responsibility for an organisational failure. It’s also interesting there was a scheduled security scan not long after the flaw was disclosed and it wasn’t detected...
...This Equifax hack was so avoidable, do they not use some kind of issue tracking or ticketing system, did someone not just need to create a Jira ticket and someone else checks that they created it, how can such a huge multi-million dollar corporation with such critical user data not have simple, industry standard check and balance procedures.
It’s sad, and it’s messed up and honestly, it’s also depressingly unsurprising.
breach  credit_report  CxO  data  equifax  identity_theft  privacy  security  bug  0day  gov2.0 
14 days ago by rgl7194
Equifax Hack Shows Need for Social Security Number Overhaul - WhoWhatWhy
Equifax is answerable to its customers, the lending institutions — not the people of the United States. And that’s a real problem.
Two problems have emerged. The first is safeguarding consumers’ private information. The second is coming up with processes to allow consumers to quickly restore or repair their private information when, not if, it is compromised.
Equifax has allowed the personally identifiable information of 145.5 million consumers, up from the initially reported 143 million, to be accessed by hackers, putting all those consumers’ credit-worthiness and finances at risk. Equifax reportedly knew that its software was vulnerable and that patches were available to fix the problem as early as March 7 of this year. According to many accounts, including that of Wired Magazine, hackers exploited these vulnerabilities from mid-May through the end of July before Equifax became aware of the penetration. The company took six weeks to investigate the break-in and assess the extent of its damage. It’s not clear when patches were applied, but Equifax did not report the incident to the public until the end of those six weeks.
breach  credit_report  data  equifax  identity_theft  privacy  security  SSN 
14 days ago by rgl7194
A series of delays and major errors led to massive Equifax breach | Ars Technica
Former CEO’s testimony to Congress reveals a shocking lack of security rigor.
A series of costly delays and crucial errors caused Equifax to remain unprotected for months against one of the most severe Web application vulnerabilities in years, the former CEO for the credit reporting service said in written testimony investigating the massive breach that exposed sensitive data for as many as 143 million US Consumers.
Chief among the failures: an Equifax e-mail directing administrators to patch a critical vulnerability in the open source Apache Struts Web application framework went unheeded, despite a two-day deadline to comply. Equifax also waited a week to scan its network for apps that remained vulnerable. Even then, the delayed scan failed to detect that the code-execution flaw still resided in a section of the sprawling Equifax site that allows consumers to dispute information they believe is incorrect. Equifax said last month that the still-unidentified attackers gained an initial hold in the network by exploiting the critical Apache Struts vulnerability.
breach  credit_report  CxO  data  equifax  identity_theft  privacy  retirement  security  0day  bug  gov2.0 
14 days ago by rgl7194
Identity theft nightmares: What can happen if you get hacked - Oct. 3, 2017
We now know that the Equifax data breach potentially affected 145.5 million people -- about 2.5 million more than the company initially said. That's roughly half of all Americans.
And the personal information exposed could be used by thieves to steal your identity. That's even worse than someone stealing your credit card number.
Just ask William Burnett. He doesn't know how or when cybercriminals got his personal information, but he continues to receive evidence that fraudulent accounts have been opened in his name.
So far he has not lost any money as a result of the fraud, but his credit has taken a steep and fast nosedive. It tumbled around 150 points across the three credit agencies -- Equifax, Experian and TransUnion -- in a matter of weeks.
breach  credit_report  data  equifax  identity_theft  privacy  security  hack 
14 days ago by rgl7194
Study Concludes an Additional 2.5 Million Americans Affected by Equifax Breach
According to a press release issued by Equifax today, a study conducted by Mandiant concluded that approximately 2.5 million additional Americans were affected by Equifax security breach announced on September 7th 2017. This now brings the total number of affected Americans to 145.5 million who have had sensitive information such as addresses, birth dates, phone numbers, and social security numbers exposed to hackers.
This same study indicates that the amount of Canadian citizens whose information was exposed was reduced from 100 thousand to 8 thousand. The amount of United Kingdom citizens affected was also determined,  but while this information was reported to and being analyzed by UK regulators, it is not being made public at this time.
breach  credit_report  data  equifax  identity_theft  privacy  security 
14 days ago by rgl7194
Here’s What to Ask the Former Equifax CEO — Krebs on Security
Richard Smith — who resigned as chief executive of big-three credit bureau Equifax this week in the wake of a data breach that exposed 143 million Social Security numbers — is slated to testify in front of no fewer than four committees on Capitol Hill next week. If I were a lawmaker, here are some of the questions I’d ask when Mr. Smith goes to Washington.
Before we delve into the questions, a bit of background is probably in order. The new interim CEO of Equifax — Paulino do Rego Barros Jr. — took to The Wall Street Journal and other media outlets this week to publish a mea culpa on all the ways Equifax failed in responding to this breach (the title of the op-ed in The Journal was literally “I’m sorry”).
breach  credit_report  data  equifax  identity_theft  privacy  security  krebs  CxO  gov2.0 
15 days ago by rgl7194
After huge Equifax breach, CEO “retires” | Ars Technica
Board is "deeply concerned about and totally focused on the cybersecurity incident."
In the wake of a stunning security breach that has sent shock waves throughout the financial world, Equifax’s CEO, Richard Smith, has stepped down from his post.
According to a Tuesday press release, Smith’s “retirement” is effective today. The company’s board of directors have already appointed Mark Feidler, a board member, to serve as non-executive chairman. Equifax officials also named Paulino do Rego Barros, Jr., who has been president of the Asia Pacific division of the company, to step in as interim CEO.
breach  credit_report  data  equifax  identity_theft  privacy  security  CxO  retirement 
15 days ago by rgl7194
Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach
Equifax data breach was bigger than initially reported, exposing highly sensitive information of more Americans than previously revealed.
Credit rating agency Equifax says an additional 2.5 million U.S. consumers were also impacted by the massive data breach the company disclosed last month, bringing the total possible victims to 145.5 million from 143 million.
breach  credit_report  data  equifax  identity_theft  privacy  security 
15 days ago by rgl7194
Will the Equifax Data Breach Finally Spur the Courts (and Lawmakers) to Recognize Data Harms? | Electronic Frontier Foundation
This summer 143 million Americans had their most sensitive information breached, including their name, addresses, social security numbers (SSNs), and date of birth. The breach occurred at Equifax, one of the three major credit reporting agencies that conducts the credit checks relied on by many industries, including landlords, car lenders, phone and cable service providers, and banks that offer credits cards, checking accounts and mortgages. Misuse of this information can be financially devastating. Worse still, if a criminal uses stolen information to commit fraud, it can lead to the arrest and even prosecution of an innocent data breach victim.
Given the scope and seriousness of the risk that the Equifax breach poses to innocent people, and the anxiety that these breaches cause, you might assume that legal remedies would be readily available to compensate those affected. You’d be wrong.
breach  credit_report  data  equifax  identity_theft  privacy  security  EFF  gov2.0  legal 
15 days ago by rgl7194
Fear Not: You, Too, Are a Cybercrime Victim! — Krebs on Security
Maybe you’ve been feeling left out because you weren’t among the lucky few hundred million or billion who had their personal information stolen in either the Equifax or Yahoo! breaches. Well buck up, camper: Both companies took steps to make you feel better today.
Yahoo! announced that, our bad!: It wasn’t just one billion users who had their account information filched in its record-breaking 2013 data breach. It was more like three billion (read: all) users. Meanwhile, big three credit bureau Equifax added 2.5 million more victims to its roster of 143 million Americans who had their Social Security numbers and other personal data stolen in a breach earlier this year. At the same time, Equifax’s erstwhile CEO informed Congress that the breach was the result of even more bone-headed security than was first disclosed.
hack  privacy  security  yahoo  equifax  data  breach  identity_theft  krebs  credit_report 
15 days ago by rgl7194
The Equifax Breach: A Researcher’s Perspective - SpyCloud
What Every US Taxpayer Needs to Know
SSN, DoB and other information (known as Fullz) have been floating around en masse throughout the Underground prior to the recent Equifax breach.  The barrier to entry for acquiring and vetting fullz for sale made them valuable.  Usually, fraudsters would capture SSN’s and other personally-identifiable information (PII) only after taking over a victim’s account, often times by knowing their respective passwords. And even then, most companies would redact enough to make full SSN’s difficult to acquire.  Before the Equifax breach, if you had good account level security and were confident that none of your accounts had been taken over, your SSN was relatively safe.  The Equifax breach represents a shift in how we must think about our personal security in a new world where everyone is vulnerable. Regardless of how much you protect your online accounts, your SSN–and other PII– are most likely for sale right now.
breach  credit_report  data  equifax  identity_theft  privacy  security 
19 days ago by rgl7194
New Equifax CEO offers “sincere and total apology” to consumers | Ars Technica
Embattled company vows to give consumers more control over their credit data.
Equifax's new CEO is very sorry.
"On behalf of Equifax, I want to express my sincere and total apology to every consumer affected by our recent data breach," Paulino do Rego Barros Jr. wrote in an open letter published by the Wall Street Journal on Wednesday afternoon. "We didn’t live up to expectations."
Equifax has a lot to apologize for. The company left a vulnerability unpatched for more than two months, allowing hackers to steal private data on 143 million customers. Hackers began infiltrating the Equifax network in March, but the intrusion wasn't discovered until July.
"We were hacked," Barros added. "But we compounded the problem with insufficient support for consumers. Our website did not function as it should have, and our call center couldn’t manage the volume of calls we received."
equifax  breach  credit_report  data  identity_theft  privacy  security  CxO 
22 days ago by rgl7194
Equifax or Equiphish? — Krebs on Security
More than a week after it said most people would be eligible to enroll in a free year of its TrustedID identity theft monitoring service, big three consumer credit bureau Equifax has begun sending out email notifications to people who were able to take the company up on its offer. But in yet another security stumble, the company appears to be training recipients to fall for phishing scams.
Some people who signed up for the service after Equifax announced Sept. 7 that it had lost control over Social Security numbers, dates of birth and other sensitive data on 143 million Americans are still waiting for the promised notice from Equifax. But as I recently noted on Twitter, other folks have received emails from Equifax over the past few days, and the messages do not exactly come across as having emanated from a company that cares much about trying to regain the public’s trust.
breach  credit_report  data  equifax  identity_theft  krebs  privacy  security  phishing 
23 days ago by rgl7194
SEC Says Hackers Breached Its System, Might Have Used Stolen Data for Insider Trading
Yesterday, the US Securities and Exchange Commission (SEC) — the US government agency that regulates the financial sector — admitted in a statement that hackers breached one of its systems.
According to SEC Chairman Jay Clayton, hackers infiltrated the SEC's EDGAR (Electronic Data Gathering, Analysis, and Retrieval) system, a database holding information on official company filings, future announcements, or past financial records.
Clayton says hackers exploited a vulnerability in EDGAR's test filing component and managed to gain access to EDGAR's backend.
This granted attackers access to past documents, which are all public anyway, but also to private filings regarding mergers, acquisitions, or other market-moving press releases that have not been made public yet, and which companies submit to the SEC in advance of important market transactions.
gov2.0  breach  credit_report  data  hack  privacy  security  finances 
26 days ago by rgl7194
SEC Discloses Hackers Broke Into Edgar Corporate Filing System Last Year
This month has been full of breaches.
Now, the Securities and Exchange Commission (SEC), the top U.S. markets regulator, has disclosed that hackers managed to hack into its financial document filing system and may have illegally profited from the stolen information.
On Wednesday, the SEC announced that its officials learnt last month that a previously detected 2016 cyber attack, which exploited a "software vulnerability" in the online EDGAR public-company filing system, may have "provided the basis for illicit gain through trading."
EDGAR, short for Electronic Data Gathering, Analysis, and Retrieval, is an online filing system where companies submit their financial filings, which processes around 1.7 million electronic filings a year.
gov2.0  breach  credit_report  data  hack  privacy  security  finances 
26 days ago by rgl7194
SEC Chairman reveals financial reporting system was hacked | Ars Technica
EDGAR system data may have been used for “illicit gain through trading.”
In a statement published on the Securities and Exchange Commission's website yesterday, SEC Chairman Jay Clayton revealed that the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system was compromised last year. Data from EDGAR, which is used to receive and publish corporate filings to the agency, "may have provided the basis for illicit gain through trading," Clayton said. "Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems." The revelations were part of a statement by Clayton on the SEC's overall cybersecurity posture and policy.
This is not the first time the SEC has exposed financial data. In 2014, an audit from the SEC's inspector general found that hundreds of agency laptops could not be accounted for, and many of them may have contained non-public financial market data. But the 2016 breach was the result of a deliberate attack aimed at accessing the EDGAR filing system.
gov2.0  breach  credit_report  data  hack  privacy  security  finances 
26 days ago by rgl7194
Can the US Prevent Another Mega-Breach Like Equifax? - WhoWhatWhy
Can the Damage From the Equifax Breach Be Minimized?
Cyberattacks are again generating headlines and global paranoia after Equifax, a major credit-reporting agency, announced the “hack heard around the world” earlier this month.
The July 29 mega-breach affected 143 million customers, from whom hackers obtained a trove of personal data including names, birth dates, Social Security and credit card numbers.
More than 30 lawsuits have already been filed against the company, at least 25 in federal courts. Just days after the disclosure of the breach, Equifax’s stock value and reputation nosedived.
breach  credit_report  data  equifax  identity_theft  privacy  security 
26 days ago by rgl7194
Equifax Breach: Setting the Record Straight — Krebs on Security
Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and has been a matter of public record for months. Furthermore, it was first reported on this Web site in May 2017.
In my initial Sept. 7 story about the Equifax breach affecting more than 140 million Americans, I noted that this was hardly the first time Equifax or another major credit bureau has experienced a breach impacting a significant number of Americans.
breach  credit_report  data  equifax  identity_theft  privacy  security  krebs 
28 days ago by rgl7194
Experian Site Can Give Anyone Your Credit Freeze PIN — Krebs on Security
An alert reader recently pointed my attention to a free online service offered by big-three credit bureau Experian that allows anyone to request the personal identification number (PIN) needed to unlock a consumer credit file that was previously frozen at Experian.
Experian’s page for retrieving someone’s credit freeze PIN requires little more information than has already been leaked by big-three bureau Equifax and a myriad other breaches.
The first hurdle for instantly revealing anyone’s freeze PIN is to provide the person’s name, address, date of birth and Social Security number (all data that has been jeopardized in breaches 100 times over — including in the recent Equifax breach — and that is broadly for sale in the cybercrime underground).
After that, one just needs to input an email address to receive the PIN and swear that the information is true and belongs to the submitter. I’m certain this warning would deter all but the bravest of identity thieves!
security  krebs  privacy  credit_report  credit_freeze 
28 days ago by rgl7194

« earlier    

related tags

0day  1password  401k  australia  bank_accounts  banking  bills  bookmarks_bar  breach  bug  business  choice  consumer  credit  credit_card  credit_card_debt  credit_card_fraud  credit_cards  credit_freeze  credit_monitoring  crime  cxo  daring_fireball  dark_web  data  debt  dispute  eff  equifax  faq  feature  finance  finances  financial  fraud  free  ftc  gov2.0  government  hack  home  howto  identity_theft  iphone  kalzumeus  krebs  landlord  legal  lobbying  money  mybookmarks  new_york  nytimes  passwords  patio11  personal_finance  phishing  podcast  politics  privacy  pro-found_subjects  problem_solving  renting  report  retirement  saving_money  scam  security  south_america  ssn  states  stupid  tools  top  upgrade  url  yahoo 

Copy this bookmark: