09-08-2017, 09:14 AM
|
#1
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Equifax exposes detailed info of 44% of US population, probably Canadians too
Equifax, a provider of consumer credit reports, said it experienced a data breach affecting as many as 143 million US people after criminals exploited a vulnerability on its website. The US population is about 324 million people, so that's about 44 percent of its population.
The data exposed in the hack includes names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers. The hackers also accessed credit card numbers for 209,000 US consumers and dispute documents with personal identifying information for about 182,000 US people. Limited personal information for an unknown number of Canadian and UK residents was also exposed. Equifax—which also provides credit monitoring services for people whose personal information is exposed—said the unauthorized access occurred from mid-May through July. Equifax officials discovered the hack on July 29.
https://arstechnica.com/information-...-us-consumers/
So if you've used Equifax you might want to take any precautionary measures to ensure your not a victim of identity theft, or at least watch for signs of such.
Their response has been pretty lame too. They allowed execs to sell stock after the hack was detected. They took a long time to tell people about it. And their response website itself doesn't inspire confidence.
https://arstechnica.com/information-...nal-info-ever/
What's more, the website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.
Meanwhile, in the hours immediately following the breach disclosure, the main Equifax website was displaying debug codes, which for security reasons, is something that should never happen on any production server, especially one that is a server or two away from so much sensitive data. A mistake this serious does little to instill confidence company engineers have hardened the site against future devastating attacks.
It was bad enough that Equifax operated a website that criminals could exploit to leak so much sensitive data. That, combined with the sheer volume and sensitivity of the data spilled, was enough to make this among the worst data breaches ever. The haphazard response all but guarantees it.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
09-08-2017, 09:22 AM
|
#2
|
#1 Goaltender
|
Strange that this is not bigger news in the media......
|
|
|
09-08-2017, 09:33 AM
|
#3
|
Franchise Player
|
I had almost $1000 of fraudulent charges hit my AMEX around that time. I wonder if it was because of the Equifax breach. It was 12 or 13 charges of around $70 coming from a couple of UPS stores in the US.
|
|
|
09-08-2017, 09:42 AM
|
#5
|
First Line Centre
Join Date: Feb 2013
Location: Lethbridge
|
Quote:
Originally Posted by Otto-matic
|
This is for murricans. Social Security Number.
|
|
|
The Following User Says Thank You to mdubz For This Useful Post:
|
|
09-08-2017, 01:02 PM
|
#6
|
GOAT!
|
SIN number is redundant.
Also, #### companies with sh***y security/transparency practices. Should be one-strike and their business license is revoked. That'll make them put security first.
|
|
|
09-08-2017, 06:20 PM
|
#7
|
Some kinda newsbreaker!
Join Date: May 2004
Location: Learning Phaneufs skating style
|
LOL. Equifax such a scumbag company. Hidden in the fine print is that if use their tool to check if your information is compromised, you waive your rights to sue or join a class action against them:
https://twitter.com/zackwhittaker/st...78254331142144
They have since said they would remove that waiver after the backlash... but what tools...
There was also reports that a few of their executives made moves to dump stocks before they released the security breach to the public.
|
|
|
The Following 3 Users Say Thank You to sureLoss For This Useful Post:
|
|
09-08-2017, 06:53 PM
|
#8
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
They claim that the execs weren't aware of the breach.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
09-09-2017, 08:08 PM
|
#9
|
First Line Centre
|
Quote:
Originally Posted by calgarygeologist
I had almost $1000 of fraudulent charges hit my AMEX around that time. I wonder if it was because of the Equifax breach. It was 12 or 13 charges of around $70 coming from a couple of UPS stores in the US.
|
This is probably totally coincidental, but while going over my credit at the bank for another matter last week, I was told I have exactly $1000 owing on Amex--which I don't--and I haven't had that card since Costco ended their partnership with them.
I phoned Amex and they didn't know anything about it.
Weird. I guess maybe I'll call Equifax.
|
|
|
09-19-2017, 09:43 AM
|
#10
|
Franchise Player
Join Date: Apr 2003
Location: Not sure
|
100,000 Canadians impacted by breach:
http://www.cbc.ca/news/business/equi...each-1.4296475
Quote:
Equifax Canada said a massive cybersecurity breach at the company may have exposed the personal information of about 100,000 Canadian consumers.
|
Quote:
Equifax Canada said the information includes names, addresses, social insurance numbers (SIN) and, in limited cases, credit card numbers
|
Sounds like they are going to be writing to people that have had their info compromised.
|
|
|
09-19-2017, 09:50 AM
|
#11
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Our info has been out there for months, I guess a bit longer to wait for snail mail doesn't matter now.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
The Following User Says Thank You to photon For This Useful Post:
|
|
09-19-2017, 10:28 AM
|
#12
|
Franchise Player
Join Date: Apr 2003
Location: Not sure
|
Quite right. Still chaps my behind though. I ordered a report from them a few years ago. My CC has changed since then but also gave them my SIN so that's my only real concern.
I full expect to get a letter from them. That would be twice for me now. Also had personal info possibly exposed by the National Bank of Canada when I applied for a mortgage. Received a letter that said a company laptop was stolen that may or may not have my personal info on it.
They handled it much better though. Was informed right away and the put a note on my file with equifax and transunion.
|
|
|
09-19-2017, 11:05 AM
|
#13
|
Franchise Player
|
It is perhaps ironic that individuals who use their service to protect themselves are now the most vulnerable.
I use a credit monitoring service, credit alert. I'm not sure if they use Equifax or Transunion. I guess it's more valuable now because the monitoring service may have released my info.
Oh well. I guess I'll keep my eye on my credit report monthly until January or so.
|
|
|
09-22-2017, 01:24 PM
|
#14
|
Franchise Player
Join Date: Sep 2012
Location: SW Calgary
|
Good thing I subscribe to Equifax Credit Monitoring, so I can protect myself from Equifax Credit Monitoring
|
|
|
The Following 8 Users Say Thank You to btimbit For This Useful Post:
|
|
10-12-2017, 02:55 PM
|
#15
|
Franchise Player
Join Date: Dec 2003
Location: Sector 7-G
|
We have not yet mailed any notification letters, but we plan to mail these letters as soon as possible. These letters will contain further information on the complimentary credit monitoring and identity theft protection services offered to impacted consumers.
In the meantime, please take into account the following factors, which will help to increase your level of protection:
Equifax will NOT make any unsolicited outbound telephone calls to consumers to discuss this matter.
Equifax will NOT send any unsolicited emails asking for your personal information
https://www.consumer.equifax.ca/canada/home/en_ca_b/
So its been over a month since the hack and they still are dragging their feet on mailing out letters to the 8,000 Canadians who have been breached.
|
|
|
10-12-2017, 02:57 PM
|
#16
|
Franchise Player
Join Date: Dec 2003
Location: Sector 7-G
|
Also they've been hacked again.
http://www.ctvnews.ca/business/equif...hack-1.3629779
Quote:
Equifax Canada says its U.S. parent company's website has temporarily taken down one of its customer services pages amid reports that another part of its website had been hacked.
Company spokesman Tom Carroll did not respond to direct questions about any potential breach to Equifax Canada's website or the number of Canadian or American Equifax customers that may have been affected.
Carroll said in an emailed statement that, "We are aware of the situation identified on the equifax.com website in the credit report assistance link."
"Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline," his statement added.
"When it becomes available or we have more information to share, we will."
The news comes as Equifax Inc. continues to deal with the aftermath of a cyber breach earlier this year which allowed the personal information of 145.5 million Americans, and 8,000 Canadians, to be accessed or stolen.
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 10:58 PM.
|
|