Calgarypuck Forums - The Unofficial Calgary Flames Fan Community - View Single Post - Equifax exposes detailed info of 44% of US population, probably Canadians too

photon · 09-08-2017, 09:14 AM

Equifax, a provider of consumer credit reports, said it experienced a data breach affecting as many as 143 million US people after criminals exploited a vulnerability on its website. The US population is about 324 million people, so that's about 44 percent of its population.

The data exposed in the hack includes names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers. The hackers also accessed credit card numbers for 209,000 US consumers and dispute documents with personal identifying information for about 182,000 US people. Limited personal information for an unknown number of Canadian and UK residents was also exposed. Equifax—which also provides credit monitoring services for people whose personal information is exposed—said the unauthorized access occurred from mid-May through July. Equifax officials discovered the hack on July 29.

https://arstechnica.com/information-...-us-consumers/

So if you've used Equifax you might want to take any precautionary measures to ensure your not a victim of identity theft, or at least watch for signs of such.

Their response has been pretty lame too. They allowed execs to sell stock after the hack was detected. They took a long time to tell people about it. And their response website itself doesn't inspire confidence.

https://arstechnica.com/information-...nal-info-ever/

What's more, the website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.

Meanwhile, in the hours immediately following the breach disclosure, the main Equifax website was displaying debug codes, which for security reasons, is something that should never happen on any production server, especially one that is a server or two away from so much sensitive data. A mistake this serious does little to instill confidence company engineers have hardened the site against future devastating attacks.

It was bad enough that Equifax operated a website that criminals could exploit to leak so much sensitive data. That, combined with the sheer volume and sensitivity of the data spilled, was enough to make this among the worst data breaches ever. The haphazard response all but guarantees it.

09-08-2017, 09:14 AM	#1
photon The new goggles also do nothing. Join Date: Oct 2001 Location: Calgary Exp:	Equifax exposes detailed info of 44% of US population, probably Canadians too Equifax, a provider of consumer credit reports, said it experienced a data breach affecting as many as 143 million US people after criminals exploited a vulnerability on its website. The US population is about 324 million people, so that's about 44 percent of its population. The data exposed in the hack includes names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers. The hackers also accessed credit card numbers for 209,000 US consumers and dispute documents with personal identifying information for about 182,000 US people. Limited personal information for an unknown number of Canadian and UK residents was also exposed. Equifax—which also provides credit monitoring services for people whose personal information is exposed—said the unauthorized access occurred from mid-May through July. Equifax officials discovered the hack on July 29. https://arstechnica.com/information-...-us-consumers/ So if you've used Equifax you might want to take any precautionary measures to ensure your not a victim of identity theft, or at least watch for signs of such. Their response has been pretty lame too. They allowed execs to sell stock after the hack was detected. They took a long time to tell people about it. And their response website itself doesn't inspire confidence. https://arstechnica.com/information-...nal-info-ever/ What's more, the website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat. Meanwhile, in the hours immediately following the breach disclosure, the main Equifax website was displaying debug codes, which for security reasons, is something that should never happen on any production server, especially one that is a server or two away from so much sensitive data. A mistake this serious does little to instill confidence company engineers have hardened the site against future devastating attacks. It was bad enough that Equifax operated a website that criminals could exploit to leak so much sensitive data. That, combined with the sheer volume and sensitivity of the data spilled, was enough to make this among the worst data breaches ever. The haphazard response all but guarantees it. __________________ Uncertainty is an uncomfortable position. But certainty is an absurd one.