Calgarypuck Forums - The Unofficial Calgary Flames Fan Community
Old 09-08-2017, 09:14 AM   #1
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default Equifax exposes detailed info of 44% of US population, probably Canadians too

Equifax, a provider of consumer credit reports, said it experienced a data breach affecting as many as 143 million US people after criminals exploited a vulnerability on its website. The US population is about 324 million people, so that's about 44 percent of its population.

The data exposed in the hack includes names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers. The hackers also accessed credit card numbers for 209,000 US consumers and dispute documents with personal identifying information for about 182,000 US people. Limited personal information for an unknown number of Canadian and UK residents was also exposed. Equifax—which also provides credit monitoring services for people whose personal information is exposed—said the unauthorized access occurred from mid-May through July. Equifax officials discovered the hack on July 29.


https://arstechnica.com/information-...-us-consumers/

So if you've used Equifax you might want to take any precautionary measures to ensure your not a victim of identity theft, or at least watch for signs of such.

Their response has been pretty lame too. They allowed execs to sell stock after the hack was detected. They took a long time to tell people about it. And their response website itself doesn't inspire confidence.

https://arstechnica.com/information-...nal-info-ever/

What's more, the website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.

Meanwhile, in the hours immediately following the breach disclosure, the main Equifax website was displaying debug codes, which for security reasons, is something that should never happen on any production server, especially one that is a server or two away from so much sensitive data. A mistake this serious does little to instill confidence company engineers have hardened the site against future devastating attacks.

It was bad enough that Equifax operated a website that criminals could exploit to leak so much sensitive data. That, combined with the sheer volume and sensitivity of the data spilled, was enough to make this among the worst data breaches ever. The haphazard response all but guarantees it.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 09-08-2017, 09:22 AM   #2
northcrunk
#1 Goaltender
 
northcrunk's Avatar
 
Join Date: Jan 2010
Exp:
Default

Strange that this is not bigger news in the media......
northcrunk is offline   Reply With Quote
Old 09-08-2017, 09:33 AM   #3
calgarygeologist
Franchise Player
 
Join Date: Dec 2013
Exp:
Default

I had almost $1000 of fraudulent charges hit my AMEX around that time. I wonder if it was because of the Equifax breach. It was 12 or 13 charges of around $70 coming from a couple of UPS stores in the US.
calgarygeologist is online now   Reply With Quote
Old 09-08-2017, 09:39 AM   #4
Otto-matic
Franchise Player
 
Otto-matic's Avatar
 
Join Date: Dec 2003
Location: Sector 7-G
Exp:
Default

https://www.equifaxsecurity2017.com/potential-impact/

Do you trust equifax to enter the last 6 digits of your SIN number again?
Otto-matic is offline   Reply With Quote
Old 09-08-2017, 09:42 AM   #5
mdubz
First Line Centre
 
Join Date: Feb 2013
Location: Lethbridge
Exp:
Default

Quote:
Originally Posted by Otto-matic View Post
https://www.equifaxsecurity2017.com/potential-impact/

Do you trust equifax to enter the last 6 digits of your SIN number again?
This is for murricans. Social Security Number.
mdubz is offline   Reply With Quote
The Following User Says Thank You to mdubz For This Useful Post:
Old 09-08-2017, 01:02 PM   #6
FanIn80
GOAT!
 
FanIn80's Avatar
 
Join Date: Jun 2006
Exp:
Default

SIN number is redundant.

Also, #### companies with sh***y security/transparency practices. Should be one-strike and their business license is revoked. That'll make them put security first.
FanIn80 is offline   Reply With Quote
Old 09-08-2017, 06:20 PM   #7
sureLoss
Some kinda newsbreaker!
 
sureLoss's Avatar
 
Join Date: May 2004
Location: Learning Phaneufs skating style
Exp:
Default

LOL. Equifax such a scumbag company. Hidden in the fine print is that if use their tool to check if your information is compromised, you waive your rights to sue or join a class action against them:

https://twitter.com/zackwhittaker/st...78254331142144

They have since said they would remove that waiver after the backlash... but what tools...

There was also reports that a few of their executives made moves to dump stocks before they released the security breach to the public.
sureLoss is offline   Reply With Quote
The Following 3 Users Say Thank You to sureLoss For This Useful Post:
Old 09-08-2017, 06:53 PM   #8
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

They claim that the execs weren't aware of the breach.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 09-09-2017, 08:08 PM   #9
Sr. Mints
First Line Centre
 
Sr. Mints's Avatar
 
Join Date: Jul 2010
Exp:
Default

Quote:
Originally Posted by calgarygeologist View Post
I had almost $1000 of fraudulent charges hit my AMEX around that time. I wonder if it was because of the Equifax breach. It was 12 or 13 charges of around $70 coming from a couple of UPS stores in the US.

This is probably totally coincidental, but while going over my credit at the bank for another matter last week, I was told I have exactly $1000 owing on Amex--which I don't--and I haven't had that card since Costco ended their partnership with them.

I phoned Amex and they didn't know anything about it.

Weird. I guess maybe I'll call Equifax.
Sr. Mints is offline   Reply With Quote
Old 09-19-2017, 09:43 AM   #10
GoinAllTheWay
Franchise Player
 
GoinAllTheWay's Avatar
 
Join Date: Apr 2003
Location: Not sure
Exp:
Default

100,000 Canadians impacted by breach:

http://www.cbc.ca/news/business/equi...each-1.4296475

Quote:
Equifax Canada said a massive cybersecurity breach at the company may have exposed the personal information of about 100,000 Canadian consumers.
Quote:
Equifax Canada said the information includes names, addresses, social insurance numbers (SIN) and, in limited cases, credit card numbers
Sounds like they are going to be writing to people that have had their info compromised.
GoinAllTheWay is offline   Reply With Quote
Old 09-19-2017, 09:50 AM   #11
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

Our info has been out there for months, I guess a bit longer to wait for snail mail doesn't matter now.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
The Following User Says Thank You to photon For This Useful Post:
Old 09-19-2017, 10:28 AM   #12
GoinAllTheWay
Franchise Player
 
GoinAllTheWay's Avatar
 
Join Date: Apr 2003
Location: Not sure
Exp:
Default

Quite right. Still chaps my behind though. I ordered a report from them a few years ago. My CC has changed since then but also gave them my SIN so that's my only real concern.

I full expect to get a letter from them. That would be twice for me now. Also had personal info possibly exposed by the National Bank of Canada when I applied for a mortgage. Received a letter that said a company laptop was stolen that may or may not have my personal info on it.

They handled it much better though. Was informed right away and the put a note on my file with equifax and transunion.
GoinAllTheWay is offline   Reply With Quote
Old 09-19-2017, 11:05 AM   #13
DoubleF
Franchise Player
 
DoubleF's Avatar
 
Join Date: Apr 2014
Exp:
Default

It is perhaps ironic that individuals who use their service to protect themselves are now the most vulnerable.

I use a credit monitoring service, credit alert. I'm not sure if they use Equifax or Transunion. I guess it's more valuable now because the monitoring service may have released my info.

Oh well. I guess I'll keep my eye on my credit report monthly until January or so.
DoubleF is offline   Reply With Quote
Old 09-22-2017, 01:24 PM   #14
btimbit
Franchise Player
 
btimbit's Avatar
 
Join Date: Sep 2012
Location: SW Calgary
Exp:
Default

Good thing I subscribe to Equifax Credit Monitoring, so I can protect myself from Equifax Credit Monitoring
btimbit is offline   Reply With Quote
The Following 8 Users Say Thank You to btimbit For This Useful Post:
Old 10-12-2017, 02:55 PM   #15
Otto-matic
Franchise Player
 
Otto-matic's Avatar
 
Join Date: Dec 2003
Location: Sector 7-G
Exp:
Default

We have not yet mailed any notification letters, but we plan to mail these letters as soon as possible. These letters will contain further information on the complimentary credit monitoring and identity theft protection services offered to impacted consumers.

In the meantime, please take into account the following factors, which will help to increase your level of protection:

Equifax will NOT make any unsolicited outbound telephone calls to consumers to discuss this matter.
Equifax will NOT send any unsolicited emails asking for your personal information


https://www.consumer.equifax.ca/canada/home/en_ca_b/


So its been over a month since the hack and they still are dragging their feet on mailing out letters to the 8,000 Canadians who have been breached.
Otto-matic is offline   Reply With Quote
Old 10-12-2017, 02:57 PM   #16
Otto-matic
Franchise Player
 
Otto-matic's Avatar
 
Join Date: Dec 2003
Location: Sector 7-G
Exp:
Default

Also they've been hacked again.

http://www.ctvnews.ca/business/equif...hack-1.3629779

Quote:
Equifax Canada says its U.S. parent company's website has temporarily taken down one of its customer services pages amid reports that another part of its website had been hacked.
Company spokesman Tom Carroll did not respond to direct questions about any potential breach to Equifax Canada's website or the number of Canadian or American Equifax customers that may have been affected.
Carroll said in an emailed statement that, "We are aware of the situation identified on the equifax.com website in the credit report assistance link."

"Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline," his statement added.
"When it becomes available or we have more information to share, we will."
The news comes as Equifax Inc. continues to deal with the aftermath of a cyber breach earlier this year which allowed the personal information of 145.5 million Americans, and 8,000 Canadians, to be accessed or stolen.
Otto-matic is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 02:28 PM.

Calgary Flames
2023-24




Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright Calgarypuck 2021