This Equifax Thing

Discuss whatever you want here ... movies, books, recipes, politics, beer, wine, TV ... everything except classical music.

Moderators: Lance, Corlyss_D

Post Reply
lennygoran
Posts: 12668
Joined: Tue Mar 27, 2007 9:28 pm
Location: new york city

This Equifax Thing

Post by lennygoran » Thu Sep 14, 2017 7:50 am

This sounds like a pain in the neck-anyone have any thoughts on it? Regards, Len :o

The Equifax Data Breach: What to Do

September 8, 2017
by Seena Gressin
Attorney, Division of Consumer & Business Education, FTC

If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting

agencies.

Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also

stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.

There are steps to take to help protect your information from being misused. Visit Equifax’s website, www.equifaxsecurity2017.com. (This link takes you away from our site. Equifaxsecurity2017.com is not controlled by the FTC.)

Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re

on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.

Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site

and click “Enroll” on that date. You have until November 21, 2017 to enroll.

You also can access frequently asked questions at the site.

Here are some other steps to take to help protect yourself after a data breach:

Check your credit reports from Equifax, Experian, and TransUnion — for free — by visiting annualcreditreport.com. Accounts or activity that you don’t recognize could indicate identity theft. Visit IdentityTheft.gov to find out what

to do.
Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that a credit freeze won’t prevent a thief from making charges to your existing accounts.

Monitor your existing credit card and bank accounts closely for charges you don’t recognize.

If you decide against a credit freeze, consider placing a fraud alert on your files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really

is you.

File your taxes early — as soon as you have the tax information you need, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters

from the IRS.

Visit Identitytheft.gov/databreach to learn more about protecting yourself after a data breach.

What To Do After a Data Breach
Did you get a notice that says your personal information was exposed in a data breach? Visit IdentityTheft.gov/databreach to learn what you can do to protect your identity.
Tagged with: data breach, identity theft


https://www.consumer.ftc.gov/blog/2017/ ... ch-what-do

jserraglio
Posts: 3300
Joined: Sun May 29, 2005 7:06 am
Location: Cleveland, Ohio

Re: This Equifax Thing

Post by jserraglio » Tue Sep 19, 2017 7:31 am

Thanks. I read the FTC article carefully and used the link to check Potential Impact at the "Equihacks" website.

Found three other helpful articles, especially the third.

http://www.clevelandc.com/business/inde ... r_the.html

http://www.jsonline.com/story/money/201 ... 678304001/

https://www.accunet.com/blog/equifax-da ... -identity/
Last edited by jserraglio on Tue Sep 19, 2017 2:04 pm, edited 1 time in total.

lennygoran
Posts: 12668
Joined: Tue Mar 27, 2007 9:28 pm
Location: new york city

Re: This Equifax Thing

Post by lennygoran » Tue Sep 19, 2017 8:42 am

jserraglio wrote:
Tue Sep 19, 2017 7:31 am
Found three other helpful articles, especially the third.
Thanks for the links. Regards, Len

jserraglio
Posts: 3300
Joined: Sun May 29, 2005 7:06 am
Location: Cleveland, Ohio

Re: This Equifax Thing

Post by jserraglio » Tue Sep 19, 2017 1:05 pm

According to Bloomberg today, "Equihacks" was breached 6 months ago. I doubt this Atlanta-based outfit will survive all the lawsuits and investigations to come. Their entire business rests on credibility which is now shot to hell.

Material below QTD from report on Bloomberg site 9/18/2017

Equifax Inc. learned about a major breach of its computer systems in March -- almost five months before the date it has publicly disclosed, according to three people familiar with the situation.
In a statement, the company said the March breach was not related to the hack that exposed the personal and financial data on 143 million U.S. consumers, but one of the people said the breaches involve the same intruders. Either way, the revelation that the 118-year-old credit-reporting agency suffered two major incidents in the span of a few months adds to a mounting crisis at the company, which is the subject of multiple investigations and announced the retirement of two of its top security executives on Friday.
Equifax hired the security firm Mandiant on both occasions and may have believed it had the initial breach under control, only to have to bring the investigators back when it detected suspicious activity again on July 29, two of the people said.
Equifax’s hiring of Mandiant the first time was unrelated to the July 29 incident, the company spokesperson said. In a statement issued after the publication of this story, the company said it experienced a security incident involving a payroll-related service during the 2016 tax season earlier this year. Equifax said the incident was reported to customers, affected individuals and regulators. Vitor De Souza, senior vice president for global marketing at FireEye Inc., Mandiant’s parent company, declined to comment.
The revelation of a March breach will complicate the company’s efforts to explain a series of unusual stock sales by Equifax executives. If it’s shown that those executives did so with the knowledge that either or both breaches could damage the company, they could be vulnerable to charges of insider trading. The U.S. Justice Department has opened a criminal investigation into the stock sales, according to people familiar with the probe.
Equifax has said the executives had no knowledge that an intrusion had occurred when the transactions were made. The company’s shares fell less than 1 percent to $94.06 at 11:06 a.m. in New York.
New questions about Equifax’s timeline are also likely to become central to the crush of lawsuits being filed against the Atlanta-based company. Investigators and consumers alike want to know how a trusted custodian of so many Americans’ private data could let hackers gain access to the most important details of financial identity, including social security and driver’s license numbers, and steal credit card numbers.
In public statements since disclosing the intrusion on Sept. 7, Equifax said it became aware of the breach only after the data taken by the hackers had been gone for months. The company said it discovered the incident on July 29 and “acted immediately to stop the intrusion and conduct a forensic review.” Equifax hired Mandiant to help with the probe on Aug. 2, and said the investigators eventually learned that the hackers had accessed the data in mid-May.
There’s no evidence that the publicly disclosed chronology is inaccurate, but it leaves out a set of key events that began earlier this spring, the people familiar with the probe said.
In early March, they said, Equifax began notifying a small number of outsiders and banking customers that it had suffered a breach and was bringing in a security firm to help investigate. The company’s outside counsel, Atlanta-based law firm King & Spalding, first engaged Mandiant at about that time. While it’s not clear how long the Mandiant and Equifax security teams conducted that probe, one person said there are indications it began to wrap up in May. Equifax has yet to disclose that March breach to the public.
One possible explanation, according to several veteran security experts consulted by Bloomberg, is that the investigation didn’t uncover evidence that data was accessed. Most data breach disclosure laws kick in only once there’s evidence that sensitive personal identifying information like social security numbers and birth dates have been taken. The Equifax spokesperson said the company complied fully with all consumer notification requirements related to the March incident.
Even so, the revelation of an earlier breach will likely raise questions for the company’s beleaguered executives over whether that investigation was sufficiently thorough or if it was closed too soon. For example, Equifax has said that the hackers entered the company’s computer banks the second time through a flaw in the company’s web software that was known in March but not patched until the later activity was detected in July.
Security experts say victim companies have wide leeway about how deep an investigation they want outside investigators to do. Some clients will limit the breadth of access or the time outside investigators can spend on site. Others want a full assessment that encompasses their entire computer network and could include the identification of existing security vulnerabilities. Cost is often a consideration, but the victim company might also believe a breach’s scope is limited.
It’s the stock sales by several executives that are likely to get the most scrutiny in light of the new timeline. On Aug. 1 and Aug. 2, regulatory filings show that three senior Equifax executives sold shares worth almost $1.8 million, with none of the filings listing the transactions as being part of scheduled 10b5-1 trading plans. Equifax’s Chief Financial Officer John Gamble sold shares worth $946,374; Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099; and Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock.
Equifax has said the executives “had no knowledge that an intrusion had occurred at the time,” and the company spokesperson declined to make them available for comment.
Under the company’s publicly disclosed timeline, there were fewer than a handful of days between the stock sales and the date Equifax said the breach was discovered. Under the new timeline, those sales come several months after the March breach but before the public had any knowledge of major security issues at one of the country’s three big credit-reporting agencies.
The new timeline is also likely to focus scrutiny on an earlier sale by Gamble of 14,000 shares on May 23. According to a regulatory filing, which didn’t indicate that the sale was part of a scheduled trading plan, the value of that transaction was $1.91 million, more than twice the size of his Aug. 1 disposal of 6,500 shares for $946,374.
If the two hacks are unrelated it could be that different hacking teams had different goals. One clue has emerged that suggests one goal of the attackers was to use Equifax as a way into the computers of major banks, according to a fourth person familiar with the matter.
This person said a large Canadian bank has determined that hackers claiming to sell celebrity profiles from Equifax on the dark web -- information that appears to be fraudulent, or recycled from other breaches -- did in fact steal the username and password for an application programming interface, or API, linking the bank’s back-end servers to Equifax.
According to the person and a Sept. 14 internal memo reviewed by Bloomberg, the gateway linked a test and development site used by the bank’s wealth management division to Equifax, allowing the two entities to share information digitally.
The discovery suggests that the attackers may have been trying to piggyback off of Equifax’s connections to large banks and other financial institutions as a backdoor way to hack those entities and gain access to sensitive partner systems. The company spokesperson said Equifax is “working diligently with our bank partners to assess and mitigate any impact to their operations.”
Last edited by jserraglio on Tue Sep 19, 2017 1:58 pm, edited 2 times in total.

jserraglio
Posts: 3300
Joined: Sun May 29, 2005 7:06 am
Location: Cleveland, Ohio

Re: This Equifax Thing

Post by jserraglio » Tue Sep 19, 2017 1:51 pm

Irritated by Facelessbook news emanating from Russian bots? Now there is a homegrown fake-tax-refund threat coming to many of us compliments of the feckless folks at "Equihacks".
CNBC. After the Equifax data breach, year-end tax planning may be even more important.

Social Security numbers were among the data exposed in the Equifax hack, which affects up to 143 million people. Immediate to-dos have focused on fraud alerts, credit freezes and monitoring to curtail thieves' ability to open new accounts in victims' names. But experts say consumers should also start thinking ahead to tax season — when criminals could potentially use those stolen Social Security numbers to file fraudulent tax returns and snare refunds.

https://www.cnbc.com/2017/09/18/your-ne ... turns.html

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 1 guest