www. O S N E W S .com
News Features Interviews
BlogContact Editorials
.
Data of 143 million Americans stolen from Equifax
By Thom Holwerda on 2017-09-07 23:45:22

Equifax Inc. today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases.

Names, social security numbers, birthdays, addresses, driver's license numbers, credit card numbers - this is a very big breach.

Interestingly enough, three executives of the credit reporting agency sold their shares in the company days after the breach was discovered.

 Email a friend - Printer friendly - Related stories
.
Read Comments: 1-10 -- 11-20 -- 21-30 -- 31-38
.
Comment by PJBonoVox
By PJBonoVox on 2017-09-08 00:04:44
Isn't that practically insider trading?
Permalink - Score: 5
.
Comment by ilovebeer
By ilovebeer on 2017-09-08 00:24:42
"Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit reporting databases."

Of course not. Hackers tend to sit on that kind of data for years because there's no rush. People can't change their social security numbers, drivers license number, birthday, etc., and anything you can change is easily obtainable with the information you can't.

What I'd like to know is what Equifax is going to do to clean up the mess once people start having their lives ruined. I've seen/read reports of erroneous credit files that took the victims 10-15 years or *more* to clear up, all while suffering the consequences in that time.
Permalink - Score: 8
.
Public social security numbers
By dark2 on 2017-09-08 00:43:01
I hear one of the European countries solves this problem by making their version of the social security number public information, that way anyone can look online an verify if they have the right person. The secret number thing just doesn't work at all.
Permalink - Score: 4
.
RE: Public social security numbers
By Thom_Holwerda on 2017-09-08 00:49:34
In most countries, the SSN isn't actually an ID number. The problem in America is not with the SSN in and of itself, but with its misuse as an ID number - because for some weird political reason, Americans don't want mandatory IDs (they'd rather have a deeply insecure and broken SSN used as an effectively mandatory ID as long as it's not called a mandatory ID because logic).

Edited 2017-09-08 00:50 UTC
Permalink - Score: 6
.
RE[2]: Public social security numbers
By ilovebeer on 2017-09-08 01:43:43
You're always told to protect your SSN with your life, but then you can't do any banking without revealing it, you can't get non-emergency medical care, you can't be registered for school, etc etc etc... It's ridiculous. And of course these places are always having their data breached.

Here's the best part.. Once someone has you SSN, they can reverse everything else and essentially become you with *real* id, bank accts, etc. Once you find out they've trashed your credit, trashed your accounts, and trashed your life, you have to go on a very long & expensive fight to clear your name. And it's never truly cleared as if it all never happened. The shit is completely stupid and politicians do absolutely nothing to fix it.
Permalink - Score: 8
.
RE: Public social security numbers
By Alfman on 2017-09-08 01:46:40
dark2,

> I hear one of the European countries solves this problem by making their version of the social security number public information, that way anyone can look online an verify if they have the right person. The secret number thing just doesn't work at all.

Yes!

It is so stupid for companies to insist on using SSN as proof of authorization. SSN works fine as a form of unique ID, it is extremely useful to have a unique identifier for databases. But it *not* proof of consent and all the businesses using that way need to stop pretending that it is. Frankly if I had a say, I'd pass a law explicitly dismissing any liability for any transactions only backed by this federal ID number without a record of consent. It should be treated as public information.

Too often we just point fingers at the gate keepers for allowing the leak to happen, but what is really needed is to adapt security mechanisms that don't break when partners get hacked. We have much better security models we could be using if only businesses would stop relying on archaic security solutions. I wish we could collectively move to something more secure like PKI where security is not based on having shared secrets (like SSN, CC#), but alas I've been playing the same broken record for two decades now.
Permalink - Score: 4
.
RE[2]: Public social security numbers
By Alfman on 2017-09-08 02:02:04
Thom Holwerda,

> In most countries, the SSN isn't actually an ID number. The problem in America is not with the SSN in and of itself, but with its misuse as an ID number - because for some weird political reason, Americans don't want mandatory IDs (they'd rather have a deeply insecure and broken SSN used as an effectively mandatory ID as long as it's not called a mandatory ID because logic).

I'm a bit confused with what you mean here, how is SSN being misused as an ID number? IMHO the federal government is doing the correct thing by assigning everyone a unique number. The big problem is how private companies are using it and making horribly flawed assumes about SSN security.
Permalink - Score: 2
.
RE[3]: Public social security numbers
By Alfman on 2017-09-08 02:27:17
ilovebeer,

> You're always told to protect your SSN with your life, but then you can't do any banking without revealing it, you can't get non-emergency medical care, you can't be registered for school, etc etc etc... It's ridiculous. And of course these places are always having their data breached.

...The shit is completely stupid and politicians do absolutely nothing to fix it.


You get it. This is one of those things that annoys the hell out of many tech people, but many ordinary people haven't really considered that the process is fundamentally broken. They view the problem as hackers getting through the defense walls. They think having bigger and stronger walls will keep them out. We know better, but this is how many people think.
Permalink - Score: 7
.
RE[4]: Public social security numbers
By ilovebeer on 2017-09-08 02:48:06
Exactly! It drives me nuts whenever I heard this subject being discussed and the `solution` is to just add a bigger/stronger wall like you said. Part of me thinks they don't actually buy into that as a real solution but rather just a typical kick-the-can-down-the-road type of response.
Permalink - Score: 3
.
RE[2]: Public social security numbers
By leech on 2017-09-08 06:24:37
Well, there are two types of worry about the SSNs being out there now. The stupidity that with that number and basically a matching name, you can change address, name, bank information, etc.

Then there is the full on Identity theft, but on that side of things to have someone become you is probably a bit less likely, since there are already tons of dead people's SSNs out there thanks to many years back one of the genealogy sites were posting their SSNs...

But who knows, I'm thinking more than likely the biggest ones at risk for fraud here are the ones who have a high credit rating... And the fact that I don't think any of us really have a choice whether or not the big three can have our credit history to have that score. So pretty much every grown adult in the US that has any sort of credit history is potentially boned.
Permalink - Score: 3

Read Comments 1-10 -- 11-20 -- 21-30 -- 31-38

No new comments are allowed for stories older than 10 days.
This story is now archived.

.
News Features Interviews
BlogContact Editorials
.
WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?