Equifax Hacked - 143M US Consumers could be affected

[Pantoot]

Yeah, I also think the number of people that are freezing their credit (and opting out of prescreened offers as a result) have to be hurting their bottom lines.

[edit: freeze doesn't opt you out like I thought it did]

 

[rh71]

So if you don't freeze your credit and you become an actual victim, is none of it reversible? Are we in any way protected after the fact?

Or are people going through the trouble to freeze because they don't want to go through the hassle later if something does happen?

 

[s0me0nesmind1]

Yeah, I also think the number of people that are freezing their credit (and opting out of prescreened offers as a result) have to be hurting their bottom lines.

Something I haven't confirmed yet - does freezing your credit automatically opt you out of pre-screened offers? Or is possible to freeze your credit and still get pre-screened offers?

 

[Pantoot]

Something I haven't confirmed yet - does freezing your credit automatically opt you out of pre-screened offers? Or is possible to freeze your credit and still get pre-screened offers?

Good point, ftc says no, it doesn't:

Does a credit freeze stop prescreened credit offers?
No. If you want to stop getting prescreened offers of credit, call 888-5OPTOUT (888-567-8688) or go online.

 

[snoopy7548]

Just read this on Ars this morning:

https://arstechnica.com/information...caused-by-failure-to-patch-two-month-old-bug/

"We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement."

Why was such sensitive data accessible via an outside-facing website vulnerability?

 

[highland145]

So if you don't freeze your credit and you become an actual victim, is none of it reversible? Are we in any way protected after the fact?

Or are people going through the trouble to freeze because they don't want to go through the hassle later if something does happen?

You can always dispute via annualcreditreport.com. A much easier process than before the govt set that up.

 

[rh71]

"We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement."

Why was such sensitive data accessible via an outside-facing website vulnerability?

Patch was available 2 months prior... that's almost the amount of time a big company takes to test & implement fixes.

 

[fleshconsumed]

Wanna sue Equifax without any lawyer? - https://finance.yahoo.com/news/equifax-lawsuits-automatically-sue-equifax-160709017.html

I'm tempted, just not sure if I'll have the patience and necessary knowledge to finish it without the lawyer.

Anyone else thinking of doing this?

 

[Svnla]

Some good information about credit freeze (if you want to go that route), especially the cost of doing so for each state- https://www.usatoday.com/story/mone...e-your-credit-protect-your-identity/657304001

Equifax shares are down 31% since the announcement, $5 billion USD of value is wiped out - http://www.marketwatch.com/story/eq...re-erasing-5-billion-in-market-cap-2017-09-14

 

[Linux23]

could i fake real negative inquiries on my report claiming that i've been hacked from this breach?

 

[BudAshes]

Some good information about credit freeze (if you want to go that route), especially the cost of doing so for each state- https://www.usatoday.com/story/mone...e-your-credit-protect-your-identity/657304001

Equifax shares are down 31% since the announcement, $5 billion USD of value is wiped out - http://www.marketwatch.com/story/eq...re-erasing-5-billion-in-market-cap-2017-09-14

Well at least those execs sold their stock. Wouldn't want to hurt their bottom line.

 

[manly]

https://it.slashdot.org/story/17/09...-major-as-the-companys-chief-security-officer

 

[esquared]

https://it.slashdot.org/story/17/09...-major-as-the-companys-chief-security-officer

 

[Elixer]

So, how did she land that position if her background is in music, and no security or IT experience?

 

[highland145]

https://it.slashdot.org/story/17/09...-major-as-the-companys-chief-security-officer

lolol My 1st thought was that she was super hot.

I'm man enough to admit when I'm wrong.

 

[esquared]

So, how did she land that position if her background is in music, and no security or IT experience?

Don't know but she's now or will be, "retired"
Shortly after this piece was published, Equifax announced Mauldin will “retire” as chief information security officer and be replaced, according to CNBC.


https://www.mediaite.com/online/equ...fficer-has-a-ba-and-mfa-in-music-composition/

 

[manly]

So, how did she land that position if her background is in music, and no security or IT experience?

casting couch?

OK in (some) seriousness, getting into a C-suite has as much to do with mastering politics than with merit. I certainly would never hire an unqualified person for a senior technical role but then again I'm not a CEO!

 

[IronWing]

https://it.slashdot.org/story/17/09...-major-as-the-companys-chief-security-officer

Sounds like Equifax had notable treble with their staff. We'll have to wait to see the finale of this clef hanger. Maybe have to apply beatings for good measure.

 

[highland145]

Sounds like Equifax had notable treble with their staff. We'll have to wait to see the finale of this clef hanger. Maybe have to apply beatings for good measure.

Speak engrish, damn it, this is Merica.

 

[IronWing]

Speak engrish, damn it, this is Merica.

The scales have fallen from their eyes so they'll likely up their tempo to deliver a sharp rebuke before their profits fall flat.

 

[highland145]

The scales have fallen from their eyes so they'll likely up their tempo to deliver a sharp rebuke before their profits fall flat.

I believe the scales fell shortly before the stock sale.

 

[bob4432]

Anybody know if Equifax was even running their own web servers? Or were they using a 3rd party to handle that since their main IT person would have no idea how to setup a web server (and in Susan Mauldin's mind - Apache, why do Indians of the southwest keep sending me info about some critical web thingy, guess I will just put them in my spam box, I don't have time for this Indian web nonsense, now back to my best music works) much less keep one up to date .

I would hate to see how their internal machines are setup - wonder how many passwords are "password"?

Just more evidence that is not what you know but who you know.

Since this basically hit nearly every household in the US, 9~400,000 in the UK, and some in Canada, who gets to be held accountable? Or is it not what you know but who you know again?

At least she should be able to make a song to comfort herself knowing we will all be dealing with this for the rest of our lives, way to go Susan Mauldin .

 

[sdifox]

Music major as chief security officer...ftc should look into the possible insider trades as well.

 

[Svnla]

I am all for this bill, let Equifax pays the cost - https://finance.yahoo.com/news/senate-bill-calls-free-credit-194200909.html

FTC credit freeze FAQs - https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

and what to do about ID theft - https://www.identitytheft.gov/Steps

 

[drnickriviera]

Yeah, I also think the number of people that are freezing their credit (and opting out of prescreened offers as a result) have to be hurting their bottom lines.

[edit: freeze doesn't opt you out like I thought it did]

I just got a letter from Equifax saying they were opting me out of prescreened offers for 5 years. If I wanted it permanent, fill out this form. I did a freeze the day the story broke.