Full Scope of Equifax Data Breach Revealed

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,500
Everyone by now knows that Equifax had a data breach that exposed over 140 million consumers personal information to include social security numbers. What most people didn't know was the full scope of the breach and now Equifax has released the information to the Securities and Exchange Commission. Not only were SSNs compromised, but birthdays, addresses, gender identifications, driver's license numbers and other data were compromised. Overall this was once heck of a gold mine for identity theft criminals. When is someone going to go to jail for this stuff? Thanks cagey.

New information shows the 146.6 million consumers affected in the data breach didn't just have their social security numbers stolen. Most of them also had their birthdays, addresses, driver's licenses and more exposed.
 
In other words, enough information to circumvent credit freezes, which are the only protection from the really scary fraud schemes that come out of this.
 
Is there a place to check to see if you have been one of those 140 million that got their shit stolen?
 
I dont want someone to go to jail over this.. well other than the people who did it. I want a lifetime of free identity theft monitoring and fixing. None of this bullshit 1 year monitor through our own service crap, because identity thieves know this too and on month 13 all hell breaks loose
 
answer: no one.

no one is going to jail for this. IT security is a joke in the US

We throw people in jail all of the time. If it's people at the highest levels and not the guy that didn't push out the patch, then maybe. Where you get corporations attention is when you hit them in the wallet.
 
Are you a US resident, who has a social security card and has ever used credit? Yup your shit has been stolen

It's VERY common, my wife has been a victim and it's a pain in the ass. You just have to be proactive, keep an eye on reports. There's a zillion ways an identify can be stolen. Hopefully tech like blockchain can be implemented to help with this situation.
 
We are actually closer to the end premise of Fight Club today than in the 90's. Pretty much every adult in the US has been compromised, same with Canada (CRA lost a ton of shit a few years ago to heartbleed), Homedepot, Adobe, hospitals, etc all impacted across the western world. All it would take to send our financial systems into utter chaos is a massive coordinated attack using all that stolen information.
 
This is virtually everyone of working age, in the US. Don't wonder about if you're affected - the chances are very high that you are.

I'd be interested to see figures for the rest of the world. Equifax operates in a couple dozen other countries also.
 
But yeah there is a site to check just google equifax data breech check


make sure you go to the one that ends in .ru

it will want your SS# and other items though .. to verify you are who you say you are..but its cool

;>)
 
Is there a place to check to see if you have been one of those 140 million that got their shit stolen?

Link to check can be found here: equifaxsecurity2017


Equifax.PNG
 
I think that when you do a credit freeze, you have to establish an "unfreeze passphrase".
I guarantee people have lost their passphrase. I would guess they fix it using the same type of info that you use to apply for the freeze.
 
Honestly at this point I wouldn't be surprised if the vast majority of US citizens have their personal information stolen and are available on the dark web. There are so many breaches all the time, your information isn't really safe anymore.
 
Honestly at this point I wouldn't be surprised if the vast majority of US citizens have their personal information stolen and are available on the dark web. There are so many breaches all the time, your information isn't really safe anymore.

I completely agree with you. It blows my mind why there is such a push for biometric security. Once compromised always compromised.... I'll stick to my passwords and pins with multi-factor authentication. It's my body, and I choose not share it with anyone!
 
Haha, i wouldn't believe that for a second... 140 million is pretty much
all adults
.
Then this: https://gizmodo.com/equifax-operates-another-credit-bureau-that-you-cant-fr-1825909532

Estimated US population (July 2017): 325,719,178
Persons under 18 y/o: 22.8%

https://www.census.gov/quickfacts/fact/table/US/PST045217

325,719,178*(1-.228) = ~251,455,205 adults

If 145 million users were affected then approximately 106 million adults (~42%) were unaffected. Almost a coin flip.
 
Well In Canada we just get this:


403 ERROR
The request could not be satisfied.
The Amazon CloudFront distribution is configured to block access from your country.

They say Canadian's were effected by this I should get to know what they have on me and if they lost it.
 
There used to be scrutiney... e.g. Arthur Anderson falling due to their ignorance of Enron. Now everyone just shrugs their shoulders and goes "meh".

I think part of the problem is a lack of competition.
 
Everyone by now knows that Equifax had a data breach that exposed over 140 million consumers personal information to include social security numbers. What most people didn't know was the full scope of the breach and now Equifax has released the information to the Securities and Exchange Commission. Not only were SSNs compromised, but birthdays, addresses, gender identifications, driver's license numbers and other data were compromised. Overall this was once heck of a gold mine for identity theft criminals. When is someone going to go to jail for this stuff? Thanks cagey.

New information shows the 146.6 million consumers affected in the data breach didn't just have their social security numbers stolen. Most of them also had their birthdays, addresses, driver's licenses and more exposed.
There should not be a single private company in this country that has access to all that information without government oversight on-hand. Not saying it would have been prevented, but there needs to be extremely strong and tough regulations regarding our most sensitive information.
 
We are actually closer to the end premise of Fight Club today than in the 90's. Pretty much every adult in the US has been compromised, same with Canada (CRA lost a ton of shit a few years ago to heartbleed), Homedepot, Adobe, hospitals, etc all impacted across the western world. All it would take to send our financial systems into utter chaos is a massive coordinated attack using all that stolen information.

That's why hostile states are behind so much of this shit. Creating chaos for every member of the armed forces and blackmailing politicians to do your bidding are two motives that come to mind.
 
oddly enough that site doesn't work for me. I do the little I'm not a robot and hit submit and it just sits there.

I think this probably means you may have been affected. I entered my info and a few family members and the same thing you're experiencing happened with all of them. But the moment I entered something fake it would come back as being unaffected.

Likely if your last name and last 6 digits of your SSN matches a line in the database of affected users its searching then its locking up.
 
Might as well rename themselves Equifacts: need detailed facts about people? We have 'em we even give 'em away.
 
The internet is a simple system. It seems complicated, but it's a simple system. They were testing mechanical registers in the 90's (a system where routers and switches use non-programmable silicon with strong rules about traffic at the local router level) but telecoms hated them then, although it seems like a good idea now. There was an idea in the 2000's that banks would issue a unique SIM card for your phone, a card with a unique time-locked identity, and your bank or credit card would verify all purchases through your phone, but that was too expensive, too.

There was a time when FERPA and HIPAA were going to require a human approval before issuing more than one person's information from the database. Assholes who study data didn't like the idea that your name, address, SSN, etc., etc., wasn't in the data warehouse, though, don't ask me why, 'cause that's fucking stupid.

Businesses, telecoms and banks talk tough about security in the 21st century, but they don't want to pay for it, they want to blame criminals and law enforcement for the problem, and they want someone to magically come up with a way to provide security over a very simple system. You can say that you don't want to pay for heightened security, but the reality is, you already do - banks and businesses pass the costs on to you.

P.S. All online games should be UDP. That way, all the security we implement for business can be ignored for games.
 
Why does this redirect you to trustedpremier.com???

And who the hell decided to put this on https://www.equifaxsecurity2017.com/ ?? What, www.angelfire.com/equifaxbreach was taken?

I really want to check myself, but...

TrustedID Premier is Equifax's identity protection service. They provided it for free* to all affected users for 1 year.

The website name is tacky, I agree. But its easier than the likely alternatives of www,equifax,com/personal/breach or something along those lines. Need to make it simple so when the news and radio was talking about the breach then people would more easily remember the website to check later.

*you had to get all of your personal information stolen, not really "free"
 
We throw people in jail all of the time. If it's people at the highest levels and not the guy that didn't push out the patch, then maybe. Where you get corporations attention is when you hit them in the wallet.

The executives are the ones that sign off on security policy. A "CYA" type of thing. The guy that didn't push out the patch isn't responsible. The CISO/CIO is and his boss. They are ultimately the ones that are responsible for it. The buck stops there.

Hit them in the wallet. With Equifax, it's really hard. Don't subscribe to their credit monitoring service? Fine. That's just secondary. Their primary business isn't with you. They get your information when you apply for credit, etc. You're the product, not the consumer. Can't opt out, either. Unless you just don't apply for credit, home, etc..

I think the Equifax breach shows how lax the US is in privacy and actually caring about it. We don't. There should be a lot more pressure on these guys. While I think the GDPR goes a bit overboard, it's doing something that's needed. Tame it down a little bit and it'd be good. You have a breach from lax security, you're fucked and it's not some lame slap on the wrist.
 
We throw people in jail all of the time. If it's people at the highest levels and not the guy that didn't push out the patch, then maybe. Where you get corporations attention is when you hit them in the wallet.
Unless of course they get the government to legally allow them to be held harmless in situations like this, then you just want to lock all the doors to their building and set the fucker on fire.
 
The executives are the ones that sign off on security policy. A "CYA" type of thing. The guy that didn't push out the patch isn't responsible. The CISO/CIO is and his boss. They are ultimately the ones that are responsible for it. The buck stops there.

Hit them in the wallet. With Equifax, it's really hard. Don't subscribe to their credit monitoring service? Fine. That's just secondary. Their primary business isn't with you. They get your information when you apply for credit, etc. You're the product, not the consumer. Can't opt out, either. Unless you just don't apply for credit, home, etc..

I think the Equifax breach shows how lax the US is in privacy and actually caring about it. We don't. There should be a lot more pressure on these guys. While I think the GDPR goes a bit overboard, it's doing something that's needed. Tame it down a little bit and it'd be good. You have a breach from lax security, you're fucked and it's not some lame slap on the wrist.

The Feds should file fraud charges against the CISO for failure to perform her duties and collecting her salary. It wasn't that the breach happened that is most telling. Despite true best efforts, crap happens. What was telling was the 3 Stooges circus that happened afterwards. It quickly became obvious they had no Incident Response Plan. Even their first attempt at a "Has your data been stolen" site was reported to have been breached. Having a tested workable IRP is a CISO's job one. This CISO failed that task.

The Board of Directors should also face criminal charges for failing to perform their oversight duties.
 
Capitalism is failing due to cronyism, incidents like this should decimate the company, maybe even destroy it, so that other corporations can rise from the ashes. Instead these entities are protected from their failings.

I don't know what the fix is, but I do know that I don't like this.
 
I think that when you do a credit freeze, you have to establish an "unfreeze passphrase".

And if you forget that passphrase(pin) how do you reset it? They ask you questions that can be answered with the data they lost...... I didn't even bother freezing my accounts. Why the F would I pay them 10$ each to protect myself from data they lost due to incompetence, that doesn't provide any additional security......


The Feds should file fraud charges against the CISO for failure to perform her duties and collecting her salary. It wasn't that the breach happened that is most telling. Despite true best efforts, crap happens. What was telling was the 3 Stooges circus that happened afterwards. It quickly became obvious they had no Incident Response Plan. Even their first attempt at a "Has your data been stolen" site was reported to have been breached. Having a tested workable IRP is a CISO's job one. This CISO failed that task.

The Board of Directors should also face criminal charges for failing to perform their oversight duties.

It goes back farther than that. It appears they didn't have(or had a very shitty) patching plan. Took way too long to patch a well known critical vuln in Struts, and also apparently have no data classification policy with monitoring of outbound PII. How the fuck did they not catch a single user extracting TB's of data from their system? The amount of incompetence in a company of that size, holding some of the most critical data is mind boggling......
 
Back
Top