Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Equifax data breach could potentially affect 143 million US consumers


  • Please log in to reply
49 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:04 PM

Posted 07 September 2017 - 04:57 PM

Credit reporting firm Equifax says data breach could potentially affect 143 million US consumers

Equifax, which supplies credit information and other information services, said Thursday that a data breach could have potentially affected 143 million consumers in the United States....Equifax said exposed data includes names, birth dates, Social Security numbers, addresses and some driver's license numbers, all of which the company aims to protect for its customers..."This is a security risk for any and every website that anyone uses," Christopher O'Rourke, CEO and founder of cyber-security firm Soteria


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:03:04 PM

Posted 07 September 2017 - 05:07 PM

Well, I hope they handle this very much the same way Anthem handled the huge data breach that exposed a lot of the same sort of information:  by subscribing every potentially affected person to an identity theft monitoring service for one year, with the option to go to two, at their expense.

 

Dodged a bullet with the Anthem compromise but I may not be so lucky with this one.  I'm still being monitored secondary to the Anthem incident and I keep my eye on the monthly reports I receive (and, if I remember correctly, would be notified immediately if something fishy were detected between formal reports).


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


#3 JohnC_21

JohnC_21

  • Members
  • 23,282 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 07 September 2017 - 05:34 PM

Just Great.

 

Credit monitoring company Equifax says a breach exposed social security numbers and other data from about 143 million Americans.

The Atlanta-based company said Thursday that “criminals” exploited a US website application to access files between mid-May and July of this year.

It said consumers’ names, social security numbers, birth dates, addresses and, in some cases, driver’s license numbers were exposed. Credit card numbers for about 209,000 US consumers were also accessed.

The company said hackers also accessed some “limited personal information” from British and Canadian residents.

Equifax said it doesn’t believe that any consumers from other countries were affected.

https://www.theguardian.com/us-news/2017/sep/07/equifax-credit-breach-hack-social-security

 

How to tell if your one of the unfortunate.

 

Edited link.

 

http://mashable.com/2017/09/07/equifax-hack-how-to-check-data-stolen/#xcOT0iuBwkqY


Edited by JohnC_21, 07 September 2017 - 06:02 PM.


#4 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:03:04 PM

Posted 07 September 2017 - 06:04 PM

The Guardian article does contain a direct link to the Equifax site where you check this:  https://www.equifaxsecurity2017.com/

 

The pertinent page at that website, which wouldn't be obvious, is "Potential Impact".

 

I am sorry to say that I am part of the group that was compromised.  I'll be signing up for the identity theft monitoring service they're offering for free on the very first day I can do so:  Wednesday, 9/13/2017

 

(I had written, on your other thread:  "Should we merge this thread with the one that was started by quietman7 shortly before yours?  Let me know."  It appears to have happened while I was typing!  Less work for me!!)


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


#5 JohnC_21

JohnC_21

  • Members
  • 23,282 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 07 September 2017 - 06:16 PM

I'm thinking of putting a Security Freeze at all three credit agencies. If I need new credit I can temporarily lift the freeze. I did a google search of all three agencies and the freeze can be done online.



#6 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:04 PM

Posted 07 September 2017 - 06:33 PM

Credit Freeze Guide...it is not free!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:03:04 PM

Posted 07 September 2017 - 06:45 PM

What's the point in doing a freeze?  If you're in the 143 million your data is already out there.  Now whether or not it will ever be used is another question entirely.  A great many of these hackings are for nothing more than bragging rights.

 

This is one of the dangers of the cyber age and one that not a one of us can avoid, as this information is computerized all over the place.


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


#8 Just_One_Question

Just_One_Question

  • Members
  • 1,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:04 PM

Posted 07 September 2017 - 07:03 PM

On the upside, their stock (EFX) is down 13% in after hours trading on the NYSE, so if you were hesitant on whether or not you should buy it, let's say Tuesday would be the best time to do so, given that their earnings report date is set between October the 24th and October the 30th and if it proves to be favorable, the stock would probably rebound. Also, they pay a dividend of around 1%. For me personally that company is neither a buy, nor a sell, but as I said, if you were eyeing it before, now would be the best time for a purchase. Good luck, hope your information is not used for anything bad. :)


Edited by Just_One_Question, 07 September 2017 - 07:05 PM.


#9 JohnC_21

JohnC_21

  • Members
  • 23,282 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 07 September 2017 - 07:10 PM

Wouldn't a credit freeze prevent somebody from using your info to get a credit line to purchase something or trying to open another credit card? No new credit is allowed when a credit freeze is in place. The fee depends on the State. My state's fee is $10 per credit agency. For $30 I'm not going to complain. It couldn't hurt. 


Edited by JohnC_21, 07 September 2017 - 07:12 PM.


#10 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:04 PM

Posted 07 September 2017 - 07:37 PM

Victims should not be charged any fees. Equifax should pay.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:03:04 PM

Posted 07 September 2017 - 08:14 PM

Victims should not be charged any fees. Equifax should pay.

 

I doubt Equifax will pay for anything other than a year of identity theft monitoring, with the option to extend to two on their dime as well.  They've already got that set up, as I found out when I went to the previously mentioned webpage and found myself among the "lucky 143 million."


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


#12 Occasional

Occasional

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 08 September 2017 - 04:52 AM

I know there's a lot pushing headlines now: Hurricanes, Nuts with nukes, etc., but still surprised at limited coverage for this data breach. 

 

Saw this last night: http://www.foxbusiness.com/features/2017/09/07/equifax-143m-us-consumers-affected-by-criminal-cybersecurity-breach.html 

Then looked at : https://www.equifaxsecurity2017.com/ (link posted by Britechguy).  The thing reads like Hillary responding to questions about email investigation.  

Some notable quotes:

    "Criminals exploited a U.S. website application vulnerability"  [ That narrows it down! ]

 

    "cybersecurity incident potentially impacting approximately 143 million U.S. consumers"  "The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers"  [ love the words 'incident' and 'primarily' ]

 

    "In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed"  [ Guessing these 'dispute document 'have a lot more than just PID ]

 

    "Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017"  [Thanks for the heads-up - in September ] 

 

    "The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases."  ['activity' I guess that means they didn't do any updates or deletes - just reads.  As Detective Frank Drebin would say "Move along.  Nothing to see here." ] 

 

Don't want to quote the whole article, but much more evasion, downplay and vague references.  

 

Firms like Equifax are data reservoirs, pipes and pumps, on an unfathomable scale.  Flow and volume are what maters - leaks become a concern only when they're large enough to overflow the company's containment dikes.  Would the "incident" have been reported at all, if the number was 143 or 143,000 effected?  



#13 JohnC_21

JohnC_21

  • Members
  • 23,282 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 08 September 2017 - 07:44 AM

After huge data breach, Equifax not telling all customers whether they are affected

After revealing Thursday that a data breach had exposed personal information of 143 million Americans, Equifax Inc. asked customers to go to a special website to find out whether they were one of the unfortunate victims.

When trying the site, however, many seem to be getting no actual response to that question.

Tests conducted in the MarketWatch office and by Twitter users suggest that the system installed on a website Equifax EFX, -12.56%  set up specifically to respond to the massive breach is giving users three answers: Yes, probably not, or…no answer at all.

 

 

http://www.marketwatch.com/story/after-huge-data-breach-equifax-not-telling-all-customers-if-they-are-affected-2017-09-07

 

Mine was no answer at all.



#14 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:03:04 PM

Posted 08 September 2017 - 09:06 AM

Well, anyone who thinks that this has received or is receiving "limited coverage" has not looked around even the slightest bit.  Every major news outlet was reporting it last night and it was, and remains, front-page news on major American newspapers.  What more can you want?

 

Having been down this road before it is no surprise that the Equifax website established in response to this incident is likely swamped beyond its capacity to handle the volume at times.

 

If you didn't get an answer when you last visited https://www.equifaxsecurity2017.com/potential-impact/ then visit again later.  I did, but probably got in before "the mad rush" as I saw the message initially posted here and followed the link from the Guardian article several hours before this was splashed across every media outlet I routinely visit, whether TV or print.

 

Also, I got what the marketwatch.com article calls "the noncommittal answer" which, to me anyway, was not noncommittal as I know if they're forking over the cost of signing me up for identity theft and credit monitoring services that means, "You're included in those affected."  My partner got a clear "no."  This all echoes my experience with the Anthem data breach very closely, though I can't remember whether their website at the time put up a big, bold, "Yes, you've been hit," message above the bit about my having qualified for free monitoring services for one year, which became extendable to two years at the end of the first, at no cost, and which I did.

 

I doubt that Equifax, Anthem, or Yahoo truly know the actual extent of their respective breaches but just have forensic evidence that they occurred and "guesstimates" about possible numbers involved.  This isn't as simple as, "oh, a file's missing from the file cabinet," and never will be.  This is also likely why the announcement has come when it has.  You don't announce this sort of thing until you're absolutely sure a breach occurred and have had the opportunity to do what must be done to make the "guesstimate" and set up for the response.

 

I'm not at all happy about this situation but I am a realist.  This has happened before and will happen again.  Cybercriminals or just "hackers for the glory of it" never sleep and constantly come up with more creative and interesting ways to get into places they couldn't last week.  Computer security specialists are constantly trying to stay one step ahead.  'Twas ever thus and ever will be.


Edited by britechguy, 08 September 2017 - 09:17 AM.

Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


#15 JohnC_21

JohnC_21

  • Members
  • 23,282 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 08 September 2017 - 10:48 AM

Equifax executives sold stock after data breach, before informing public

 

SEC filings show sales worth about $1.8 million that were not pre-planned

 

http://www.marketwatch.com/story/equifax-executives-sold-stock-after-data-breach-before-informing-public-2017-09-07






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users