• Welcome to Global Gulag Media Forum. Please login or sign up.

Equifax’s Hacking Nightmare Gets Even Worse For Victims

Started by 2Revolutions, Sep 11, 2017, 07:29:45 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


Another thing to note is after the "free year" of credit monitoring by Equifax,  they will start charging you for it.


After Equifax Inc. revealed that sensitive data on two of every five Americans was exposed in a cyberattack, thousands logged onto a company website to see if they were at risk. For many, the site didn't work at first. But for those who got through, a nasty surprise was waiting.

If your data had been stolen, Equifax offered a free year of credit monitoring known as "TrustedID Premier." But some fine print may also mean that consumers who agree would be giving up the right to sue over many types of damages related to the massive penetration.

The unprecedented breach, which occurred in July but was disclosed on Thursday, is among the largest in U.S. history, affecting 143 million people. The hack revealed personal information such as Social Security numbers, addresses, driver's license data, and birth dates, putting millions at risk for identity theft. A proposed multibillion-dollar class action lawsuit was filed Thursday evening. All told, Equifax could be facing as much as $70 billion in claims, said Ben Meiselas, an attorney for Geragos & Geragos, one of the firms that filed the lawsuit.

For already panicked consumers, that fine print—an arbitration clause—has caused further frustration, prompting federal lawmakers and at least one state attorney general to condemn Equifax for appearing to force aggrieved consumers to give up their day in court. Social media was flooded with messages of concern, with some fearing that simply using an Equifax website to check whether their information was compromised bound them to arbitration—a private proceeding which consumer advocates and lawyers consider inherently biased in favor of companies.

More at link  -->  https://www.bloomberg.com/news/articles/2017-09-08/equifax-s-hacking-nightmare-gets-worse-thanks-to-arbitration-clause

Last Edit by Palmerston


As Equifax Amassed Ever More Data, Safety Was a Sales Pitch


Equifax's chief executive had a simple strategy when he joined more than a decade ago: Gather as much personal data as possible and find new ways to sell it.

The company was making good money compiling credit reports on Americans. But Wall Street wanted stronger growth.

The chief executive, Richard F. Smith, delivered, releasing dozens of new products each year and doubling revenue. The company built algorithms and started scrubbing social media to assess consumers. In a big data collection coup, Equifax persuaded more than 7,000 employers to hand over salary details for an income verification system that now encompasses nearly half of American workers.

As part of its pitch to clients, the company promised to safeguard information. It even sold products to help companies hit by cyberattacks protect their customers.

"Data breaches are on the rise. Be prepared," the company said in one pitch. "You'll feel safer with Equifax."
Continue reading the main story

But this strategy means that Equifax is entrenched in consumers' financial lives whether they like it or not — or even know it. Equifax's approach amplified the consequences of the breach, reported this month, that exposed the personal information for up to 143 million people.

Ordinary people are not Equifax's customers. They are the company's product. The "Big Three" credit bureaus, Equifax, Experian and TransUnion, collect 4.5 billion pieces of data each month to feed into their credit reports.

From birth to death, the record grows. Decades' worth of addresses and identifying information, including drivers' licenses and Social Security numbers. Utility accounts like telephone and cable subscriptions. Criminal records, medical debt, as well as rental and eviction histories.

Equifax's records on any given individual, scattered throughout dozens of databases, typically stretch across hundreds or thousands of pages.

Equifax now faces a consumer backlash over its response to the hacking attack. The anger has been intensified by the actions of three senior executives who sold shares worth $1.8 million in the days after the breach was discovered. The stock, which had tripled in the last five years, is down 30 percent since the attack. Equifax said the executives were unaware of the breach when they sold their stock.

More at link -->  https://www.nytimes.com/2017/09/23/business/equifax-data-breach.html

Last Edit by Palmerston



The Equifax Hack Has the Hallmarks of State-Sponsored Pros

Investigations into the massive breach aren't complete, but the intruders used techniques that have been linked to nation-state hackers in the past.

In the corridors and break rooms of Equifax Inc.'s giant Atlanta headquarters, employees used to joke that their enormously successful credit reporting company was just one hack away from bankruptcy. They weren't being disparaging, just darkly honest: Founded in the 19th century as a retail credit company, Equifax had over the years morphed into one of the largest repositories of Americans' most sensitive financial data, which the company sliced and diced and sold to banks and hedge funds. In short, the viability of Equifax and the security of its data were one and the same.

Nike Zheng, a Chinese cybersecurity researcher from a bustling industrial center near Shanghai, probably knew little about Equifax or the value of the data pulsing through its servers when he exposed a flaw in popular backend software for web applications called Apache Struts. Information he provided to Apache, which published it along with a fix on March 6, showed how the flaw could be used to steal data from any company using the software.

The average American had no reason to notice Apache's post but it caught the attention of the global hacking community. Within 24 hours, the information was posted to FreeBuf.com, a Chinese security website, and showed up the same day in Metasploit, a popular free hacking tool. On March 10, hackers scanning the internet for computer systems vulnerable to the attack got a hit on an Equifax server in Atlanta, according to people familiar with the investigation.

Before long, hackers had penetrated Equifax. They may not have immediately grasped the value of their discovery, but, as the attack escalated over the following months, that first group—known as an entry crew—handed off to a more sophisticated team of hackers. They homed in on a bounty of staggering scale: the financial data—Social Security numbers, birth dates, addresses and more—of at least 143 million Americans. By the time they were done, the attackers had accessed dozens of sensitive databases and created more than 30 separate entry points into Equifax's computer systems. The hackers were finally discovered on July 29, but were so deeply embedded that the company was forced to take a consumer complaint portal offline for 11 days while the security team found and closed the backdoors the intruders had set up.

More at the link --->  https://www.bloomberg.com/news/features/2017-09-29/the-equifax-hack-has-all-the-hallmarks-of-state-sponsored-pros

Last Edit by Palmerston


A supposed $700 million dollar settlement with only $31 million going toward monetary compensation to those affected.   Equifax has no legal obligation to inform those affected by the breach.   


Equifax Can't Afford Promised Customer Payout, FTC Confirms


Last week, I reported that credit monitoring firm Equifax would be paying up to $20,000 in compensation to those affected by the 2017 mega-breach. But it turns out that some impacted customers won't even be getting the minimum $125 payout, because the FTC failed to anticipate the number of responses it would get.

The settlement fund for the breach that saw the exposure of 147 million Equifax customers' data was $31 million. Customers applying for a payout were initially offered $125 or free Equifax credit monitoring. Unsurprisingly, many people already had credit monitoring, or didn't want to take it from the firm that failed to safeguard their data. The result? Equifax can't afford to pay out to all affected customers.

So, in a remarkable move, the FTC is telling affected Equifax customers to opt for free credit monitoring instead of cash. Robert Schoshinski, assistant director, division of privacy and identity protection at the FTC said the public response to the settlement has been "overwhelming," and that "millions of people" have applied for compensation via the settlement website's claims form.

But there's a downside to this unexpected number of claims, he said: "A large number of claims for cash instead of credit monitoring means only one thing: Each person who takes the money option will wind up only getting a small amount. Nowhere near the $125 they could have gotten if there hadn't been such an enormous number of claims filed."

What to do if you haven't applied for the Equifax payout

So, what should you do if you haven't had the chance to file for the payout? Schoshinski said if you haven't applied yet, you should take the free credit monitoring. On the plus side, however, there's also the option for people who certify that they already have credit monitoring to claim "up to" $125 instead.

More at the link ---> https://www.forbes.com/sites/kateoflahertyuk/2019/08/01/ftc-confirms-equifax-cant-afford-promised-customer-payout