The Data Breach Thread

Everything else!

Moderators: Bakhtosh, EvilHomer3k

Post Reply
User avatar
Max Peck
Posts: 13680
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

Equifax suffered another data breach in March
Equifax suffered another major breach before the massive data breach disclosed earlier this month, the company confirmed Monday, revealing yet again the vulnerability of the credit agency's computer systems.

The earlier breach, first reported by Bloomberg, was discovered by Equifax in March. But the company said that the earlier intrusion was unrelated to the breach that may have impacted as many as 143 million people, which the company discovered in July but did not disclose until six weeks later.

“Equifax complied fully with all consumer notification requirements related to the March incident,” Equifax said in a statement. “The two events are not related.”

Equifax did not offer any details about the information that may have been stolen, or how many people may have been affected. It's possible the hackers behind the March attack were seeking a way into the networks of major banks, using Equifax as a point of entry, according to Bloomberg. In both incidents, the company hired the cybersecurity firm Mandiant to investigate.

The disclosure of a second major breach is likely to spark intensified scrutiny from consumers and lawmakers, who have already expressed frustration over the company's security lapses and its handling of events after the July breach was made public. At least two congressional hearings are slated for the coming weeks. And Equifax faces multiple federal investigations on the breach as well as over reports that executives sold an unusual amount stock before the July hack was disclosed. Last week, two officials responsible for Equifax's security and information technology abruptly retired.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

I have a feeling Equifax won't be around in 6-8 months.
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

Carpet_pissr wrote:I have a feeling Equifax won't be around in 6-8 months.
Too big to fail. This is just a little blip for people that want to short their stock and then buy it low.
Revenue: 3.144 billion USD (2016)
Number of employees: 9,500 (2016)
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
stessier
Posts: 29816
Joined: Tue Dec 21, 2004 12:30 pm
Location: SC

Re: The Data Breach Thread

Post by stessier »

Moliere wrote:
Carpet_pissr wrote:I have a feeling Equifax won't be around in 6-8 months.
Too big to fail. This is just a little blip for people that want to short their stock and then buy it low.
Revenue: 3.144 billion USD (2016)
Number of employees: 9,500 (2016)
Arthur Andersen had 28k US employees and 85k worldwide and Revenue of 9.3 billion in 2001.
I require a reminder as to why raining arcane destruction is not an appropriate response to all of life's indignities. - Vaarsuvius
Global Steam Wishmaslist Tracking
Running____2014: 1300.55 miles____2015: 2036.13 miles____2016: 1012.75 miles____2017: 1105.82 miles____2018: 1318.91 miles__2019: 2000.00 miles
User avatar
coopasonic
Posts: 20966
Joined: Fri Mar 04, 2005 11:43 pm
Location: Dallas-ish

Re: The Data Breach Thread

Post by coopasonic »

stessier wrote:
Moliere wrote:
Carpet_pissr wrote:I have a feeling Equifax won't be around in 6-8 months.
Too big to fail. This is just a little blip for people that want to short their stock and then buy it low.
Revenue: 3.144 billion USD (2016)
Number of employees: 9,500 (2016)
Arthur Andersen had 28k US employees and 85k worldwide and Revenue of 9.3 billion in 2001.
Yeah, Equifax is just one of three major credit bureaus (sorry Innovis, you don't count) that do the same thing. It's pretty much redundant. It's very unlikely this will kill it though, unless some big financial institutions stop working with Equifax. Equifax makes money on B2B transactions. Consumer approval isn't critical to their business.
-Coop
Black Lives Matter
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

But Congressional approval is, and they are basically redundant and don't seem to give a shit.
Black Lives Matter
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

And businesses that use them are likely to seek services from alternate vendors due to internal and external skittishness.
It's almost as if people are the problem.
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

While the US government may not pillory Equifax, the exfiltration of data of UK citizens will put them under the screws in the EU.
It's almost as if people are the problem.
Jeff V
Posts: 36414
Joined: Fri Oct 15, 2004 7:17 pm
Location: Nowhere you want to be.

Re: The Data Breach Thread

Post by Jeff V »

Isgrimnur wrote:While the US government may not pillory Equifax, the exfiltration of data of UK citizens will put them under the screws in the EU.
I thought the UK and EU weren't on speaking terms anymore.
Black Lives Matter
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

They've scheduled the breakup.

Oh, and the Argentines aren't likely to be thrilled with them, either:
Earlier today, this author was contacted by Alex Holden, founder of Milwaukee, Wisc.-based Hold Security LLC. Holden’s team of nearly 30 employees includes two native Argentinians who spent some time examining Equifax’s South American operations online after the company disclosed the breach involving its business units in North America.

It took almost no time for them to discover that an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”

We’ll speak about this Equifax Argentina employee portal — known as Veraz or “truthful” in Spanish — in the past tense because the credit bureau took the whole thing offline shortly after being contacted by KrebsOnSecurity this afternoon. The specific Veraz application being described in this post was dubbed Ayuda or “help” in Spanish on internal documentation.
...
From the main page of the Equifax.com.ar employee portal was a listing of some 715 pages worth of complaints and disputes filed by Argentinians who had at one point over the past decade contacted Equifax via fax, phone or email to dispute issues with their credit reports. The site also lists each person’s DNI — the Argentinian equivalent of the Social Security number — again, in plain text. All told, this section of the employee portal included more than 14,000 such records.
It's almost as if people are the problem.
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: The Data Breach Thread

Post by Pyperkub »

stessier wrote:
Moliere wrote:
Carpet_pissr wrote:I have a feeling Equifax won't be around in 6-8 months.
Too big to fail. This is just a little blip for people that want to short their stock and then buy it low.
Revenue: 3.144 billion USD (2016)
Number of employees: 9,500 (2016)
Arthur Andersen had 28k US employees and 85k worldwide and Revenue of 9.3 billion in 2001.
Yeah the first day this went public, it reeked of Arthur Anderson to me (did I post that back then? Edit - not here. On facebook and maybe qt3)
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
Max Peck
Posts: 13680
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

Equifax says 100,000 Canadians impacted by cybersecurity breach
Equifax Canada said a massive cybersecurity breach at the company may have exposed the personal information of about 100,000 Canadian consumers.

Equifax is a consumer information company that provides, among other services, credit information and credit ratings on individuals.

The company disclosed on Sept. 7 that the cybersecurity breach exposed the personal data of about 143 million Americans but, at that time, did not reveal the number of Canadians involved.

Equifax Canada said the information includes names, addresses, social insurance numbers (SIN) and, in limited cases, credit card numbers.

"We apologize to Canadian consumers who have been impacted by this incident," said Lisa Nelson, president and general manager of Equifax Canada.

"We understand it has also been frustrating that Equifax Canada has been unable to provide clarity on who was impacted until the investigation is complete. Our focus now is on providing impacted consumers with the support they need," Nelson said in a release.

Canada's privacy commissioner said Friday it had opened an investigation into the data breach after receiving several complaints and dozens of calls from concerned Canadians.

Equifax said it has been working with the Office of the Privacy Commissioner of Canada (OPC) and will be sending notices via mail directly to all impacted consumers outlining the steps they should take.

"For impacted Canadians we will also be providing complimentary credit monitoring and identity theft protection for 12 months," the firm said.

The company is also telling Canadian consumers to be vigilant in reviewing their account statements and credit reports. Equifax said consumers should immediately report any unauthorized activity to their financial institutions, and it recommends that they monitor their personal information.

Equifax has said the breach of its system occurred between mid-May through July, and it learned of the hack on July 29.

Last week, Equifax put the blame for the breach on a web server vulnerability in its Apache Struts open-source software. However, the vulnerability could have been fixed back in early March when patches became available.

In Canada, at least two proposed class actions have been filed against the company in the wake of the disclosure of the massive security breach, with many more filed in the United States.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

I don't think they are too big to fail at all. Just like Andersen they are doing something that is already being done. And unlike banks, which consumers need or feel they do, consumers don't even like credit bureaus. Hopefully Congress and/or the stock market will cut them off and make an example out of them.
Black Lives Matter
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

The Data Breach Thread

Post by Carpet_pissr »

Moliere wrote:
Carpet_pissr wrote:I have a feeling Equifax won't be around in 6-8 months.
Too big to fail. This is just a little blip for people that want to short their stock and then buy it low.
Revenue: 3.144 billion USD (2016)
Number of employees: 9,500 (2016)
Enron revenue in 2000: $101 billion
20,600 employees
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

Arthur Andersen had 85,000 worldwide employees who lost their jobs.
Black Lives Matter
User avatar
naednek
Posts: 10866
Joined: Tue Oct 19, 2004 9:23 pm

Re: The Data Breach Thread

Post by naednek »

So I looked myself up and it said i could be impacted. Then it recommended to sign up for their monitoring program.

For those who had the same results, what are you doing? What should I be doing?
hepcat - "I agree with Naednek"
User avatar
TheMix
Posts: 10902
Joined: Thu Oct 14, 2004 5:19 pm
Location: Broomfield, Colorado

Re: The Data Breach Thread

Post by TheMix »

Go back and read AB's posts. That's what I did. :D

The recommendation from the clark.com link he posted is to stay far away from their "service".

In short, consider putting a freeze on the big 3 as well as the little 2. And sign up for CreditKarma.

To summarize the links (and since I just did this):
http://clark.com/personal-finance-credi ... haw-guide/

Chex Systems: 800-540-2505 (there is probably a shorter link)
https://www.chexsystems.com/web/chexsys ... nformation

Innovis: 800-887-7652
https://www.innovis.com/personal/securityFreeze
https://www.innovis.com/securityFreeze/index

Equifax: dial 888-298-0045 and ask to freeze your report.
https://www.freeze.equifax.com/Freeze/j ... IDInfo.jsp

TransUnion: dial 800-916-8800 and ask to freeze your report. (Phone: 888-909-8872)
https://freeze.transunion.com/sf/securi ... ngPage.jsp

Experian: dial 714-830-7000 and ask to freeze your report.
https://www.experian.com/ncaconline/freeze

Credit Karma credit monitoring
https://www.creditkarma.com
Edit: Note that the cost of freezing your credit depends on the state you are in. I think there was a link on the clark.com page that let you look that up. In my case it was free for the first freeze. Though it will be $10 to unfreeze and another $10 to refreeze. But I don't have credit checks very often.

Black Lives Matter

Isgrimnur - Facebook makes you hate your friends and family. LinkedIn makes you hate you co-workers. NextDoor makes you hate your neighbors.
User avatar
Lorini
Posts: 8282
Joined: Wed Oct 13, 2004 8:52 am
Location: Santa Clarita, California

Re: The Data Breach Thread

Post by Lorini »

naednek wrote:So I looked myself up and it said i could be impacted. Then it recommended to sign up for their monitoring program.

For those who had the same results, what are you doing? What should I be doing?
Yeah stay away from them and Lifelock who is using them. Lock up your credit as suggested.
Black Lives Matter
User avatar
Max Peck
Posts: 13680
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

SEC reveals it was hacked, information may have been used for illegal stock trades
The Securities and Exchange Commission, the country’s top Wall Street regulator, announced Wednesday that hackers breached its system for storing documents filed by publicly traded companies last year, potentially accessing data that allowed the intruders to make an illegal profit.

The agency detected the breach last year, but didn’t learn until last month that it could have been used for improper trading. The incident was briefly mentioned in an unusual eight-page statement on cybersecurity released by SEC Chairman Jay Clayton late Wednesday. The statement didn’t explain the delay in the announcement, the exact date the system was breached and whether information about any specific company was targeted.

“Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems,” Clayton said in the statement.

The system that was breached, known as EDGAR, is a popular way for investors to access the detailed financial reports companies that sell stock to the public must periodically release. It had a “software vulnerability” that was “exploited and resulted in access to nonpublic information,” Clayton said in the statement.

The breach didn’t lead to the release of personally identifiable information, but “may have provided the basis for illicit gain through trading,” Clayton said. An investigation into the matter is ongoing, he said.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
LawBeefaroni
Forum Moderator
Posts: 55315
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Re: The Data Breach Thread

Post by LawBeefaroni »

TheMix wrote:Go back and read AB's posts. That's what I did. :D

The recommendation from the clark.com link he posted is to stay far away from their "service".

In short, consider putting a freeze on the big 3 as well as the little 2. And sign up for CreditKarma.
From CreditKarma's own 9/14/2017 press release:
Credit Karma, the top venture-backed personal finance company in the world, today announced it is adding Equifax to its flagship free credit monitoring service.

I remember reading that and wondering why anyone would make that announcement. Must have been contractually obligated.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: The Data Breach Thread

Post by Pyperkub »

Deloitte:
Big Four accounting firm Deloitte, with $37B in annual revenues, found out that it had been hacked in March, and the hackers appear to have been inside its systems (supplied by Microsoft through its Azure cloud) since the previous October or March.

The hackers had access to up to 5 million sensitive company emails and documents from across all the sectors in which Deloitte operates, "the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies."

Deloitte kept the hack internally secret, only informing "a handful" of senior partners and lawyers, as well as six clients.
Guessing hosted Exchange?
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
Zenn7
Posts: 4447
Joined: Wed Dec 22, 2004 10:15 pm
Location: Michigan

Re: The Data Breach Thread

Post by Zenn7 »

If Equifax does go under, the big 3 become the big 2. Not sure that's an improvement for the people who are managing our (yours and mine) credit? They have less competition, more likely to increase prices and do other things to annoy those of us who are forced to need them (anyone who wants credit)?

I'm guessing they won't go under, might downsize a little though. They have a lot of business activity besides credit bureau. They own (or used to) Fair Isaac (the company that created FICO scores), Talx (amongst other things, they verify unemployed people are legitimately unemployed or not - related to companies having to pay unemployment), they sell "big data" (assuming everyone has heard that term), and other things. All B2B stuff.

Either way, glad I do not work there.
malchior
Posts: 24794
Joined: Wed Oct 13, 2004 12:58 pm

Re: The Data Breach Thread

Post by malchior »

And Equifax's CEO is now out the door - he is 'retiring'. This is an indicator they are still spinning and lost. They still are trying to deflect. These people needed to be 'fired' not 'retired'. It'd send a message that there are consequences for this type of mismanagement. Bonuses need to be clawed back. Golden parachutes snipped. Et cetera.

I am inside the industry and I'll tell you many still don't take the threat seriously enough. There will be an energy Equifax. And a healthcare Equifax. And dozens of other major industries. And data loss is only likely going to be the beginning. Lives are in the balance potentially.
User avatar
hepcat
Posts: 51301
Joined: Wed Oct 13, 2004 3:02 pm
Location: Chicago, IL Home of the triple homicide!

Re: The Data Breach Thread

Post by hepcat »

Pyperkub wrote:Deloitte:

Deloitte kept the hack internally secret, only informing "a handful" of senior partners and lawyers, as well as six clients.
Guessing hosted Exchange?
That and/or using Azure Active Directory (although if they're using Office 365 for mail or anything else, they'll have an AD account in Azure). Get even one poorly secured admin account and you're pretty much in charge of everything.

We just enabled 2 step authentication for everything using Office 365 Multi Factor Authentication as we have Office 365 for mail, SharePoint, etc.. This after our HR guy discovered someone had accessed his account using a password he'd idiotically left on a sticky note on his laptop. :doh:
Covfefe!
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: The Data Breach Thread

Post by Pyperkub »

Sonic Drive-In's
Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores, KrebsOnSecurity has learned.
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: The Data Breach Thread

Post by Anonymous Bosch »

Anonymous Bosch wrote:
Moliere wrote:Supposedly Equifax is waiving the freeze fee until Nov. 21st. Has anyone done this yet? I was told that they were giving out pins in the stupid format of MMDDYYhhmm, making the hacking of pins via brute force much easier. Is that still happening?
According to ArsTechnica, Equifax is purportedly moving to improve the PIN generation process, and ease the process of changing the PIN to something more random for those saddled with timestamp PINs:
ArsTechnica.com wrote:A number of customers discovered that the PINs generated by enrolling in Equifax's TrustedID Premier Service were non-random and apparently sequential—in fact, they were essentially date-time stamps of the time of enrollment. Such PINs could potentially be brute-forced by someone attempting to unlock a credit report for the purpose of identity theft.

Equifax is moving to improve the PIN generation process. In response to an inquiry from Ars, an Equifax spokesperson said:
While we have confidence in the current system, we understand and appreciate that consumers have questions about how PINs are currently generated. We are engaged in a process that will provide consumers a randomly generated PIN. We expect this change to be effective within 24 hours. A consumer has an option, and will continue to have an option, to change an existing PIN. The requested new PIN is sent to the consumer by US Mail to their address of record.
BTW, just to follow up on this particular aspect of Equifax's pooch-screwing. If you were given one of the insecure date-and-timestamp PINs, it's currently fairly easy -- and, more importantly, cost-free -- to rectify. You'll first need to go to the Freeze.equifax.com site and, after submitting the relevant details, choose to permanently unfreeze your credit using the insecure PIN. Then go back to the same site, and this time choose to freeze your credit again, and you should then get a PDF with a random PIN, all free of charge.

But keep in mind that the waived fees to freeze your Equifax credit report purportedly remain in effect until November 21. However, I spoke to an Equifax supervisor yesterday on the phone who stated that lifting a freeze will only remain free until October 10, so take that for what it's worth (i.e. if you have an insecure date-and-timestamp PIN, it'd behoove you to regenerate a random PIN ASAP while you can still do so free of charge).
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: The Data Breach Thread

Post by Anonymous Bosch »

Equifax breach hit 2.5 million more Americans than first believed:
usatoday.com wrote:SAN FRANCISCO — Equifax said hackers may have stolen the personal information of 2.5 million more U.S. consumers than it initially estimated, bringing the total to 145.5 million.

The company said the additional customers were not victims of a new attack but rather victims who the company had not counted before. Equifax hired the forensic security firm Mandiant to investigate the breach, and it finished its report on Sunday.

News of the new victims comes on the eve of congressional testimony to be given by Equifax’s former CEO Richard Smith, who will address a House subcommittee on Tuesday. He was forced into retirement last week in the wake of the attack.

In prepared remarks posted Monday, Smith said the hack was possible because someone in Equifax's security department didn’t patch a flaw the company had been alerted to by the U.S. Computer Emergency Readiness Team.

A scan performed later to check that the patch had been implemented failed to detect that it hadn’t, Smith said. He gave no reason why the company's workers failed to install the so-called Apache Struts upgrade.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

Toast, I tell ya. Toast.
User avatar
LawBeefaroni
Forum Moderator
Posts: 55315
Joined: Fri Oct 15, 2004 3:08 pm
Location: Urbs in Horto, outrageous taxes on everything

Re: The Data Breach Thread

Post by LawBeefaroni »

Every single Yahoo account. Every. Single. One.

Verizon Communications Inc. VZ, +0.99% announced today that a 2013 hack into Yahoo's network affected all Yahoo accounts, roughly 3 billion, after previous estimates said 1 billion accounts were affected. Yahoo, which was acquired by Verizon after the hack was disclosed and gave a slight price break on the deal because of it, is notifying affected accounts that were not previously contacted. Verizon pointed users to a frequently asked questions site set up in the wake of the hack, originally disclosed years after the hack in December 2016, for additional information.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton

MYT
User avatar
Blackhawk
Posts: 43487
Joined: Tue Oct 12, 2004 9:48 pm
Location: Southwest Indiana

Re: The Data Breach Thread

Post by Blackhawk »

Can they still return it for a refund?
(˙pǝsɹǝʌǝɹ uǝǝq sɐɥ ʎʇıʌɐɹƃ ʃɐuosɹǝd ʎW)
User avatar
Zaxxon
Forum Moderator
Posts: 28118
Joined: Wed Oct 13, 2004 12:11 am
Location: Surrounded by Mountains

Re: The Data Breach Thread

Post by Zaxxon »

User avatar
Sectoid
Posts: 3712
Joined: Thu Aug 04, 2005 9:35 am
Location: Cydonia, Mars
Contact:

Re: The Data Breach Thread

Post by Sectoid »

(V)(;,,;)(V) - Why not Zoidberg?
Model Mayhem # 641920
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

Re: The Data Breach Thread

Post by Carpet_pissr »

WHOLE LEE SHIT.
User avatar
Max Peck
Posts: 13680
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: The Data Breach Thread

Post by Max Peck »

Ongoing trust in Equifax isn't unique to the IRS.

Equifax Amassed Salary Details for People at 7,100 Companies
Here’s some information that Equifax Inc. is managing to hold onto: payroll data from 7,100 companies.

Inside the U.S. credit-reporting firm is a warehouse of corporate secrets like none other -- a database tracking the careers and earnings of bankers, technology workers and other personnel across the country. Even after Equifax failed to prevent hackers from tapping a separate trove of information on 143 million Americans, employers probably won’t stop feeding it updates, because they rely so much on analytics that Equifax provides.

In the wake of the breach announced last month, Bloomberg News contacted the 40 largest U.S. employers -- representing some 12.5 million workers -- and asked if they would continue dealing with the service, which helps them with unemployment claims, employment eligibility and tax credits. None said they will sever existing ties.

Several -- such as Wal-Mart Stores Inc., the nation’s largest private employer -- confirmed they will keep sharing information with Equifax. Others declined to comment on their relationships or didn’t respond to messages. Only about a half-dozen said they didn’t provide that information prior to this year’s hack.

“We’ve been assured by Equifax that the area of their business that we are working with was not exposed to the breach,” Wal-Mart spokesman Dan Toporek said in an email, echoing statements by others. The retailer doesn’t plan to change its relationship, but “will continue to have discussions with Equifax about the security of our information.”
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: The Data Breach Thread

Post by Isgrimnur »

At this point, it's breach fatigue. The market won't make them pay for continued associations with them, and the odds are that the other agencies are under attack and will eventually succumb to their own breaches. Short of a board of directors getting skittish, no major corporation is going to jump ship and risk spending millions to set on new contracts and implementation over a bad PR event.
It's almost as if people are the problem.
User avatar
Moliere
Posts: 12295
Joined: Sun Sep 03, 2006 10:57 am
Location: Walking through a desert land

Re: The Data Breach Thread

Post by Moliere »

US Intelligence Unit Accused Of Illegally Spying On Americans’ Financial Records
The intelligence division at the Treasury Department has repeatedly and systematically violated domestic surveillance laws by snooping on the private financial records of US citizens and companies, according to government sources.

Over the past year, at least a dozen employees in another branch of the Treasury Department, the Financial Crimes Enforcement Network, have warned officials and Congress that US citizens’ and residents’ banking and financial data has been illegally searched and stored. And the breach, some sources said, extended to other intelligence agencies, such as the National Security Agency, whose officers used the Treasury’s intelligence division as an illegal back door to gain access to American citizens’ financial records. The NSA did not respond to requests for comment.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
User avatar
Fitzy
Posts: 2030
Joined: Wed Oct 13, 2004 4:15 pm
Location: Rockville, MD

Re: The Data Breach Thread

Post by Fitzy »

Why does Treasury have an intelligence department?
Jeff V
Posts: 36414
Joined: Fri Oct 15, 2004 7:17 pm
Location: Nowhere you want to be.

Re: The Data Breach Thread

Post by Jeff V »

Fitzy wrote:Why does Treasury have an intelligence department?
Department of Daddy Warbucks wrote:Terrorism and Financial Intelligence

Office of Intelligence and Analysis (OIA)
Intelligence has played an important role in the exercise of the responsibilities and operations of the Treasury Department since the Department assumed its enforcement responsibilities in 1789. The mission and culture of Treasury's Office of Intelligence and Analysis, created under the Intelligence Authorization Act of 2004, builds on this strong tradition of intelligence and national security at the Department.

OIA advances national security and protects financial integrity by informing Treasury decisions with timely, relevant, and accurate intelligence and analysis. It supports this mission by:

Driving intelligence to meet the priorities of Treasury decision-makers and external customers.
Producing all-source assessments and other material to identify threats and vulnerabilities in licit and illicit networks that may be addressed by Treasury-led action.
Delivering timely, accurate, relevant intelligence to decision-makers.
Providing the security infrastructure necessary to safeguard the Treasury's national security information.
Black Lives Matter
User avatar
Carpet_pissr
Posts: 19978
Joined: Thu Nov 04, 2004 5:32 pm
Location: Columbia, SC

The Data Breach Thread

Post by Carpet_pissr »

Kickstarter:

You've been pwned!

You signed up for notifications when your account was pwned in a data breach and unfortunately, it's happened. Here's what's known about the breach:


Breach: Kickstarter
Date of breach: 16 Feb 2014
Number of accounts: 5,176,463
Compromised data: Email addresses, Passwords

Description: In February 2014, the crowdfunding platform Kickstarter announced they'd suffered a data breach. The breach contained almost 5.2 million unique email addresses, usernames and salted SHA1 hashes of passwords.

Why are you only hearing about this now? Whilst the breach occurred in February 2014, sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly. "Have I been pwned?" will always attempt to alert you ASAP, it's just a question of how readily available the data is.
User avatar
LordMortis
Posts: 70097
Joined: Tue Oct 12, 2004 11:26 pm

Re: The Data Breach Thread

Post by LordMortis »

Sunuva!
Post Reply