News & General Discussion -  Equifax hack exposes 143M (263 views) Notify me whenever anyone posts in this discussion.Subscribe
From: Marci (marcinmin) DelphiPlus Member Icon Posted by host9/8/17 12:07 AM 
To: All  (1 of 21) 

Politico: Credit reporting giant Equifax said today that hackers had compromised the personal information of 143 million Americans.

The data breach — one of the largest in history — exposed names, Social Security numbers, birth dates, mailing addresses, driver’s license numbers and 209,000 U.S. credit card numbers, Equifax said in a statement.


The hack, which occurred between May and July, also compromised 182,000 Americans’ credit reporting dispute files, which contain sensitive information about their personal and financial histories.

Hackers exploited a now-fixed website vulnerability to access the information, according to Equifax.

 Reply   Options 

From: BlueManDude9/8/17 12:15 AM 
To: Marci (marcinmin) DelphiPlus Member Icon  (2 of 21) 
 107702.2 in reply to 107702.1 

And guess who sold a few million Equifax shares two days after the hack, the CEO and a couple of his managers... and hey, worried about your info being compromised, well sign up with equifax, free for a year.


From: Marci (marcinmin) DelphiPlus Member Icon Posted by host9/8/17 9:08 AM 
To: BlueManDude  (3 of 21) 
 107702.3 in reply to 107702.2 

you don't have to sign with them. Those 3 agencies have everybody's info

Forum Host, Liberal Heaven
Assistant Moderator,YDD-Yellow Dog Democrats



From: BlueManDude9/8/17 10:21 AM 
To: Marci (marcinmin) DelphiPlus Member Icon  (4 of 21) 
 107702.4 in reply to 107702.3 

If you want to watch your accounts, etc, free for a year, they want you to send them your info...


From: Marci (marcinmin) DelphiPlus Member Icon Posted by host9/8/17 10:31 AM 
To: BlueManDude  (5 of 21) 
 107702.5 in reply to 107702.4 

I think you can get an app and have them send updates, but the already have info unless someone has never applied for credit card, loan, etc

Forum Host, Liberal Heaven
Assistant Moderator,YDD-Yellow Dog Democrats



From: BlueManDude9/8/17 10:45 AM 
To: Marci (marcinmin) DelphiPlus Member Icon  (6 of 21) 
 107702.6 in reply to 107702.5 

I know I was being sarcastic... like anyone would send their info, especially after it took them over a month to notify people and their CEO and other executives dumped a huge chunk of stock 2 days after they found out about the hack.


From: BlueManDude9/8/17 10:48 AM 
To: Marci (marcinmin) DelphiPlus Member Icon  (7 of 21) 
 107702.7 in reply to 107702.5 

Three Equifax Managers Sold Stock Before Cyber Hack Revealed

September 7, 2017, 5:59 PM EDT September 8, 2017, 9:17 AM EDT
  • Trio didn’t know about the intrusion when selling, firm says
  • Shares tumbled in late trading after company disclosed breach


Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers.

The trio had not yet been informed of the incident, the company said late Thursday.


From: Marci (marcinmin) DelphiPlus Member Icon Posted by host9/8/17 11:31 AM 
To: All  (8 of 21) 
 107702.8 in reply to 107702.7 

Yeah they had no idea. That ranks up there with the Russia meeting was about adoptions 

Forum Host, Liberal Heaven
Assistant Moderator,YDD-Yellow Dog Democrats



From: BlueManDude9/8/17 11:56 AM 
To: Marci (marcinmin) DelphiPlus Member Icon  (9 of 21) 
 107702.9 in reply to 107702.8 

Amateur response

Besides the severity and scope of the pilfered data, the Equifax breach also stands out for the way the company has handled the breach once it was discovered. For one thing, it took the Atlanta-based company more than five weeks to disclose the data loss. Even worse, according to Bloomberg News, three Equifax executives were permitted to sell more than $1.8 million worth of stock in the days following the July 29 discovery of the breach. While Equifax officials told the news service the employees hadn't been informed of the breach at the time of the sale, the transaction at a minimum gives the wrong appearance and suggests incident responders didn't move fast enough to contain damage in the days after a potentially catastrophic hack came into focus.

What's more, the website, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.

Meanwhile, in the hours immediately following the breach disclosure, the main Equifax website was displaying debug codes, which for security reasons, is something that should never happen on any production server, especially one that is a server or two away from so much sensitive data. A mistake this serious does little to instill confidence company engineers have hardened the site against future devastating attacks.

It was bad enough that Equifax operated a website that criminals could exploit to leak so much sensitive data. That, combined with the sheer volume and sensitivity of the data spilled, was enough to make this among the worst data breaches ever. The haphazard response all but guarantees it.


From: Black Cat (NYTSHADE) DelphiPlus Member Icon9/8/17 12:18 PM 
To: Marci (marcinmin) DelphiPlus Member Icon  (10 of 21) 
 107702.10 in reply to 107702.5 

My credit score appears on my credit card statement each month.

BTW, anything over 750 is all treated the same, so improving it beyond that is pointless.  Unless you're obsessive about numbers like me.  :)


Navigate this discussion: 1-10 11-20 21
Adjust text size:

Welcome, guest! Get more out of Delphi Forums by logging in.

New to Delphi Forums? You can log in with your Facebook, Twitter, or Google account or use the New Member Login option and log in with any email address.

Home | Help | Forums | Chat | Blogs | Privacy Policy | Terms of Service
© Delphi Forums LLC All rights reserved.