Privacy News Equifax Says Cyberattack May Have Affected 143 Million Customers

[Captain Awesome]

Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.

The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cybersecurity threat for the agency since 2015.

Equifax, based in Atlanta, is a particularly tempting target for hackers. If identity thieves wanted to hit one place to grab all the data needed to do the most damage, they would go straight to one of the three major credit reporting agencies.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

More News:Equifax Says Cyberattack May Have Affected 143 Million Customers

 

[Weebarra]

Blimey, if Equifax has been targeted so many times, they quite clearly have not learnt any lessons There security should have been layered up to the hilt after the first breach. Nowhere is safe anymore

 

[Solarquest]

143m!!!! We're customer data encrypted?
It still "amazes" me how companies can make such incredible "mistakes" and get mostly rid of them with little consequences!
I really hope they get a fine that moves all other companies to really take care of customer data and to make security a priority!

 

[tim one]

A theft of 143 million users. Not dollars, euros or gold bullion. But something that is equally or more valuable: personal information and security numbers, which, however, is increasingly difficult to protect.
The uncertainty of safety is really difficult to digest.

 

[Entreri]

Imagine when the NSA facilities in Utah finally get hacked, I hope by criminals, the ensuing chaos will be amusing.

 

[plat1098]

And how are things going at Experian and TransUnion nowadays? My thoughts are with the people who have been and/or will be affected by the two hurricanes today and in the recent past. It is beyond belief that news of this massive breach would be coinciding with these events.

 

[509322]

Blimey, if Equifax has been targeted so many times, they quite clearly have not learnt any lessons There security should have been layered up to the hilt after the first breach. Nowhere is safe anymore

143m!!!! We're customer data encrypted?
It still "amazes" me how companies can make such incredible "mistakes" and get mostly rid of them with little consequences!
I really hope they get a fine that moves all other companies to really take care of customer data and to make security a priority!

There are no mandated minimum IT security standards required by law for any party to protect consumer data. At this point in time there are just general governmental and industry guidelines.

If there is a data breach, some governments require that the breached firms report the data breach. That's all that is legally required.
It is up to firms to establish and implement their own IT security standards and systems.

Basically, firms can use Windows default protections or nothing at all if they so wish.

That's why I keep saying over-and-over, the security of your personal system is the least of your concerns. The real risk is your personal data which resides on 3rd, 4th, 5th,... party systems. Whether a person realizes it or not, their personal data is shared and stored widely across many, many systems. Read the fine print and understand completely what it means.

 

[509322]

Imagine when the NSA facilities in Utah finally get hacked, I hope by criminals, the ensuing chaos will be amusing.

The NSA has already been hacked many times. Same for the CIA, FBI, DoD, etc. All of them multi-billion dollar budgeted government organizations with the best IT security that money can buy.

So it shows real ignorance when users on these forums live under the delusion that they can somehow create complicated security configurations that are "impenetrable" fortresses using consumer-grade security softs.

There are no IT security protection systems that provide 100 % protection. If powerful government agencies cannot do it, what makes a home user think they can do it ?

Installing security softs is only the tip of the iceberg of what is required to protect personal data.

 

[Entreri]

The NSA has already been hacked many times. Same for the CIA, FBI, DoD, etc. All of them multi-billion dollar budgeted government organizations with the best IT security that money can buy.

So it shows real ignorance when users on these forums live under the delusion that they can somehow create complicated security configurations that are "impenetrable" fortresses using consumer-grade security softs.

There are no IT security protection systems that provide 100 % protection. If powerful government agencies cannot do it, what makes a home user think they can do it ?

Installing security softs is only the tip of the iceberg of what is required to protect personal data.

Even the NSA Utah data centers? I read there are so many attempts per day against it. If they got hacked, fantastic.
I really love how various government departments are now centralizing their data storage, brilliant. One juicy central target.

Evidently, Equifax , login and password, "admin" and "admin". Outstanding security (at least in Argentina). Did Equifax US of A even encrypt any of the sensitive information? I think not. Brilliant IT once again.

 

[509322]

Even the NSA Utah data centers? I read there are so many attempts per day against it. If they got hacked, fantastic.
I really love how various government departments are now centralizing their data storage, brilliant. One juicy central target.

Evidently, Equifax , login and password, "admin" and "admin". Outstanding security (at least in Argentina). Did Equifax US of A even encrypt any of the sensitive information? I think not. Brilliant IT once again.

The greatest threat to a user's personal data is not that their home system will be infected by some undetected malware and their data will be stolen. This scenario is very unlikely.

The greatest threat is that a 3rd, 4th, 5th,... party system will be hacked\infected and the person's data stolen from those compromised systems.

 

[Exterminator]

Equifax Blames Breach on Apache Struts Flaw

 

[Solarquest]

There are no mandated minimum IT security standards required by law for any party to protect consumer data. At this point in time there are just general governmental and industry guidelines.

If there is a data breach, some governments require that the breached firms report the data breach. That's all that is legally required.
It is up to firms to establish and implement their own IT security standards and systems.

Basically, firms can use Windows default protections or nothing at all if they so wish.

That's why I keep saying over-and-over, the security of your personal system is the least of your concerns. The real risk is your personal data which resides on 3rd, 4th, 5th,... party systems. Whether a person realizes it or not, their personal data is shared and stored widely across many, many systems. Read the fine print and understand completely what it means.

We are in 2017!....even after so many companies got hacked we still don't have minimum IT security requirements?
Incredible, not understandable,... a shame!
Companies dealing with sensible data don't have security requirements to follow?
I cannot believe this!!!!!