Community Message: We're currently in the middle of our donation drive. For those willing to send a donation, we ask that you use the feature in the sidebar to send a donation. For those who send a donation, a donation badge will be featured in your profile next to every message you post. members can dismiss this message by clicking on the 'x' in the upper-right corner. Donations are used for hosting fees, license renewal for the forum software and domain name renewal.

Jump to content
Sign in to follow this  
DeLtA

Equifax security breach

Recommended Posts

DeLtA    8
DeLtA

This has been making the headlines recently. People suggest that everyone in the US does a credit fraud alert for 90 days, and continuously monitor their credit. When you get your W2, try to do your tax return as soon as possible so that no one else can fraudulently do it in your place, as the IRS doesn't have a way of checking whether it's bona fide or not.

Share this post


Link to post
Share on other sites
Keiichi Morisato    423
Keiichi Morisato

I heard about this. What you might not have heard is that Equifax decided to double down on the breach and add insult to injury. They set up a website where you enter your information to see if you're a victim of the breach but in order to discover if you are also a victim, their terms of service agreement to find out if you're a victim requires you to give up your right to sue. Here's what their agreement says:

Quote

AGREEMENT TO RESOLVE ALL DISPUTES BY BINDING INDIVIDUAL ARBITRATION. PLEASE READ THIS ENTIRE SECTION CAREFULLY BECAUSE IT AFFECTS YOUR LEGAL RIGHTS BY REQUIRING ARBITRATION OF DISPUTES (EXCEPT AS SET FORTH BELOW) AND A WAIVER OF THE ABILITY TO BRING OR PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR OTHER REPRESENTATIVE ACTION. ARBITRATION PROVIDES A QUICK AND COST EFFECTIVE MECHANISM FOR RESOLVING DISPUTES, BUT YOU SHOULD BE AWARE THAT IT ALSO LIMITS YOUR RIGHTS TO DISCOVERY AND APPEAL.

It was reported by Arstechnica. In effect, Equifax suffers breach. Because possible victims could sue Equifax, they set up a website that tells victims they can check to see if they are a victim but they have to give up their right to sue Equifax. Soon after, other sites were reporting that the site Equifax set up was being flagged as a dangerous website by security platforms. After outraged victims complained to Equifax, they quickly removed the 'arbitration' clause of the agreement. But the fact that Equifax thought that it could sneak in that clause in the agreement was ridiculous on its face.

Share this post


Link to post
Share on other sites
DeLtA    8
DeLtA

Not to mention that top execs also sold their shares a few days/weeks after the breach occurred. But they failed to notify the public until at least 2 months after the breach. They did not do anything ethically.

Also, with regards to that site, yeah, there was someone on reddit who tested it and found that for some reason, given the same exact information, it gave different answers depending on whether they were on mobile or computer. And their answers are vague as well, asking you to wait until another date to check again. It's as if they don't actually know who was affected. Or, worse, everyone was affected, and they're trying to hide that.

Share this post


Link to post
Share on other sites
Keiichi Morisato    423
Keiichi Morisato

I suspect that those idiots will be investigated by the SEC (Federal Security and Exchange Commission). The SEC takes a very dim view of stock holders who sell their shares with knowledge that isn't available to the general public. Just ask Martha Stewart.

Share this post


Link to post
Share on other sites
DeLtA    8
DeLtA

Also, saw something else today. Don't use LifeLock. Apparently that uses services from Equifax. -_-

Share this post


Link to post
Share on other sites
Keiichi Morisato    423
Keiichi Morisato

LifeLock has been embroiled in legal problems in the past as well.  I don't remember the particulars but it involved something about misleading customers about its services. They've settled a lawsuit with the the FTC for $100 million, settled a lawsuit with the State of California for $68 million for false and misleading advertising not to mention suffering the wrath of State Attorney General's in various states. It's karma that now Equifax has become embroiled in a breach, especially after such companies as Target, Yahoo, eBay, TJX Companies, JP Morgan Chase, US Office of Personnel Management (OPM), Sony Playstation Network, RSA Security, Stuxnet, Verisign, Home Depot, Adobe and many others.

One would think that these big companies and government entities would hire some outside firm to analyze their network security to prevent such breaches by spending the money to improve their security measure. Spending money to improve their security would be less costly than paying a major fine to the regulatory agencies AFTER the news hits the wire about the breach. Then, these companies run around frantically, trying to conduct damage control. They seem to think that either it won't happen to them or that they gamble, hoping nobody would prove their security, looking for weaknesses.

I'd hate to be the pone to say this but this is what hackers do, they probe network security for various companies hoping to grab their customer's data in a breach and then sell that information on the darkweb. Eventually, their network is going to be compromised and there's nothing they can do about it. Once hackers breach your system, you're screwed. Because then, you don't know what they're going to do with that hacked data.

The recent problem that has cropped up over the past few years have been security professionals alerting companies that they have a security issue with their networked systems. When these security professionals alert these companies to fix the problem, they are often arrested and charged with violating the CFAA (Computer Fraud abnd Abuse Act) rather than the company saying thanks and making an effort to fix the security hole.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

Board Life Status


Board startup date: December 12, 2004 13:15:32
×