Credit details of 143 million US Citizens comprimised

[ScratchCat]

Source : https://www.notebookcheck.com/Datensicherheit-Einer-der-groessten-US-Datenleaks.247310.0.html

 

Since May of this year attackers have been using a security flaw in Equifax's website to leach confidential information of 143 million users or 44% of the population of the US. The attacks were first identified in July according to Equifax

Quote

Amongst the stolen information are extremely sensitive data such as names, addresses, birth data and even social security numbers as well as driving license numbers.

This data could be used to impersonate these people, which could lead to vast damages not only to those affected but also to anyone who is tricked by these cloned identities.

 

Quote

The company now offers the affected parties free security monitoring and protection against identity theft for one year. Nevertheless, the resulting damage is irreparable. Over the past few years, almost every conceivable sensitive data of citizens has been published through hacker attacks or even by inadvertent online-access.

Quote

Meanwhile, Bloomberg reports that Equifax's three executives, including CFO John Gamble (!), Sold a total of 1.8 million shares, especially during the period between the discovery of the attacks and the official announcement by Equifax.

 

The costs to Equifax will be enormous, firstly the cost of suppling the affected with the above mentioned services , as well as a fall in consumer confidence. The fact that the CEO himself and other executives have sold large amounts of shares following the breach gives an indication on what the potential imact on Equifax will be.

It is worrying how much money and resources are inadequetly protected , given the number of breaches in recent years.

[Kobathor]

It should be criminal for the higher-ups to hold that information from the public so that they could sell all of their shares to save their bank accounts.

 

Thank God I don't have a credit card!  

[TidaLWaveZ]

11 minutes ago, Kobathor said:

It should be criminal for the higher-ups to hold that information from the public so that they could sell all of their shares to save their bank accounts.

 

Thank God I don't have a credit card!  

I think it is... Pretty sure this is insider trading and totally illegal.

[Kobathor]

1 minute ago, TidaLWaveZ said:

I think it is... Isn't this insider trading?

Quote

 

in·sid·er trad·ing

inˈˌsīdər ˈtrādiNG/

noun

 

             1.the illegal practice of trading on the stock exchange to one's own advantage through having access to confidential information.

 

 

Yes, yes it is.

[Dylanc1500]

23 minutes ago, Kobathor said:

It should be criminal for the higher-ups to hold that information from the public so that they could sell all of their shares to save their bank accounts.

 

Thank God I don't have a credit card!  

It doesn't matter if you have a credit card. Utility companies report and check through them, phone companies, landlords/apartments, credit cards, banks, credit unions, brokers, mortgages, investors, some employers do credit checks.

There is a lot that hinges on these reports that people do not realize, luckily my credit union notified me pretty immediately of the breach. It helps that my mother is a branch manager and mortgage/loan officer.

[Kobathor]

5 minutes ago, Dylanc1500 said:

It doesn't matter if you have a credit card. Utility companies report and check through them, phone companies, landlords/apartments, credit cards, banks, credit unions, brokers, mortgages, investors, some employers do credit checks.

There is a lot that hinges on these reports that people do not realize, luckily my credit union notified me pretty immediately of the breach. It helps that my mother is a branch manager and mortgage/loan officer.

Thank God I'm unemployed and under 18? I do have my own bank account with all of my info, though.

[Dylanc1500]

6 minutes ago, Kobathor said:

Thank God I'm unemployed and under 18? I do have my own bank account with all of my info, though.

Being a minor doesn't change anything (as far as credit reporting). As long as your parent or guardians haven't put you on any of their loans (if they have any) or credit cards (like my wife's parents did when she was four years old, that's another story for another day...) then most likely trans Union doesn't have you in their system. That being said it is most likely that your name and info is already in their system but nothing has been reported to them. The most they probably have is your name, ssn, and possibly current address.

 

Oh and if you have payed income taxes (or not lol) or gotten a tax refund then you are definately in the system.

[Kobathor]

12 minutes ago, Dylanc1500 said:

Oh and if you have payed income taxes (or not lol) or gotten a tax refund then you are definately in the system.

2

Then I'm probably fine. Definitely will notice if my bank account is drained though.

 

Still think it's totally ridiculous that we haven't done anything about Social Security Numbers. It's not even meant to be an ID. I get that US citizens hate the idea of a national ID, but could we at least use state ID instead of SSN? Terribly insecure, it's not even a random sequence of numbers with security measures. Just where and when you were born (since we assign them at birth nowadays.) I really wish it were regulated so that we couldn't force people to ID themselves only with SSN.

 

EDIT- yes I know we changed how SSNs are assigned in 2011.

[Dylanc1500]

14 minutes ago, Kobathor said:

Then I'm probably fine. Definitely will notice if my bank account is drained though.

 

Still think it's totally ridiculous that we haven't done anything about Social Security Numbers. It's not even meant to be an ID. I get that US citizens hate the idea of a national ID, but could we at least use state ID instead of SSN? Terribly insecure, it's not even a random sequence of numbers with security measures. Just where and when you were born (since we assign them at birth nowadays.) I really wish it were regulated so that we couldn't force people to ID themselves only with SSN.

 

EDIT- yes I know we changed how SSNs are assigned in 2011.

Social security numbers weren't and aren't meant as sole form of identification, they are typically paired with a form of picture identification (DL, state I.D., military I.D. And so on). If someone asks you for your ssn soley then I would question their reasoning. It's also the only federally identifying number we have (excluding military), as birth certificates and drivers licenses are state given.

[Zodiark1593]

Soon, what do we do on an individual level beyond just keeping an eye on statements?

[vanished]

Wow... at what point will IT become officially regulated and mandated so companies are forced to have actually good systems?  This kind of thing happens far too often and is entirely avoidable.

[Dylanc1500]

4 minutes ago, Zodiark1593 said:

Soon, what do we do on an individual level beyond just keeping an eye on statements?

Well you can apply for a different ssn and DL number but then you have to go and update all your information anywhere and everywhere that you have used prior information and update it. Also be very leary of where you put your information.

[vanished]

1 minute ago, Dylanc1500 said:

Well you can apply for a different ssn and DL number but then you have to go and update all your information anywhere and everywhere that you have used prior information and update it.

Then hope that the systems that use that information aren't so crude that the ole one still works somehow

[Dylanc1500]

Just now, Ryan_Vickers said:

Then hope that the systems that use that information aren't so crude that the ole one still works somehow

This is sadly a very big concern as well. As if you don't make sure you have EVERYTHING updated they can use it.

[vanished]

1 minute ago, Dylanc1500 said:

This is sadly a very big concern as well. As if you don't make sure you have EVERYTHING updated they can use it.

The system should be designed such that if you get a new number from the government anything that has/uses the old number suddenly just stops working, like cancelling a credit card.  If that's not how it works, then it's rather pointless.

[MadModder]

Gosh! I certainly hope this doesn't hurt the CEO's credit scores. That's really hard to clear up. (/sarcasm).

[Dylanc1500]

4 minutes ago, Ryan_Vickers said:

The system should be designed such that if you get a new number from the government anything that has/uses the old number suddenly just stops working, like cancelling a credit card.  If that's not how it works, then it's rather pointless.

It is how it works within government systems (taxes, IRS, social security and so on) however, any company that uses your ssn can cross reference with those agencies but not many honestly do except at the time you first apply for whatever service or product they supply.

[vanished]

6 minutes ago, Dylanc1500 said:

It is how it works within government systems (taxes, IRS, social security and so on) however, any company that uses your ssn can cross reference with those agencies but not many honestly do except at the time you first apply for whatever service or product they supply.

And therein lies the problem.  This seems to be a systemic issue with a lot of things, whether it's government systems or private companies.  They set them up with people as the weakest link, and the glue that binds it all together, rather than a way that's inherently secure.  An excellent analogy is the difference between files that are encrypted, and files that are just sitting open, but you have to enter a password to login to the system and access them (or, you know, just pull out the drive and read them in another system).  Sounds like this, like many other things, are designed more like the latter 

[mynameisjuan]

What sucks is there is literally nothing you can do but keep an eye on your accounts, credit...etc

[GoodBytes]

Just a reminder. Even if you never used Equifax services, someone else might... for example, a credit card check from a landloard, car dealership, banks (yes!), store credit card application, etc. So your personal information might be exposed without you knowing.

[m0k]

screw equifax
literally idiots designed their system

took them two fu%#&#@ years to figure out that im not my brother....

[GoodBytes]

2 minutes ago, mok said:

screw equifax
literally idiots designed their system

took them two fu%#&#@ years to figure out that im not my brother....

Yes, I heard many stories, including confusing someone profile with another despite different name, preventing someone to rent. Months of fighting to fix this.

The worst part, is it is stuff that you never know about, as someone else dealt with them and might have registered itself with some wrong information, and they don't check, or passes checking stages (like, and this is just an example of what I mean, and in no way saying that Equifax have/had this problem: name given does not match the social security number given due to a typo on the number, screwing someone else profile that has that number)

[Snadzies]

I have a membership to one of those credit/ID monitoring / fraud insurance services ever since the breach on Sony's end a few years back.

I get alerts whenever someone looks up my credit info or applies for something with my info (so far everything they've reported on has been on the level and something I had actually been doing).

 

I'm not going to just sit back and go "I'm good, nothing to worry about" but I'm hoping that at a minimum it gives me an early warning if something look suspicious so I can take care of it right away.

[ionbasa]

Pretty upset about this. I have a few credit cards and finishing up making payments on a loan pretty soon this year. Not a fan of Equifax either. They sent a notice to my auto insurance company that they thought I was actually my great grandfather, who was born in the 1910s and died in 1970s. How does that even make sense? Albeit we do have the same first and last name, but differing middle names. They confused me with someone I never even got to meet or is even still alive. My insurance company then threatened me with insurance fraud, lol! Had to jump through hoops for a few months to get them to back off and realize their mistake. 

[TigerHawk]

Why does the locked thread have a nice ars technica link to the news and this one has a crappy fucking no name website in german?