Harmony Central Forums
Announcement
Collapse
No announcement yet.

OT - Uh oh - Equifax hacked - personal info for 140+ million exposed

Collapse



X
  • Time
  • Show
Clear All
new posts

  • OT - Uh oh - Equifax hacked - personal info for 140+ million exposed

    That's about half the country. Social security numbers, birth dates, even driver's license numbers were revealed in some cases.

    And it's not just people in the USA - Canadians and people in the UK are also affected.

    Looks like we can't even trust the credit reporting agencies to keep our personal information secure.

    Great.

    Anyway, you'd probably better read the linked article and use the tool linked in it to check whether or not you're one of the unlucky ones...

    http://www.msn.com/en-us/money/compa...tN0?li=BBnb7Kz
    **********

    "Look at it this way: think of how stupid the average person is, and then realize half of 'em are stupider than that."

    - George Carlin

    "It shouldn't be expected that people are necessarily doing what they appear to be doing on records."

    - Sir George Martin, All You Need Is Ears

    "The music business will be revitalized by musicians, not the labels or Live Nation. When the musicians decide to put music first, instead of money, the public will flock to the fruits and the scene will be healthy again."

    - Bob Lefsetz, The Lefsetz Letter

  • #2
    I tell everyone, just assume your personal info has been stolen by somebody. Take the steps - change all the relevant passwords, check all bank and credit accounts, check with the IRS to see if a fake return has been filed under your name/SSN, keep the computers clear of viruses, spyware, all that.

    And....don't do personal banking business over a public wifi network. Really, that's just asking for trouble but people, especially kids, do it all the time.

    nat

    Comment


    • #3
      How do we know that's a legitimate Equifax web site and that we're not giving away our last name and 2/3 of our social security number to a data broker,if it hasn't already been stolen?

      The link (off the equifax.com) web page takes you to https://trustedidpremier.com/eligibi...igibility.html
      Who the heck is that and why should we trust them? Maybe the Equifax web site got hacked and filling out the form sends your information to someone who might do something nasty with it - like put it in a package of 99,999 other names and partial social security numbers and sell it to someone who will sell that list to someone else who will make up about a dozen moneymaking accounts and then burn the computer.
      Last edited by MikeRivers; 09-08-2017, 09:44 AM. Reason: I'm tired of being paranoid about being paranoid
      --
      "Today's production equipment is IT-based and cannot be operated without a passing knowledge of computing, although it seems that it can be operated without a passing knowledge of audio." - John Watkinson, Resolution Magazine, October 2006
      Drop by http://mikeriversaudio.wordpress.com now and then

      Comment


      • #4
        Originally posted by MikeRivers View Post
        How do we know that's a legitimate Equifax web site and that we're not giving away our last name and 2/3 of our social security number to a data broker,if it hasn't already been stolen?

        The link (off the equifax.com) web page takes you to https://trustedidpremier.com/eligibi...igibility.html
        Who the heck is that and why should we trust them? Maybe the Equifax web site got hacked and filling out the form sends your information to someone who might do something nasty with it - like put it in a package of 99,999 other names and partial social security numbers and sell it to someone who will sell that list to someone else who will make up about a dozen moneymaking accounts and then burn the computer.
        That's all certainly possible Mike, but I obtained the link from a major website's news story, and saw the same one used on another major site in their coverage of the story, so I have to assume the link is legitimate and not a scam.

        Equifax discovered the hacking days ago and just now announced it, so assumedly they used the time in between to get their house in order.
        **********

        "Look at it this way: think of how stupid the average person is, and then realize half of 'em are stupider than that."

        - George Carlin

        "It shouldn't be expected that people are necessarily doing what they appear to be doing on records."

        - Sir George Martin, All You Need Is Ears

        "The music business will be revitalized by musicians, not the labels or Live Nation. When the musicians decide to put music first, instead of money, the public will flock to the fruits and the scene will be healthy again."

        - Bob Lefsetz, The Lefsetz Letter

        Comment


        • #5
          Originally posted by Anderton
          Actually they discovered the hack at the end of July, and took this long to tell people their identities had been compromised (I'm one of the lucky ones, of course). That's almost worse than that the hack happened in the first place.

          There's a class action suit in the works that alleges the Equifax compromised their security procedures because they wanted a better bottom line. If that's true, I hope they hammered into the ground.
          Oh, it just gets better and better.
          1. Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers. So they got out before the stock on Equifax tanked and made money on the deal.
            https://www.bloomberg.com/news/artic...ing-cyber-hack
          2. The website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn't provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn't perform proper revocation checks. Worse still, the domain name isn't registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people's details. It's no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.
            https://arstechnica.com/information-...nal-info-ever/
          3. That new web site that you have to use to see if you are affected - if you use the site you also agree to a binding arbitration clause and agree not to sue. At the bottom of this new site is a section called "Terms of Use." There, in paragraph 4, is bolded, uppercase text of note. It tells site visitors that you agree to waive your right to sue and instead must "resolve all disputes by binding, individual arbitration."

            It will be up to the courts to decide whether arbitration agreements are enforceable. The legal standard is whether they're "unconscionable." We'll find out soon enough because class-action lawsuits are already being lodged on behalf of breach victims. New York Attorney General Eric Schneiderman strongly challenged the terms of service in a tweet to his followers: "This language is unacceptable and unenforceable. My staff has already contacted @Equifax to demand that they remove it."
            https://arstechnica.com/tech-policy/...e-to-find-out/
          4. If your credit is compromised, Equifax will not help you straighten it out. "We do not offer, provide, or furnish any products, or any advice, counseling, or assistance, for the express or implied purpose of improving your credit record, credit history, or credit rating," the company in its 7,200-word terms and conditions. "By this we mean that we do not claim we can 'clean up' or 'improve' your credit record, credit history, or credit rating."
            http://money.cnn.com/2017/09/08/tech...ces/index.html
          And in the end, you simply have no choice but to continue to use these companies. If you want a car, a house, a loan of any type, you have to submit your information to them.

          Oh yea, they got my info too. Lucky me.
          Last edited by Mandolin Picker; 09-08-2017, 03:50 PM.
          The Mandolin Picker

          "Bless your hearts... and all your vital organs" - John Duffy

          "Got time to breath, got time for music!"- Briscoe Darling, Jr.

          Comment


          • #6
            Originally posted by Phil O'Keefe View Post

            Equifax discovered the hacking days ago and just now announced it, so assumedly they used the time in between to get their house in order.
            They discovered the hack at the end of July, and disclosed it early in August. I wonder why it took this long for us common folks to get the word. Interestingly, three Equifax executives sold some of their personal shares of company stock a day or two before the hack was disclosed (they claim to have no knowledge of the problem), and the next day the stock took a dive.


            OMG! Now what should I do? They got my name and 2/3 of my SS number and they said I may have been compromised, but it took less than a second for that to come back, so I'll bet they say that to all the girls. And I have to remember to come back in the middle of next week to enroll in what I guess is the free year of credit monitoring.

            I'm done for. I should have known better. We all should have known better.
            Last edited by MikeRivers; 09-08-2017, 04:09 PM.
            --
            "Today's production equipment is IT-based and cannot be operated without a passing knowledge of computing, although it seems that it can be operated without a passing knowledge of audio." - John Watkinson, Resolution Magazine, October 2006
            Drop by http://mikeriversaudio.wordpress.com now and then

            Comment


            • #7
              I don't think they're saying it to everyone - there are some over in the poli forum who have said that they got a message that said they were not affected, or words to that effect.

              **********

              "Look at it this way: think of how stupid the average person is, and then realize half of 'em are stupider than that."

              - George Carlin

              "It shouldn't be expected that people are necessarily doing what they appear to be doing on records."

              - Sir George Martin, All You Need Is Ears

              "The music business will be revitalized by musicians, not the labels or Live Nation. When the musicians decide to put music first, instead of money, the public will flock to the fruits and the scene will be healthy again."

              - Bob Lefsetz, The Lefsetz Letter

              Comment


              • #8
                This just seems to be getting worse and worse. If you went to the Equifax and were told that you weren't affected, well, it probably isn't correct. It seems that the web site simply gives random answers.
                • Those hoping to find out if their Social Security number and other identifying info was stolen, along with a potential 143 million other American’s data won’t find answers from Equifax. In what is an unconscionable move by the credit report company, the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach.
                https://techcrunch.com/2017/09/08/ps...d-by-the-hack/
                • Also, if you have a credit freeze on your account at Equifax, turns out the PIN is just a date/time stamp. And it appears that they have been using this for well over a decade.
                https://twitter.com/webster/status/906638411930497029
                Every time there is a data breech, it always takes a while before the full scope of the damage is known. Given the damaging information being released just in the first couple days, one has to wonder just how bad this will be when everything is finally known.


                The Mandolin Picker

                "Bless your hearts... and all your vital organs" - John Duffy

                "Got time to breath, got time for music!"- Briscoe Darling, Jr.

                Comment


                • #9
                  The only good thing about this - and it is bad too - is this could be a wakeup call in the sense its not about using the Internet and taking security precautions but that no one in our data driven society is immune from the data theft whether you go on line or not

                  Just glancing through the Privacy Rights Clearinghouse many types businesses are being hacked practicality every few days: medical facilities, financial institutions, government agencies, small business, grocery stores and on and on . If you look at a lot of the reports the extent of the hack is unknown including the number of records captured
                  Now on a general level most people know this, but few question the stability of our data driven society.

                  as one small incident: "....39DollarGlasses immediately took action and commenced an investigation to determine what information may have been accessed. 39DollarGlasses determined that the unknown individual may have accessed some of its customer names, addresses, telephone numbers, and credit/debit card information.."


                  It seems like we live on this huge ship winch is being constantly battered with holes, perhaps most are tiny and only allow a few drops of water seep into the ship daily for each incident. Others are a trickle or more. So are we capable as a society able to question the weaknesses of computer technology? That in itself seems to be a taboo...


                  So why is Equifax making the consumer do the leg work to "try" to determine if we've been affected by this breach? In fact making the whole process unreliable? And how can there be a solution to this?
                  Last edited by electrow; 09-10-2017, 01:37 PM.

                  Comment


                  • #10
                    Originally posted by Phil O'Keefe View Post
                    That's about half the country. Social security numbers, birth dates, even driver's license numbers were revealed in some cases.

                    And it's not just people in the USA - Canadians and people in the UK are also affected.

                    Looks like we can't even trust the credit reporting agencies to keep our personal information secures.

                    Great.

                    Anyway, you'd probably better read the linked article and use the tool linked in it to check whether or not you're one of the unlucky ones...

                    http://www.msn.com/en-us/money/compa...tN0?li=BBnb7Kz
                    We never could trust those evil ***holes w/our privates. It's a formidable combination, evil intent with incompetence. Americans didn't stand a chance. I know I'm in that batch.
                    Last edited by Etienne Rambert; 09-10-2017, 02:22 PM.
                    He has escaped! Youtube , ​Murika , France

                    Comment


                    • #11
                      Wow, everyone is angry at the company that got hacked - no mentioning the hackers themselves. I thought they were the real bad guys in these situations.

                      Sure, maybe Equifax was lax in their procedures. Or maybe not. How can I know? I can't take a few things heard off the web or in conversations somehow as solid proof of guilt. If I ran that company, would I have done things differently? How could I answer that question unless I knew a thousand more facts of the matter than I do now?

                      Society runs to judgement so quickly, it's scary. Looking for someone to blame, some target to take the heat.

                      I totally agree we rely too much on these faceless outfits that have our personal info. I totally agree that the internet+business=profits scenario has both enriched and endangered us. But only a very few people really worry about the dangers - until they experience them. Then it's all calling down fire and brimstone -

                      I also think the average person is extremely lazy and fatalistic when it comes to internet and digital privacy issues. Any new convenience, however insecure, however risky, gets grabbed up and used right off the bat. Everyone hides in the crowd. So here we go - the whole crowd has now been data-robbed - oops, that tactic didn't work, surprise, surprise.

                      You can protect yourself pretty well regardless of all this data-hacking. And I don't mean by going off the grid. However, there's no such thing as 100% safe - just relative degrees of safety that the wiser among us find out how to achieve. When has life ever offered us more than that?

                      nat




                      Comment


                      • #12
                        Originally posted by Anderton

                        There's a class action suit in the works that alleges the Equifax compromised their security procedures because they wanted a better bottom line. If that's true, I hope they hammered into the ground.
                        If it can be shown that they compromised their security, they're going to get hammered hard. If they can show that those three executives knew about the hack prior to selling off their shares, someone's going to jail.

                        I heard the class action is suing for 70 billion, which sounds like a lot until you do the math... 70 billion divided by 143 million people... and then divide that in half for the lawyer's fees and costs, and as usual, the ones who will make the real money off this sad event are the attorneys.
                        **********

                        "Look at it this way: think of how stupid the average person is, and then realize half of 'em are stupider than that."

                        - George Carlin

                        "It shouldn't be expected that people are necessarily doing what they appear to be doing on records."

                        - Sir George Martin, All You Need Is Ears

                        "The music business will be revitalized by musicians, not the labels or Live Nation. When the musicians decide to put music first, instead of money, the public will flock to the fruits and the scene will be healthy again."

                        - Bob Lefsetz, The Lefsetz Letter

                        Comment


                        • #13
                          Originally posted by nat whilk II View Post
                          Wow, everyone is angry at the company that got hacked - no mentioning the hackers themselves. I thought they were the real bad guys in these situations.
                          The reason that I feel so angry at the company is that there is (for lack of a better term) an "air of arrogance" surrounding this whole thing. They really don't care about the fallout from this. They may face a fine or a law suit, but in the end they will continue to make money, and will likley make even more due to this in the future (remember, their sister company TrustedID is a company that helps 'protect' your credit and personal information - for a price). There will be hearings on Capitol Hill, but nothing will happen, and they will continue on down the road on their merry way, whistling all the way to the bank, because they are simply "too big to fail".

                          From everything that I have read on the tech sites, the hack was due to a long known vulnerability in their web platform. It apparently was a flaw that was around the last time they were hacked (2013) and they did nothing about correcting it. Why bother, what can be done to them anyway?

                          Then there is the fact that the hack occurred in May, they didn't discover it till July (says a lot about the competency of the IT folks) and they didn't report it till September - during which time at least three of the upper echelon sold their stock and made money (which sounds illegal to me - or at least it ought to be).

                          The company stated the delay was to allow them time to prepare a response. That response could have been handled better by a high school computer club. Then it is discovered that the site that is supposed to tell you if you have been a victim it just spitting out random answers. But they want you to sign up for their Credit Monitoring. While its is supposed to be free for a year, I'm sure they will make even more money as folks continue the monitoring for years.

                          And that is really the rub here. The information that was stolen will be valuable for decades. Unlike other breaches at other companies, this isn't a simple fix of going online and changing your username and password. You can't get a new name, new birth date, new SSN, etc. The company was caviler with their security and some nasty folks took advantage of it. And you and I will be affected by it for a very long time.

                          If I leave my front door unlocked and someone comes in and steals my safe with my $5,000 in it, that is on me. If I have your money in that safe, say $5,000, along with the keys to your house and car, and I leave the front door open and the safe combination on a table next to the safe, who are you more mad at - the crooks who took the stuff, or me for not safeguarding your property. And this is far worse than someone stealing a safe.
                          The Mandolin Picker

                          "Bless your hearts... and all your vital organs" - John Duffy

                          "Got time to breath, got time for music!"- Briscoe Darling, Jr.

                          Comment


                          • #14
                            Originally posted by Mandolin Picker View Post

                            The reason that I feel so angry at the company is that there is (for lack of a better term) an "air of arrogance" surrounding this whole thing. They really don't care about the fallout from this. They may face a fine or a law suit, but in the end they will continue to make money, and will likley make even more due to this in the future (remember, their sister company TrustedID is a company that helps 'protect' your credit and personal information - for a price). There will be hearings on Capitol Hill, but nothing will happen, and they will continue on down the road on their merry way, whistling all the way to the bank, because they are simply "too big to fail".

                            If I leave my front door unlocked and someone comes in and steals my safe with my $5,000 in it, that is on me. If I have your money in that safe, say $5,000, along with the keys to your house and car, and I leave the front door open and the safe combination on a table next to the safe, who are you more mad at - the crooks who took the stuff, or me for not safeguarding your property. And this is far worse than someone stealing a safe.
                            I certainly want whoever's to blame to be blamed. As for analogies with a personal safe...in all cases of robbery, the robbers are the primary bad guys, no?

                            A business like Equifax should have a fiduciary duty, of course, to take all reasonable measures to keep the data safe. If they fail that duty, then sure, let the legal proceedings proceed. They could have taken reasonable measures and still been hacked. I'm just claiming that there's no way to know if they took reasonable measures or not without diving deep into the technicalities and the legalities. It will be complicated. The public doesn't like complicated when they are upset.

                            And I don't deny that so much stuff sound fishy regarding Equifax's actions. But what if you went to court, charged with something, and the judge said, "What I read on the internet is really fishy and makes you sound guilty - I'm going with that, guilty as alleged, sentence is death by angry mob."

                            It's the rush to judgement that bothers me - millions of armchair judges, juries and executioners. Happens all the time - they should teach kids in school how hard it truly is to determine the truth in complex matters, how difficult to figure exactly what happens, who did what, who is to blame, what the appropriate actions the justice system should take.

                            But the crowd is not interested - if the crowd is angry, the crowd is heavily, heavily biased to uncritical condemnation right off the bat. All it takes is for something bad to happen and a few articles insinuating guilt and that's good enough for most people to set their jaws and sign the death warrant.

                            It's not good enough for me. If I'm going to condemn someone I damn sure better not be talking out of my hat motivated by outraged self-interest. I better listen to all sides of the story and go through something like a critical analysis, listening to people who know more about this kind of thing than I do. If I'm too involved to be objective, I should hand it off to someone else to assess.

                            nat
                            Last edited by nat whilk II; 09-10-2017, 10:52 PM.

                            Comment


                            • #15
                              There appears to be enough blame to go around - of course I'm ticked at the hackers, but that doesn't mean that Equifax doesn't also bear some responsibility for this.

                              **********

                              "Look at it this way: think of how stupid the average person is, and then realize half of 'em are stupider than that."

                              - George Carlin

                              "It shouldn't be expected that people are necessarily doing what they appear to be doing on records."

                              - Sir George Martin, All You Need Is Ears

                              "The music business will be revitalized by musicians, not the labels or Live Nation. When the musicians decide to put music first, instead of money, the public will flock to the fruits and the scene will be healthy again."

                              - Bob Lefsetz, The Lefsetz Letter

                              Comment













                              Working...
                              X