Equifax Breach Included 10 Million US Driving Licenses (engadget.com) 66
An anonymous reader quotes a report from Engadget: 10.9 million U.S. driver's licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers' records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver's licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency's system.
Sometimes... (Score:1)
It's not just credit (Score:3, Insightful)
The information can be used to file taxes. When one gets those "your taxes have already been filed" letters from the IRS is because someone used your SSN and other information and filed taxes to get a refund and other credits.
That information is also used to get jobs. Illegal aliens use fake credentials to get jobs - and file taxes to get refunds and EIC, CTC, ACTC, AOTC or other credits.
That information is also used for other nefarious reasons.
And if that information is abused, it's up to the victim to c
Re: (Score:3)
Equifax should be shut down, but the C-level executives should get the electric chair.
You have to be realistic, and be fair. Read my comment and see if you still feel this way. And before I start: I am in no way affiliated with any credit reporting agency. I'm just a network engineer.
1. Credit reporting agencies serve a purpose. They ensure that future creditors can make a responsible decision on whether or not you can handle credit, and are creditworthy.
2. The information that they obtain, is provided to them by your creditors, and with your consent (you did read the terms and condition
Re: (Score:2)
Re: (Score:2)
You are clueless.
Thanks for your thorough assessment.
people apply for loans and credit cards without ever seeing anyone face to face
Yep. And don't you think this is the problem, rather than relying on a "secret" number?.
Now you tell me what would be a smarter move:
1. Keep relying on "intimate" knowledge to verify someones identity
2. Mandate the verification of someones identity using government issued ID
Re: (Score:2)
Re: (Score:3)
Equifax should be shut down
That will accomplish nothing. Equifax is already transitioning to different management. Shutting them down will just reduce competition even more and put 9500 people out of work.
Re: (Score:2)
Re: (Score:2)
Equifax should be forced to cover those costs and provide the services using a prime provider for life for anyone who was subject to that breach. The pathetic one year monitoring just doesn't cut it, especially when it is done by a obscure company with a shady track record. Anthem did the same thing, they offered monitoring for a year, but picked the worst vendor on the market to offer that servic
Re: (Score:1)
The information can be used to file taxes. When one gets those "your taxes have already been filed" letters from the IRS is because someone used your SSN and other information and filed taxes to get a refund and other credits.
Or for those of us who don't live paycheck to paycheck and don't prefer to give the Federal government an interest free loan, by all means you can go right ahead and pay my taxes!
Jail time (Score:2)
That's just silly... (Score:2)
Yes there needs to be house cleaning (without parachutes but that will never happen) and yes the FTC needs to open a huge can of woopass on them and yes they should be sued into insolvency but jail time?
Let's put the pitchforks away for a minute and realize it's not *if* a data breach happens it's when and no one is immune.
The bad thing here is, like others, they are pussyfooting around with what/why/when/how and some of it may be to ignorance but a lot is probably damage control. In a sensible system ther
Re: (Score:2)
The law already handles this all over the spectrum. It's called 'negligence'. Fault is easy to assign.
You don't patch shit? That's negligent. That's jail time.
You get hit by a zero day, you have firewalls, and you catch it (because you're monitoring things!) fast? That's not your fault. You're not to blame.
Equifax CxOs *do* deserve jail time. They were negligent. There needs to be criminal charges, and jail time served.
Equating it to cars? You're driving down the road drunk. Or, you're on your pho
Re: (Score:3)
Someone needs to get handed a few decades of jail time for this. By somone, I mean someone with Director, or C_O after their name. Better yet a few someones.
So here's the thing. We are currently experiencing the Computer Security Dark Ages. The security situation at almost ALL companies is as crappy as Equifax (not that Equifax should be off the hook as a result).
The first problem is that security is way too hard. When 99.9% of people can't get something right, you have to start wondering if humans and education aren't the problem, but instead, if the tools are. Things should be ultra-paranoid super secure by default, and it should be downright hard to "un-secu
Re: (Score:1)
Don't forget "Get it done cheap".
That's why there's plenty of skilled developers (not toilet paper certifications, drop n drop, point n clickers) currently out of work or barely making a living.
Re: (Score:2)
What about Windows Defender? You're already running Microsoft software, a little more won't hurt much more.
Punishment? (Score:2)
Even if Equifax is completely disbanded and sold off, those responsible should spend time in jail and be fined into bankruptcy. Unfortunately, the right ones won't. There will be patsies and those who don't know enough or can't afford enough lawyers and time to defend themselves while the ones responsible will just take $$$ parachutes and waltz off.
Our justice system is run by money, not justice. I wish I had a solution to propose.
Re: (Score:1)
It's almost like a country that is supposed to be by the people for the people really isn't.
We could fix this, but I fear it wouldn't be pretty.
Re: (Score:2)
It is by the people, for the people.
No one really defined who "the people" are though.
Re: Punishment? (Score:2)
FDR had the right idea when he threatened to reign in the Supreme Court. Really a shame he didn't do it.
Our kangaroo courts are corrupt from top to bottom. The hands of every judge in the empire are soaked and dripping with blood. There can be no solution to any of today's deep political problems that does not include sweeping judicial reform.
Customers? (Score:5, Informative)
It is Equifax's job to publish private information (Score:2)
That is what they do. For a fee. So their customers (Banks etc.) will be really pissed that they are giving out this information to others for free.
It amazes me that the USA allows these companies to exist.
Re: Customers? (Score:2)
Really good point.
What's a better term than "customers" for those on whom credit agencies collect slander data? "Victims" is true in many senses, but it sounds bad and lends itself to confusion in use. "Prey" makes it sound like there's a chance for escape, when there is not.
"Marks" falsely implies they used trickery rather than coercion to get the data. "Slanderees" is basically correct, but it sounds weird.
I really don't know the answer but I think it's an important question. Correct politics begins with
Re: (Score:2)
Equifax; the gift that keeps giving.... (Score:1)
I don't think any amount of identity monitoring can make up for this bullshit. Not only did my credit information get leaked, my salary and now my ID. This was bound to happen eventually, we need to really rethink about who gets our information, how long they can keep it, who is authorized to have it and hold them to a universal standard across the board for securing it. At which when a company falls out of compliance, they get 1 warning and after that they are permanently barred from storing this data.
Re: (Score:1)
Re: (Score:2)
Yet they're still in the system, because they got a mortgage.
or rented a house/apartment
or a power bill
or a phone account
or pretty much any service that runs as a "pay in arrears" service. They all run credit checks on their customers.
Wouldn't it be quicker? (Score:1)
At this point wouldn't it be quicker to list things that were not compromised by Equifax?
Re: (Score:2)
You go AC! I have faith you're going to honor your statements!
Throttle access to data (Score:1)
Store your data behind a "skinny pipe" to the outside world.
Make "skinny" just big enough for "normal" traffic for any given time of day plus a fudge-factor to allow for busy days.
This way if someone wants to steal your data they will have to "sip it slowly" to avoid causing a noticeable slowdown.
It won't stop wholesale data theft but it will reduce the amount of information they can steal in any given period of time.
It also won't stop "selective" data theft..
Re: (Score:2)
Unless the amount of data you have is eclipsed by the number of times it's accessed.
Re: (Score:2)
It apparently took the hackers months to get all the data. Why? They kept data transfers to a minimum, so it didn't show up on graphs.
Re: (Score:2)
Yes that is an element that isnt getting enough discussion in all this. How exactly did the attackers make off with quite so much data. We are talking 100TB plus at this point. I mean did they send small amounts of it to 10000000's of bots and than collate from there?
How did they not have any correlation and event monitoring that could not spot a dataflow orders of magnitude larger than anything else that usually happens on their network?
Civil Seizure (Score:2)
Why are they not subjected to civil seizure? I think we all know.
end Equifax now (Score:2)
End Equifax now. Company out of business. Assets seized by the State. Managers fined. Executives in the gulag. End Equifax now.
Pretty sure they didn't steal the drivers licenses (Score:2)
It's a neat idea. Hackers breach Equifax and find wormholes to everyone's residences and steal all drivers licenses and pile them up in a warehouse on a deserted tropical island.
However, they may have stolen the Drivers License numbers.