Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security Privacy Transportation United Kingdom

Equifax Breach Included 10 Million US Driving Licenses (engadget.com) 66

An anonymous reader quotes a report from Engadget: 10.9 million U.S. driver's licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers' records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver's licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency's system.

Equifax Breach Included 10 Million US Driving Licenses

Comments Filter:
  • ...having a sub-500 credit score can be a good thing.
    • by Anonymous Coward

      The information can be used to file taxes. When one gets those "your taxes have already been filed" letters from the IRS is because someone used your SSN and other information and filed taxes to get a refund and other credits.

      That information is also used to get jobs. Illegal aliens use fake credentials to get jobs - and file taxes to get refunds and EIC, CTC, ACTC, AOTC or other credits.

      That information is also used for other nefarious reasons.

      And if that information is abused, it's up to the victim to c

      • "And if that information is abused, it's up to the victim to correct it - if they can - and cover the costs."

        Equifax should be forced to cover those costs and provide the services using a prime provider for life for anyone who was subject to that breach. The pathetic one year monitoring just doesn't cut it, especially when it is done by a obscure company with a shady track record. Anthem did the same thing, they offered monitoring for a year, but picked the worst vendor on the market to offer that servic
      • by zifn4b ( 1040588 )

        The information can be used to file taxes. When one gets those "your taxes have already been filed" letters from the IRS is because someone used your SSN and other information and filed taxes to get a refund and other credits.

        Or for those of us who don't live paycheck to paycheck and don't prefer to give the Federal government an interest free loan, by all means you can go right ahead and pay my taxes!

  • Someone needs to get handed a few decades of jail time for this. By somone, I mean someone with Director, or C_O after their name. Better yet a few someones.
    • Yes there needs to be house cleaning (without parachutes but that will never happen) and yes the FTC needs to open a huge can of woopass on them and yes they should be sued into insolvency but jail time?

      Let's put the pitchforks away for a minute and realize it's not *if* a data breach happens it's when and no one is immune.

      The bad thing here is, like others, they are pussyfooting around with what/why/when/how and some of it may be to ignorance but a lot is probably damage control. In a sensible system ther

      • by Blymie ( 231220 )

        The law already handles this all over the spectrum. It's called 'negligence'. Fault is easy to assign.

        You don't patch shit? That's negligent. That's jail time.

        You get hit by a zero day, you have firewalls, and you catch it (because you're monitoring things!) fast? That's not your fault. You're not to blame.

        Equifax CxOs *do* deserve jail time. They were negligent. There needs to be criminal charges, and jail time served.

        Equating it to cars? You're driving down the road drunk. Or, you're on your pho

    • by Teckla ( 630646 )

      Someone needs to get handed a few decades of jail time for this. By somone, I mean someone with Director, or C_O after their name. Better yet a few someones.

      So here's the thing. We are currently experiencing the Computer Security Dark Ages. The security situation at almost ALL companies is as crappy as Equifax (not that Equifax should be off the hook as a result).

      The first problem is that security is way too hard. When 99.9% of people can't get something right, you have to start wondering if humans and education aren't the problem, but instead, if the tools are. Things should be ultra-paranoid super secure by default, and it should be downright hard to "un-secu

      • by Julz ( 9310 )

        Don't forget "Get it done cheap".

        That's why there's plenty of skilled developers (not toilet paper certifications, drop n drop, point n clickers) currently out of work or barely making a living.

  • Even if Equifax is completely disbanded and sold off, those responsible should spend time in jail and be fined into bankruptcy. Unfortunately, the right ones won't. There will be patsies and those who don't know enough or can't afford enough lawyers and time to defend themselves while the ones responsible will just take $$$ parachutes and waltz off.
          Our justice system is run by money, not justice. I wish I had a solution to propose.

    • by Anonymous Coward

      It's almost like a country that is supposed to be by the people for the people really isn't.
      We could fix this, but I fear it wouldn't be pretty.

    • FDR had the right idea when he threatened to reign in the Supreme Court. Really a shame he didn't do it.

      Our kangaroo courts are corrupt from top to bottom. The hands of every judge in the empire are soaked and dripping with blood. There can be no solution to any of today's deep political problems that does not include sweeping judicial reform.

  • Customers? (Score:5, Informative)

    by Zocalo ( 252965 ) on Wednesday October 11, 2017 @05:39PM (#55352505) Homepage
    You know, it's really starting to bug me that the media, including those that really ought to know better, keeps referring to the victims of the Equifax hack as their "customers". With the exception of those who actually signed up to Equifax's credit checking service of their own volition they, or more accurately the data Equifax has about them, are either victims or the *product*. Equifax's actual customers are the banks, employers, stores, and other companies that buy the data Equifax holds on the victims of the hack, most of whom have no direct business relationship with Equifax beyond an agreement with a third party to have their credit checked that probably didn't even make it clear that it would be Equifax doing the checks.
    • That is what they do. For a fee. So their customers (Banks etc.) will be really pissed that they are giving out this information to others for free.

      It amazes me that the USA allows these companies to exist.

    • Really good point.

      What's a better term than "customers" for those on whom credit agencies collect slander data? "Victims" is true in many senses, but it sounds bad and lends itself to confusion in use. "Prey" makes it sound like there's a chance for escape, when there is not.

      "Marks" falsely implies they used trickery rather than coercion to get the data. "Slanderees" is basically correct, but it sounds weird.

      I really don't know the answer but I think it's an important question. Correct politics begins with

  • I don't think any amount of identity monitoring can make up for this bullshit. Not only did my credit information get leaked, my salary and now my ID. This was bound to happen eventually, we need to really rethink about who gets our information, how long they can keep it, who is authorized to have it and hold them to a universal standard across the board for securing it. At which when a company falls out of compliance, they get 1 warning and after that they are permanently barred from storing this data.

  • At this point wouldn't it be quicker to list things that were not compromised by Equifax?

  • Store your data behind a "skinny pipe" to the outside world.

    Make "skinny" just big enough for "normal" traffic for any given time of day plus a fudge-factor to allow for busy days.

    This way if someone wants to steal your data they will have to "sip it slowly" to avoid causing a noticeable slowdown.

    It won't stop wholesale data theft but it will reduce the amount of information they can steal in any given period of time.

    It also won't stop "selective" data theft..

    • Unless the amount of data you have is eclipsed by the number of times it's accessed.

    • by Blymie ( 231220 )

      It apparently took the hackers months to get all the data. Why? They kept data transfers to a minimum, so it didn't show up on graphs.

    • by DarkOx ( 621550 )

      Yes that is an element that isnt getting enough discussion in all this. How exactly did the attackers make off with quite so much data. We are talking 100TB plus at this point. I mean did they send small amounts of it to 10000000's of bots and than collate from there?

      How did they not have any correlation and event monitoring that could not spot a dataflow orders of magnitude larger than anything else that usually happens on their network?

  • Why are they not subjected to civil seizure? I think we all know.

  • End Equifax now. Company out of business. Assets seized by the State. Managers fined. Executives in the gulag. End Equifax now.

  • It's a neat idea. Hackers breach Equifax and find wormholes to everyone's residences and steal all drivers licenses and pile them up in a warehouse on a deserted tropical island.

    However, they may have stolen the Drivers License numbers.

An age is called Dark not because the light fails to shine, but because people refuse to see it. -- James Michener, "Space"

Working...