Equifax's Data Breach By the Numbers: 146 Million Social Security Numbers, 99 Million Addresses, and More (theregister.co.uk) 69
Several months after the data breach was first reported, Equifax has published the details on the personal records and sensitive information stolen in the cybersecurity incident. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant's ongoing audit of the security breach," reports The Register. From the report: Late last week, the company gave the numbers in letters to the various U.S. congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America's financial watchdog. As well as the -- take a breath -- 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers' licenses and 3,200 passport details lifted, too.
The further details emerged after Mandiant's investigators helped "standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." The extra data elements, the company said, didn't involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.
The further details emerged after Mandiant's investigators helped "standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." The extra data elements, the company said, didn't involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.
US numbers are nice and all, but... (Score:2, Interesting)
How many people from other countries got screwed by Equifax and to what degree? The stories reporting affected people seem to continually ignore the fact that there's more to the planet than the US and companies like Equifax have no qualms about screwing non-USians, too.
Re: (Score:2, Interesting)
In many other countries, you cannot take someone's money from the bank or take out a loan simply by having a semi-public information like DOB or some ID number or an address.
That would be called fraud, and the bank would be liable for such lost since the bank is the victim.
Only in American would allow the bank to pass the loss (due to their own fault) to their customer, and call that "identity theft".
Re: (Score:2)
Re: (Score:2)
Disclaimer: I am not an American
Re: (Score:2)
It does rub salt in the woulds a bit that Equifax has done nothing but make matters worse for people whose ID is used fraudulently, and now they have actually facilitated that same ID fraud on a massive scale.
Detterant (Score:5, Insightful)
It's a good thing all those executives went to prison so corporations will start taking security seriously.
Oh wait.
Re:Detterant (Score:5, Insightful)
It's a good thing all those executives went to prison so corporations will start taking security seriously.
Sending people to prison for incompetence is silly. America already has far more people in prison than China, Russia or Iran, and four times the incarceration rate of the developed country average.
Non-violent offenders do not belong in prison. For instance, Equifax executives could wear tracking anklets and spend 60 hours a week changing bedpans in nursing homes for the next 10 years. The cost to the taxpayers would be negligible, they would be doing useful work, and they may be back below their level of incompetence [wikipedia.org].
Re: (Score:2, Funny)
Yeah it'd be much better to do like China, Russia or Iran and just shoot them...
Re: (Score:1)
The Chinese don't shoot them anymore. When a Chinese national commits a serious crime, they send the mobile execution van around and give them a lethal injection. This is what happened to the billionaire behind the melamine in baby formula scandal. The Chinese executed him in the van like any common criminal. His wealth did not save him. I have to say, there's something oddly satisfying about the Chinese way of dealing with these wealthy criminals who think that they're above the law.
Re: (Score:2)
Yeah it'd be much better to do like China, Russia or Iran and just shoot them...
Russia has not used the death penalty in more than 20 years. The last judicial execution was in 1996.
Re: (Score:1)
Yeah it'd be much better to do like China, Russia or Iran and just shoot them...
Russia has not used the death penalty in more than 20 years. The last judicial execution was in 1996.
Of course, and still there was:
- Sergei Magnitsky: Magnitsky had died from being beaten and tortured by several officers of the Russian Ministry of Interior
- Anna Stepanovna Politkovskaya: tried to be poisoned, finally murdered
- Maksim Borodin: died of injuries from falling out of a window
- and many many others, either poisoned abroad or beaten to death, or just plainly murdered
I assume, that by now everyone able to read have read Orwell's books, so people can differentiate between official statistics
Re: (Score:1)
Sweety, the reason they buy from the criminals is because you and yours made it a crime.
Legalise and regulate. Same as alcohol and tobacco. Add a tax that goes to hospitals or medical care for chronic abusers if you want. Spend the money you save on enforcement on support and watch your crime shrink, the cartels implode and the poorest and most vulnerable members of society start to do a bit better.
Or is that last sentence the one that sticks in the craw?
Re:Deterent (Score:2)
ShanghaiBill opined:
Non-violent offenders do not belong in prison.
Prompting a courageous Anonymous Coward to respond:
Is that a reference to the poor persecuted drug users? At least when they are locked up, they are not pouring money into the Mexican drug cartels' pockets.
You really, really need to read Pulitzer Prize-winning journalist Sam Quinones' book Dreamland: The True Story of America's Opioid Epidemic [amazon.com]. It's essentially the story of how Perdue Pharmaceuticals created the opioid epidemic in the USA by misrepresenting to the FDA, Congress, and doctors across the country how "harmless" prescribing powerful opiod narcotics was, even for chronic pain.
Based strictly on Perdue's bullshit, doctors - especially high school and
Re: (Score:2)
> Sending people to prison for incompetence is silly.
Anything but time served is something the Corporation can just take as an "operating cost". Now how that time is served (either prison or community service) is debatable.
At this level of disaster it doesn't matter whether the result was incompetence or malfeasance. According to Gray's Law [1] Any sufficiently advanced incompetence is indistinguishable from malice. At some point the Corporation's failure should result in tangible punishment regardle
Re: (Score:2)
Sending people to prison for incompetence is silly. .
Sufficiently advanced incompetence is indistinguishable from malice.
Re: (Score:2)
Sending people to prison for incompetence is silly.
This is what pisses me off most when having technical discussions. Claiming something is hard when you signed up for a job doesn't fly. Let's ignore the fact that Equifax was aware of the security issues before this breach happened. Let's ignore the fact they're repeat offenders with handling data. They handle people's data that controls identity. It's borderline impossible to undo damage and prevent it once this information leaks.
(And why our government is continuing to use them after this breach is..
Re: (Score:2)
A compensation of $2,000 per person affected for a total of 292 billion dollars sounds like a good place to start.
Equifax doesn't even have 1% of that amount, and never will.
If they cannot pay, then all data held by Equifax should be seized in remission of the debt and permanently destroyed.
So thousands of employees, who had nothing to do with the breach, would lose their jobs, and the credit reporting industry would switch from a tri-opoloy to a duopoly, making the situation worse for consumers.
Perhaps you should think about this some more.
Re: (Score:3)
Prison may not be the right choice, community service probably fits better.
As to why, THEY decided to spend more on marketing and less on security. They knew they had a problem and THEY decided to keep it covered up as long as possible (and so increased the damage). They choose to continue pretending that adverse credit reports are accurate even knowing that their own sloppy security introduced a great deal of doubt into that.
And finally, THEY have done their damnedest ever since to make sure anyone and eve
I don't recall ever giving my permission (Score:3)
For Equifax to be in charge of my personal information.
Can anyone elaborate as to why they were put in charge, and what recourse do I have to punish this company for mishandling my information?
Re: (Score:1)
If you don't have anything to hide, then you have nothing to worry about.
Re:Just post every SSN (Score:5, Funny)
Why do financial institutions seem to insist that Social Security numvers are a secret code? The government should just publish ALL of the SSNs
That is the way it works in many countries: Your citizenship number is public information.
Many have a separate changeable PIN for authentication.
The American system of making the same number both semi-public and secret is unique.
If 10% of the population went on record and disclosed their SSNs publicly it would shut down the SSN as a 'secret code.'
Equifax has already done this as a public service. Good for them.
Re: (Score:2)
"Unique."
I nominate ShanghaiBill for the Politest Person of the Year award!
Re: (Score:2)
It has happened; that's what the story is about. 50-100% Americans already did, whether we wanted to or not.
The information is no longer secret; we know for sure that it is definitely in the hands of ne'er-do-wells. Anyone who uses it for authentication is definitely, 100% being negligent without any possibility that they're trying to do the right thing or even
charge them for the privilege (Score:4, Interesting)
$1 per name, email, physical address
$2 per phone number
$3 per credit card number
$4 per SSN
And multiply for combinations thereof. You'll see how fast companies move to secure their data.
Re: (Score:1)
I keep saying, the following penalty scheme imposed on companies will clean up data breaches right quick: $1 per name, email, physical address $2 per phone number $3 per credit card number $4 per SSN And multiply for combinations thereof. You'll see how fast companies move to secure their data.
No, it will not work as long as people responsible are not held accountable.
Most of the cases I know the CEO making decisions retires with multi-million golden parachute and all the penalty costs (if any) are passed on consumers or victims (as is the case of Equifax - people have to pay for locking their accounts, and one pays as long as one wants the lock be active) or ordinary workers.
Top management don't give a damn about penalties, because they make up the rules of profits distribution and by the
The IRS has news for you... (Score:1)
Percentage Perspective (Score:2)
That's the names, dates of birth, and tax ID numbers of roughly 45% of the entire United States (population ~326 million). Subtract children who don't have credit yet (~74 million), that's roughly 58% of US adults.
If "payment card" means credit card, that's 20% of all them in the US (1,041 million). Often you only need the number and expiration date to charge something to the card.
Those addresses are for roughly 30% of the population (if an address was attached to one name), or more (if an address was att
Data used in mass Walmart.com CC applications (Score:3)
The worst part (Score:3)
Their primary business is making sure adverse credit information follows people around, while making the assumption that the adverse reports are actually about the named person. Even while they know damned well that their own negligence has enabled ID fraud on a massive scale.
The most significant number: 0 zero zilch nada ni (Score:2)