Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security Communications Databases Network Networking Privacy

Equifax's Data Breach By the Numbers: 146 Million Social Security Numbers, 99 Million Addresses, and More (theregister.co.uk) 69

Several months after the data breach was first reported, Equifax has published the details on the personal records and sensitive information stolen in the cybersecurity incident. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant's ongoing audit of the security breach," reports The Register. From the report: Late last week, the company gave the numbers in letters to the various U.S. congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America's financial watchdog. As well as the -- take a breath -- 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers' licenses and 3,200 passport details lifted, too.

The further details emerged after Mandiant's investigators helped "standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." The extra data elements, the company said, didn't involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.

This discussion has been archived. No new comments can be posted.

Equifax's Data Breach By the Numbers: 146 Million Social Security Numbers, 99 Million Addresses, and More

Comments Filter:
  • by Anonymous Coward

    How many people from other countries got screwed by Equifax and to what degree? The stories reporting affected people seem to continually ignore the fact that there's more to the planet than the US and companies like Equifax have no qualms about screwing non-USians, too.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      In many other countries, you cannot take someone's money from the bank or take out a loan simply by having a semi-public information like DOB or some ID number or an address.

      That would be called fraud, and the bank would be liable for such lost since the bank is the victim.

      Only in American would allow the bank to pass the loss (due to their own fault) to their customer, and call that "identity theft".

      • by anegg ( 1390659 )
        Bingo. This comment hits the nail on the head. The idea that Big Institution A wasn't stupid when they gave out cash, goods, or services to an individual who merely claimed someone elses identity without any proof is ridiculous. The fact that the legal system pins the problem on the innocent person who wasn't a party to the deal in the first place is criminal. Put the responsibility back where it belongs - in the hands of the Big Institution who is so eager to do business that they don't properly establ
  • Detterant (Score:5, Insightful)

    by Anonymous Coward on Tuesday May 08, 2018 @05:25PM (#56576574)

    It's a good thing all those executives went to prison so corporations will start taking security seriously.

    Oh wait.

    • Re:Detterant (Score:5, Insightful)

      by ShanghaiBill ( 739463 ) on Tuesday May 08, 2018 @05:33PM (#56576612)

      It's a good thing all those executives went to prison so corporations will start taking security seriously.

      Sending people to prison for incompetence is silly. America already has far more people in prison than China, Russia or Iran, and four times the incarceration rate of the developed country average.

      Non-violent offenders do not belong in prison. For instance, Equifax executives could wear tracking anklets and spend 60 hours a week changing bedpans in nursing homes for the next 10 years. The cost to the taxpayers would be negligible, they would be doing useful work, and they may be back below their level of incompetence [wikipedia.org].

      • Re: (Score:2, Funny)

        by Anonymous Coward

        Yeah it'd be much better to do like China, Russia or Iran and just shoot them...

        • by Anonymous Coward

          The Chinese don't shoot them anymore. When a Chinese national commits a serious crime, they send the mobile execution van around and give them a lethal injection. This is what happened to the billionaire behind the melamine in baby formula scandal. The Chinese executed him in the van like any common criminal. His wealth did not save him. I have to say, there's something oddly satisfying about the Chinese way of dealing with these wealthy criminals who think that they're above the law.

        • Yeah it'd be much better to do like China, Russia or Iran and just shoot them...

          Russia has not used the death penalty in more than 20 years. The last judicial execution was in 1996.

          • Yeah it'd be much better to do like China, Russia or Iran and just shoot them...

            Russia has not used the death penalty in more than 20 years. The last judicial execution was in 1996.

            Of course, and still there was:
            - Sergei Magnitsky: Magnitsky had died from being beaten and tortured by several officers of the Russian Ministry of Interior
            - Anna Stepanovna Politkovskaya: tried to be poisoned, finally murdered
            - Maksim Borodin: died of injuries from falling out of a window
            - and many many others, either poisoned abroad or beaten to death, or just plainly murdered

            I assume, that by now everyone able to read have read Orwell's books, so people can differentiate between official statistics

      • by rsborg ( 111459 )

        > Sending people to prison for incompetence is silly.

        Anything but time served is something the Corporation can just take as an "operating cost". Now how that time is served (either prison or community service) is debatable.

        At this level of disaster it doesn't matter whether the result was incompetence or malfeasance. According to Gray's Law [1] Any sufficiently advanced incompetence is indistinguishable from malice. At some point the Corporation's failure should result in tangible punishment regardle

      • Sending people to prison for incompetence is silly. .

        Sufficiently advanced incompetence is indistinguishable from malice.

      • Sending people to prison for incompetence is silly.

        This is what pisses me off most when having technical discussions. Claiming something is hard when you signed up for a job doesn't fly. Let's ignore the fact that Equifax was aware of the security issues before this breach happened. Let's ignore the fact they're repeat offenders with handling data. They handle people's data that controls identity. It's borderline impossible to undo damage and prevent it once this information leaks.

        (And why our government is continuing to use them after this breach is..

  • by Typingsux ( 65623 ) on Tuesday May 08, 2018 @05:26PM (#56576578)

    For Equifax to be in charge of my personal information.

    Can anyone elaborate as to why they were put in charge, and what recourse do I have to punish this company for mishandling my information?

    • by Anonymous Coward

      If you don't have anything to hide, then you have nothing to worry about.

  • I keep saying, the following penalty scheme imposed on companies will clean up data breaches right quick:

    $1 per name, email, physical address
    $2 per phone number
    $3 per credit card number
    $4 per SSN

    And multiply for combinations thereof. You'll see how fast companies move to secure their data.
    • I keep saying, the following penalty scheme imposed on companies will clean up data breaches right quick: $1 per name, email, physical address $2 per phone number $3 per credit card number $4 per SSN And multiply for combinations thereof. You'll see how fast companies move to secure their data.

      No, it will not work as long as people responsible are not held accountable.

      Most of the cases I know the CEO making decisions retires with multi-million golden parachute and all the penalty costs (if any) are passed on consumers or victims (as is the case of Equifax - people have to pay for locking their accounts, and one pays as long as one wants the lock be active) or ordinary workers.

      Top management don't give a damn about penalties, because they make up the rules of profits distribution and by the

  • I got a letter from the IRS that my SSN is being used by someone else to obtain employment. Again. Thanks, Equifax!
  • That's the names, dates of birth, and tax ID numbers of roughly 45% of the entire United States (population ~326 million). Subtract children who don't have credit yet (~74 million), that's roughly 58% of US adults.

    If "payment card" means credit card, that's 20% of all them in the US (1,041 million). Often you only need the number and expiration date to charge something to the card.

    Those addresses are for roughly 30% of the population (if an address was attached to one name), or more (if an address was att

  • While you won't find this info out there as it's been pretty hushed, but walmart.com took down their CC application site for over a week after a load of stolen IDs were used to apply for CC's there. There is some indication that the data came from this breach.
  • by sjames ( 1099 ) on Tuesday May 08, 2018 @06:35PM (#56576962) Homepage Journal

    Their primary business is making sure adverse credit information follows people around, while making the assumption that the adverse reports are actually about the named person. Even while they know damned well that their own negligence has enabled ID fraud on a massive scale.

  • The number of top executives who went to jail : 0

Don't sweat it -- it's only ones and zeros. -- P. Skelly

Working...