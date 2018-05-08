Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Equifax's Data Breach By the Numbers: 146 Million Social Security Numbers, 99 Million Addresses, and More (theregister.co.uk) 42

Posted by BeauHD from the take-a-deep-breath dept.
Several months after the data breach was first reported, Equifax has published the details on the personal records and sensitive information stolen in the cybersecurity incident. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant's ongoing audit of the security breach," reports The Register. From the report: Late last week, the company gave the numbers in letters to the various U.S. congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America's financial watchdog. As well as the -- take a breath -- 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers' licenses and 3,200 passport details lifted, too.

The further details emerged after Mandiant's investigators helped "standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." The extra data elements, the company said, didn't involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.

  • US numbers are nice and all, but... (Score:2, Interesting)

    by Anonymous Coward

    How many people from other countries got screwed by Equifax and to what degree? The stories reporting affected people seem to continually ignore the fact that there's more to the planet than the US and companies like Equifax have no qualms about screwing non-USians, too.

  • Detterant (Score:3, Insightful)

    by Anonymous Coward on Tuesday May 08, 2018 @05:25PM (#56576574)

    It's a good thing all those executives went to prison so corporations will start taking security seriously.

    Oh wait.

    • Re:Detterant (Score:5, Insightful)

      by ShanghaiBill ( 739463 ) on Tuesday May 08, 2018 @05:33PM (#56576612)

      It's a good thing all those executives went to prison so corporations will start taking security seriously.

      Sending people to prison for incompetence is silly. America already has far more people in prison than China, Russia or Iran, and four times the incarceration rate of the developed country average.

      Non-violent offenders do not belong in prison. For instance, Equifax executives could wear tracking anklets and spend 60 hours a week changing bedpans in nursing homes for the next 10 years. The cost to the taxpayers would be negligible, they would be doing useful work, and they may be back below their level of incompetence [wikipedia.org].

      • Re: (Score:2, Funny)

        by Anonymous Coward

        Yeah it'd be much better to do like China, Russia or Iran and just shoot them...

      • Re: (Score:2)

        by rsborg ( 111459 )

        > Sending people to prison for incompetence is silly.

        Anything but time served is something the Corporation can just take as an "operating cost". Now how that time is served (either prison or community service) is debatable.

        At this level of disaster it doesn't matter whether the result was incompetence or malfeasance. According to Gray's Law [1] Any sufficiently advanced incompetence is indistinguishable from malice. At some point the Corporation's failure should result in tangible punishment regardle

      • Sending people to prison for incompetence is silly. .

        Sufficiently advanced incompetence is indistinguishable from malice.

  • For Equifax to be in charge of my personal information.

    Can anyone elaborate as to why they were put in charge, and what recourse do I have to punish this company for mishandling my information?

  • charge them for the privilege (Score:4, Interesting)

    by supernova87a ( 532540 ) <kepler1@ho[ ]il.com ['tma' in gap]> on Tuesday May 08, 2018 @05:41PM (#56576668)
    I keep saying, the following penalty scheme imposed on companies will clean up data breaches right quick:

    $1 per name, email, physical address
    $2 per phone number
    $3 per credit card number
    $4 per SSN

    And multiply for combinations thereof. You'll see how fast companies move to secure their data.
  • I got a letter from the IRS that my SSN is being used by someone else to obtain employment. Again. Thanks, Equifax!

  • That's the names, dates of birth, and tax ID numbers of roughly 45% of the entire United States (population ~326 million). Subtract children who don't have credit yet (~74 million), that's roughly 58% of US adults.

    If "payment card" means credit card, that's 20% of all them in the US (1,041 million). Often you only need the number and expiration date to charge something to the card.

    Those addresses are for roughly 30% of the population (if an address was attached to one name), or more (if an address was att

  • While you won't find this info out there as it's been pretty hushed, but walmart.com took down their CC application site for over a week after a load of stolen IDs were used to apply for CC's there. There is some indication that the data came from this breach.

  • The worst part (Score:3)

    by sjames ( 1099 ) on Tuesday May 08, 2018 @06:35PM (#56576962) Homepage Journal

    Their primary business is making sure adverse credit information follows people around, while making the assumption that the adverse reports are actually about the named person. Even while they know damned well that their own negligence has enabled ID fraud on a massive scale.

  • The number of top executives who went to jail : 0

