Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Government Businesses Privacy United States

Government Officials Begin Investigating Equifax Breach (thehill.com) 142

An anonymous reader quotes the Hill: The massive breach of credit rating firm Equifax is attracting scrutiny from government officials across the country. Lawmakers from both parties have expressed concern over the hack, which could have left vulnerable sensitive personal information for as many as 143 million people. The New York, Pennsylvania and Illinois attorneys general have announced formal investigations into the hack...

The Senate Commerce Committee announced on Thursday that it sent a letter to Equifax seeking answers about the extent of the breach and what Equifax is doing to mitigate its impact. In the House, Financial Services Committee Chairman Jeb Hensarling (R-Texas) said that his committee would hold a hearing on the hacks at a to-be-determined date. Hensarling noted in a statement that such breaches are becoming "too common" and that consumers "deserve answers." House Energy and Commerce Committee Chairman Greg Walden (R-Ore.) said that his committee would hold a separate hearing on the matter as well.

This discussion has been archived. No new comments can be posted.

Government Officials Begin Investigating Equifax Breach

Comments Filter:
  • by parkinglot777 ( 2563877 ) on Monday September 11, 2017 @06:44AM (#55173217)

    that they will find something and some one (or group) who held accountable of the breach. Though, often times, this kind of investigation is just a political stunt to show constituents that they have done something. Nothing will be found, done, or changed according to the history...

    • by Anonymous Coward on Monday September 11, 2017 @06:45AM (#55173221)
      Someone needs to get their hands on the dataset and start applying for credit cards for each and every member of congress. Repeatedly. It sure couldn't hurt things.
    • by hawkinspeter ( 831501 ) on Monday September 11, 2017 @07:37AM (#55173389)
      What about all the insider trading? The Execs dumped loads of their stock before worrying about contacting anyone that might be affected by this.
      • by goombah99 ( 560566 ) on Monday September 11, 2017 @08:26AM (#55173583)

        This is a real golden oportunity to finally rebalance the exposure to risk that amassing large data stores creates. Right now all of the risk is on the subject (you) of the data bases and there's almost no liability for the data base holder. Their only liablity comes from public good will not financial liability.

        The best possible outcome in this case is to sue Equifax out of existence. This particular instance is a gift int he sense that equifax disappearing would not harm society at all since it's function are handled redunantly and competitively by two other companies. Anything short of annihilating the company is too little.

        The reasons is those two other companies , and by extention all data base holders, need to be on notice that they will suffer financial liability not just good-will liability

        To understand the status quo better, and to see why this case in particular makes extinction the ideal remedy look at how every data breach to date has been handled in the past.

        there's two ways to deal with data breaches
        1. Credit freeze. (prevents credit accounts from being opened by denying credit reports to inquiring creditors).
        2. Credit monitoring (they let you know after the fact that tour credit just got robbed)

        The latter is nearly free to implement but has almost no value to the injured consumer. The former, the credit freeze, actually fixes the problem, puts power in the hands of the consumer but has the downside that it costs lots of money to implement. (the reason one has to pay for this is because the data base companies make money when they hand over your credit report to an inquiring creditor. If they can't hand it over they can't make any money off your data. Ergo, you have to pay them instead.)

        No one ever offers the Credit Freeze because it's expensive. In this particular case the company that would pay for the credit freeze is actually the one that makes money off these credit freezes and could not make any money if they had to freeze all of the accounts. They might as well not even exist as a company if 100% of their accounts had credit ffreezes

        Thus the proper remedy here is to require them, via class action lawsuits, to require credit freezes on 100% of the accounts. Even without extracting damage payments, this would likely cut their profits massively. And if they had to also pay the other two credit agencies for your credit freeze then they would have negative earnings. They would cease to exist without any tort penalties.

        This would be the perfect outcome for consumers and do no damage to our credit system.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          This would be the perfect outcome for consumers and do no damage to our credit system.

          Therefore, the chance of it happening is exactly 0%.

        • by bigdavex ( 155746 ) on Monday September 11, 2017 @08:45AM (#55173685)

          I froze my credit with all 3 agencies without paying anyone. I think there's an Indiana requirement.

          • I froze my credit with all 3 agencies without paying anyone. I think there's an Indiana requirement.

            Really? That's interesting!

          • So 143 million people should move to Indiana?
            • by Rakarra ( 112805 )

              So 143 million people should move to Indiana?

              So the three credit agencies have agreed to allow anyone to freeze their credit. When a state passes laws, those laws govern fees/etc. Indiana allows for free credit freezes by anyone, many states allow free credit freezes for identity theft victims, and most allow them for a small fee, like $10. Probably costs a lot more to move to Indiana than to just eat the $10 fee elsewhere.

        • by Dunbal ( 464142 ) * on Monday September 11, 2017 @08:52AM (#55173721)
          Oh there will be a law suit. It will be settled out of court - after all this is the financial industry. Lawyers will walk off with a few tens of millions and affected consumers will get a 5% discount on their next credit check provided they cash in the coupon before the 6 month expiry date.
          • by goombah99 ( 560566 ) on Monday September 11, 2017 @10:25AM (#55174281)

            I don't care if I get a dime. If the lawyers get it all, but we succeed in anihilating Equifax then I will benefit. All future datebases will take into the account the finincial liability they face if they don't do security right. I win from that. It's not a $10 rebate I want.

          • by torkus ( 1133985 )

            Oh please, anyone affected already gets a free year of monitoring...with some hidden fine print that it also auto-enrolls them in PAID monitoring the following year unless they opt out at just the right time, etc.

            It's actually egregiously bad behavior and hopefully something the courts use to bash them even harder.

            • by Dunbal ( 464142 ) *

              anyone affected already gets a free year of monitoring

              EXACTLY... and 5% discount off free is? The guys in finance went nuts when we proposed this!

        • I've heard the credit freeze being mentioned in response to the news. My understanding is that when freezing your credit you're assigned a PIN. Freezing is also not permanent. In which database are the PIN numbers stored?
          • Freezing is also not permanent.

            A permanent freeze is permanent in all but a few states. In those states it expires after a few years. A security / fraud freeze automatically expires after a set amount of time. Placing a permanent freeze costs about $10 per bureau while a fraude freeze is usually free in certain circumstances -- like providing notification of a breach or a police report.

        • The real root cause of the mess is that the banks want to be able to lend money before you think twice and change your mind.

          That is why they want to lend first and ask questions later. If we put the onus on the lenders to prove that they actually lent money to the right party before they can initiate collection proceedings, it would fix lots of problems. The lenders will have the incentive to make sure the borrowers are really what they claim to be. Else they lose money.

          In USA banks can lend to any Tom

        • by Cajun Hell ( 725246 ) on Monday September 11, 2017 @10:35AM (#55174343) Homepage Journal

          Credit freezes are hilarious when you think about what they mean.

          When I have frozen credit, that means that you can't loan me money without first authenticating me and getting my authorization.

          So.. what does unfrozen credit mean?

          • When I have frozen credit, that means that you can't loan me money without first authenticating me and getting my authorization.

            A credit freeze only blocks access to your credit history. Technically, lenders can open new accounts in your name, but almost certainly won't, without a current credit report. Without a credit report they wouldn't know anything about your financial status.

        • That would be nice... but, just like the fact that Arthur Anderson was vacated from felony conviction by the US Supreme court from their culpability in the Enron scandal, or only a SINGLE banker was sent to jail for the subprime mortgage crisis that almost collapsed the global economy - nothing will likely happen here either.
          Why? Because the US is an Oligarchy. Till "the people" take it back by campaign finance reform, the rich will continue to pillage at will with an occasional wrist slap the the "elect
      • by torkus ( 1133985 )

        If this is true and even somewhat provable, those execs have a good chance of winding up in jail.

        Granted insider trading happens ALL THE FUCKING TIME but it's generally subtle or can be explained by other means. Something like a dumping shares days before announcing a company-wide disaster that you already knew about...is not something so easily overlooked. And TBH it's a perfect stick to bash them with while not actually taking or enforcing any corporate responsibility for the actual breach.

        Nothing to se

    • by Luthair ( 847766 ) on Monday September 11, 2017 @08:18AM (#55173545)
      Under the law Equifax is the "victim", not us. That is unlikely to change with the current US administration.
    • by Anonymous Coward

      I could care less about holding someone accountable. I want Equifax to be held accountable for allowing it to happen.

    • by MitchDev ( 2526834 ) on Monday September 11, 2017 @08:36AM (#55173631)

      Don;t forget most of these government officials have had THEIR data exposed by the breach, otherwise they wouldn't give two sharts about the rest of us....

    • The Cheeto administration has made it entirely clear that rape and torture are A-OK, and that fucking over the little guy is just good business. Nothing will come of this, though he might give Equifax an award.

  • Your elected officials in action, folks.

    • by avandesande ( 143899 ) on Monday September 11, 2017 @08:36AM (#55173629) Journal
      After that they will be made to sit in the comfy chair!
  • Has anyone seen an explanation of what occurred? Was it a remote hack or inside job?
    • by hord ( 5016115 ) <jhord@carbon.cc> on Monday September 11, 2017 @08:21AM (#55173559)

      From what few details I have gathered it was an attack on Apache Struts that allowed the attackers to siphon data slowly over a period of time. I haven't seen any verified information about encryption or what was actually copied. My own personal speculation is the attacker got plain-text personal data that leaked out of some API.

  • by misnohmer ( 1636461 ) on Monday September 11, 2017 @07:09AM (#55173303)

    So their breach just put the entire population at significantly increased risk of identify theft. There definitely should be consequences and the government is the only recourse the consumers have since they are not direct customers of Equifax, nor will anyone ever be able to prove their identify theft was directly due to Equifax's breach, so they cannot individually sue Equifax.

    Maybe the fines should be whatever it costs to re-issue new social security (or social insurance in Canada) numbers to everyone, including costs of managing the transition. Yea, I know this may sink Equifax as a company, so be it - lesson for the other guys to secure the data or maybe to not collect it in the first place. Maybe there is such a thing as too dangerous to collect and keep in one company. Kind of like banks and companies that are too big to fail.

    • by DarkOx ( 621550 ) on Monday September 11, 2017 @07:17AM (#55173317) Journal

      I don't know that it has. Whoever stole the data isn't going to just dump it online they are going to sell it. Eventually it will all leak but not before much of it is quite stale.

      Most people STILL don't realize this but anyone who works for a company with a subscription to any of the private investigative services could pretty much get all this information inside of 30 seconds. Not everyone is in the pay-for-use-databases but most are. I don't know if I have ever had a search come back empty.

      The reality is this information was already out there on almost everyone one, this will be just one more source. Maybe a price a little more attractive to the ner'er do wells but I predict a minor blip in increased id theft at most.

      • by Anonymous Coward

        Most people STILL don't realize this but anyone who works for a company with a subscription to any of the private investigative services could pretty much get all this information inside of 30 seconds. Not everyone is in the pay-for-use-databases but most are. I don't know if I have ever had a search come back empty.

        The difference is that when you do a search, there's a record of it. If you try to dump the whole database? They'll know. If you try to get info on ten different people and later those ten di

      • by Desler ( 1608317 )

        Most people STILL don't realize this but anyone who works for a company with a subscription to any of the private investigative services could pretty much get all this information inside of 30 seconds. Not everyone is in the pay-for-use-databases but most are. I don't know if I have ever had a search come back empty.

        And so does my HR department, but that doesn't somehow make this breach okay or any less impactful.

      • Lots of companies can pull credit reports on their customers (usually with customer permission). I mean, if you've ever tried to get a major loan, it's happened. Or even applying for certain jobs, the company could request a credit report from the three majors (Experian, Equifax, and TransUnion).

      • Eventually it will all leak but not before much of it is quite stale.

        While I wish that was true...
        - Birth dates never go stale
        - SSNs VERY rarely go stale (I know they can be changed, but I've never actually heard of it being done)
        - First names, rarely go stale
        - Last names probably only go stale once or twice per lifetime on average

        The stuff that actually will go stale (e.g. addresses, driver's license number, phone numbers, etc.) is the stuff that's least important.

        That said, you are correct about this stuff already being available to people who knew to ask and who were will

      • by Rakarra ( 112805 )

        I don't know that it has. Whoever stole the data isn't going to just dump it online they are going to sell it. Eventually it will all leak but not before much of it is quite stale.

        Stale? I'm not sure about everyone else, but my real name, my date of birth, and my social security number are unlikely to go stale any time soon.

        This SSN == credit thing is bullshit.

    • by coofercat ( 719737 ) on Monday September 11, 2017 @07:29AM (#55173357) Homepage Journal

      I worked for a financially-regulated place here in the UK and every once in a while you'd hear "that sort of f-up could see us lose our license" (and so stuff didn't happen) - exactly what the regulator intended (and for the most part, it seemed like a good outcome, from what I could tell).

      In the case of Equifax in the US - why do they need SSNs? I presume it's a way to differentiate Jim Kirk from New York and Jim Kirk from Boston. I don't imagine they ever actually have a need to use the SSN with someone else (right?). In which case, they could have simply hashed the SSN on receipt and stored the hash. Right now, they'd still be in a world of trouble, but a lot less than they actually are (and could arguably have been a smaller target).

      I guess what I'm asking is what could (really) cause such an incredible failure of judgement/execution on their part? Even the US's relatively slack laws on data protection would at least make hashing SSNs something you might at least think about, don't they?

      Whilst I agree that some major sanctions against companies doing this sort of thing is definitely in order (here, the US might do well to look to the EU or Singapore for some ideas), but will that actually solve the real, core, underlying issue that let this happen in the first place, or will it just throw a couple of extra firewalls on the network for "due diligence" and leave the same crappy implementation choices in the systems that actually run the show?

      • Think most institutions now are using SSN's as a "uniquely identifying" index.
        So it's a quick and dirty way for EquiFax to check multiple sources to see what pops up rather than waste time sending "name, location, DoB, Last known addresses, current address" etc...etc... when grabbing data from different sources (then you get into the bother of typos and slightly wrong data entered giving wrong results causing more manpower to find and fix those errors, or just ignore it and give the person a sub 100 credit

      • by Kierthos ( 225954 ) on Monday September 11, 2017 @08:38AM (#55173645) Homepage

        They typically use a number of 'attributes' to positively identify someone. SSN is one. But they also use first name, last name, DOB, etc.

        Now, if SSN is unique, then why do they need all that other information? To protect against a fraudulent credit request or a request without enough information.

        So, you send the credit request to whatever company.... odds are you're not directly asking the three majors (Experian, Equifax, TransUnion), for the information. But regardless, you send the request off. Let's say you have the right name, and the right SSN, but whoever handled the data entry on the DOB had a typo in there.

        It _should_ come back with a response that your identifying information doesn't match anyone. But that all depends on which service you're using. Some are much more on the ball about this sort of thing. Hell, some of the services won't let you pull a credit report UNLESS you have all that info and more, just to cut down on requests.

        • I find it unbelievably irresponsible to verify the validity of such a request with data that is pretty much publicly available. The combination of name, address, age and SSN should be considered public knowledge for security or validation purposes.
          • Well, up to a point in time, the SSN was not to be used for identification purposes. My father's Social Security card actually says that. Mine doesn't.

            But let's look at what you need versus what you get. From my experience, you need, at a minimum, a person's first and last name, their DOB, their SSN, and a primary address. Okay, sure, depending on which service you use, the DOB or the address might be optional.

            What you get back (assuming the credit report request was successful), are credit scores (ranging

      • In which case, they could have simply hashed the SSN on receipt and stored the hash.

        SSNs are 9-digit numbers. So even if you hash them, it only takes a rainbow table with 1 billion entries (8 GB using 2 billion long ints) to reverse it. That's small enough to fit in RAM on a modern computer. Salting would help, but I imagine whatever info was stolen during this hack was what would've been used to generate the salt as well. SSNs were never designed to be used as secure personal identification numbers,

    • by cyn1c77 ( 928549 ) on Monday September 11, 2017 @08:56AM (#55173755)

      Maybe the fines should be whatever it costs to re-issue new social security (or social insurance in Canada) numbers to everyone, including costs of managing the transition.

      I think it's pretty clear that the US needs to move away from the social security number being both a confidential number and a unique key that is shared to verify your identity. Those two uses are mutually exclusive.

      The government either needs to give the individual the ability to authorize specific identity checks though a tokencard or some other means.

      Congress doesn't want to do this because big business wants to be able to check your background details for free and at will, but it needs to stop. Unfortunately, the amount of traction that the private citizen has with congress is pretty small compared to big business' lobby.

      • by Cederic ( 9623 )

        I think it's pretty clear that the US needs to move away from the social security number being both a confidential number and a unique key that is shared to verify your identity. Those two uses are mutually exclusive.

        I keep reading this so apologies that it's your comment that I've decided to challenge.

        It's totally fucking irrelevant. What got leaked is PII, and if SSN wasn't widely used then other elements of PII would be, and the leak would've still compromised those.

        So you're fucked from this breach whether you use SSN or not.

    • So their breach just put the entire population at significantly increased risk of identify theft.

      But everyone's equally at risk. So no one is more at risk than the rest.

    • Right. It's basically everyone. Which means that my risk relative to everyone else hasn't really changed. Except maybe for those people who are being diligent and putting credit freezes on their accounts.

      What's that you say? The profits from all these new credit freeze fees are going to dwarf any sanctions imposed by federal regulators? Hmmmm.

      Unless the feds force Equifax to provide *free* credit freezes to all affected parties for a number of years, and perhaps forces them to pay the going rate for fre
      • by nnet ( 20306 )
        What said everyone has to pay for a credit freeze?
        What said a one time fee (IF APPLICABLE) makes up for not being able to make money providing info on people that have a freeze in place?
    • by torkus ( 1133985 )

      Honestly, using SSN in the US is a horribly broken and insecure system.

      It's fairly trivial to get the information on anyone (name, DOB, SSN, address) and even additional info isn't all that hard to come by (DL, passport, etc.) either. There's so little security built into the system that it's laughable. What we need is a better system as a whole. 'Which of these 4 addresses were yours in the past' is really a horrible security check in the modern age of FB, google, and data collection.

  • by s0litaire ( 1205168 ) on Monday September 11, 2017 @07:35AM (#55173377)

    Are we sure it was ONLY US data/personal information that was leaked?

    Personally I would not be in any way surprised, if it's uncovered in a few weeks time, that personal information from other countries was also in the leak.

  • I just click here and my banking is done. I just click here and I bought that new iPad. And I just click here and ... Hey! where'd all my money go?
  • Instead of going after people like Love [slashdot.org] and giving them sentences longer than murderers. Maybe a Computer Fraud Act [wikipedia.org] for Companies where they get similar penalties where the board members really suffer instead of giving the company a slap on the wrist.

  • by Anonymous Coward

    Because they are going to steal your identity. It will happen numerous times in your life. It may become a once a year thing. So fuck it. Let them have an identity no one would pay for. If you think about that for a moment, while fully understanding the big picture, you'll understand why this could be a potential permanent fix to the problem.

  • by Arzaboa ( 2804779 ) on Monday September 11, 2017 @08:06AM (#55173479)

    We read daily that the internet functions on our data. We hear constantly, "we are the products, our data is the product."

    We are going to hear a million reasons why now this data isn't so valuable. We already see their attempt to flush everyone their "credit monitoring" sham. No one can sue the company in any meaningful way. There are no real remedies that exist for really anyone.

    We all do a huge portion of our business online. This hack hits at the true heart of the internet, if we can't figure out who is who, you can not make a transaction. Our internet identities are a very real extension of our physical identities.

    This reeks of every single issue that we all see today, from Terms of Service being forced onto folks, one sided contracts that only favor a large company we are forced to deal with whether you want to or not, companies using and selling our data that we have nothing to do with. We are just a commodity, and this really should make everyone feel exactly that.

    At what point is having part of us sold and traded ok? Is this where we find out?

    Hypocrisy is about to rain down hard. We will not see any meaningful change. We will see all of these folks tell us that in essence, while we can be arrested and profiled online, that our personal data that is essentially "who we are" online, doesn't have the same protections as our person.

  • by r2rknot ( 1102517 ) on Monday September 11, 2017 @08:08AM (#55173493)

    ...Is congress needs to pass legislation that gives a process to people that allows them to collect damages from lenders that lend to criminals. Such a process needs to burden the lender with proving a debtor owes this money, and that it was actually they who requested such a loan. If they cannot, then if they attempt to collect on such a debit, they can be liable for damages. Probably not a large sum, possibly just a (small) percentage of the loan they gave away to the crook. Of course more aggravated attempts might warrant larger sums. Much such a process require that the fiscal institution cannot collect and store. So that each application must be independently vetted, each time.

    Some side effects: More stringent identification taken to link documents to people. Loan processes taking much longer, and people who cannot vet themselves to an institutions satisfaction not receiving loans. An entire new system or vendors and providers revolving around bio metric verification. Also, higher loan rates because they will pass these costs onto the consumer. Less loans in total.

  • Then all my info would be irrelevant to be steal, unless they steal the phone, but you will notice it right away. Lets move to 21 century.
    • You'll notice if the phone is stolen, but not if the SIM is cloned. Attacks of this nature have been seen in the wild, which is why using a phone as the second factor in 2FA is no longer recommended procedure.
    • So then I'm forced to business with big telecom to do something like buy a home or auto? They are not exactly top tier data guardians themselves.

      The problem here is the massive amount of personal, sensitive, and unchangeable data being horded and sloppily housed. Leaking more data is not the answer.

      Once you've tied identity to devices, it's on you to both provide, as well as secure those devices.

      You don't hear from us much, but many of us choose to not play the mobile-phone data leak game at all. We've mad

  • I toss this out for general discussion. Given the already reported class-action suits files against Equifax, is the company a walking dead entity? And this does not include untold individual lawsuits which will also be filed.
  • Translation (Score:4, Interesting)

    by Opportunist ( 166417 ) on Monday September 11, 2017 @08:53AM (#55173735)

    It finally hit home and some congresscritters were affected by the fallout.

    Good.

  • by Anonymous Coward

    we are the VICTIMS here - stop saying "consumers" we are human beings who had all data scooped up and sold against our will and outside of our control - even Dave Ramsey, the "no debt, no loans, no credit cards ever" guy who claims to have had a "0 credit score with no activity" for 20 years was a victim according to his statements last week on his show.

    shut the credit agencies down.

  • by iTrawl ( 4142459 ) on Monday September 11, 2017 @09:10AM (#55173827)

    It would be nice to be able to issue an authorisation token with the credit agency and pass that to the institution that wants to search my file. Don't have the token? No search, go away.

  • Oh goodie... (Score:5, Informative)

    by CharlesAKAChuck ( 1157011 ) on Monday September 11, 2017 @09:12AM (#55173839)
    Would that be the Equifax breach from April 2013 to January 2014, or the Equifax breach from April 2016 to March 2017, or another one in May 2016, or another one from March 2016 to March 2017, or another one in January 2017, or the most recent one in July 2017?
  • by TheOuterLinux ( 4778741 ) on Monday September 11, 2017 @10:05AM (#55174127) Homepage
    The massive breach of [insert] is attracting scrutiny from government officials across the country. Lawmakers from both parties have expressed concern over the hack, which could have left vulnerable sensitive personal information for as many as [insert] million people. The [insert], [insert] and [insert] have announced formal investigations into the hack... The [insert] announced on [insert] that it sent a letter to [insert] seeking answers about the extent of the breach and what [insert] is doing to mitigate its impact. In the House, [insert] Committee Chairman [insert] ld a hearing on the hacks at a to-be-determined date. [insert] noted in a statement that such breaches are becoming "too common" and that [people] "deserve answers." House [insert] and [insert] Committee Chairman [insert] said that [his/her] committee would hold a separate hearing on the matter as well.
  • by Ronin Developer ( 67677 ) on Monday September 11, 2017 @11:08AM (#55174549)

    1. Immediately protect ALL customers by allowing users to lock and unlock their profiles across all the major credit bureaus at ZERO cost the user.
    2. Provide lifelong monitoring of profiles and credit activity at ZERO cost.
    3. Investigate the insider trading.
    4. Remove protections for Equifax against class action lawsuits for any damages that result.
    5. Figure out who the F allowed this happen. I am betting an insider did it.

    Then, establish a CENTRAL system to coordinate credit activity (but, not have the profiles themselves) so that protection of one's credit is a very simple process.

  • ... you give up your right to sue Equifax.

    agreemment to resolve all disputes by binding arbitration. http://www.equifax.com/terms/ [equifax.com]

    While Equifax has appeared to walk away from that statement via a FAQ --- the legal agreement, the one you agree to, still appears to require you to give up your right to sue if you use the service that checks whether or not you were affected by Equifax's security breach.

  • by khz6955 ( 4502517 ) on Monday September 11, 2017 @02:48PM (#55176379)
    “We have this category that Equifax calls unhandled malware, [with] which traditional security approaches haven’t been very helpful. Putting in FireEye has really helped us detect this unhandled malware, then gives us the capability to take action to stay secure.” Tony Spinelli, SVP and CSO of Equifax [cnmeonline.com]
  • I found this email I got interesting - it points to some things about the Equifax breach.

    ---Email-----

    Based upon the tremendous amount of publicity surrounding the recent data breach at Equifax, as stewards of the Central Repository we felt it was important to share our perspective on the matter:

    Apache Struts: Apache Struts is a popular open-source and free Model-View-Controller (MVC) framework for Java. It is developed and maintained by an active and highly responsible community of voluntee
  • Now, about those state databases containing information about everyone's prescription drugs -- will they have the same level of security that Equifax had?

    My guess: no.

  • Honestly curious: why has this raised so much more ire than, for example, another recent huge leak of data on 200 million Americans by the RNC, which included âoemodeled voter ethnicities and religions"? https://www.upguard.com/breach... [upguard.com]

The computer is to the information industry roughly what the central power station is to the electrical industry. -- Peter Drucker

Working...