In a Highly Unusual Move, FTC Confirms It Is Investigating Equifax

The Federal Trade Commission (FTC) on Thursday confirmed it is investigating Equifax's handling of a data breach affecting 143m Americans. "The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach," said Peter Kaplan, the commission's acting director of public affairs. Washington Post reporter tweeted: "To put a finer point on it, this is really, really unusual -- the FTC hardly ever says anything about ongoing probes."

Trump will fix this.

[Anonymous Coward]

Slap on the wrist, formal apology issued, dinner and drinks at the White House with the executives of the company so that they can swear fealty, and back to #MAGA. Next problem? This is easy.

Re:

[courteaudotbiz]

If I had mod points, +1 informative

Re:

[Kenja]

He'll fix it like you fix a cat.

Re:

[Anonymous Coward]

Slap on the wrist, formal apology issued, dinner and drinks at the White House with the executives of the company so that they can swear fealty, and back to #MAGA. Next problem? This is easy.

And don't forget the most important thing: Trump will finally be able to get loans from American banks again.

Oh please

[ArchieBunker]

How many bankers did jail time under Obama for the financial mess?

Re:Oh please

[zifn4b]

How many bankers did jail time under Obama for the financial mess?

The same amount that did under the George W. Bush administration

Re:

[pots]

Funny thing, there's a documentary [pbs.org] on this which just aired on Frontline. There was one bank which was prosecuted for the subprime mortgage crisis, just one. A tiny one based in Chinatown in New York.

Re:Trump will fix this.

[CaptnCrud]

I'm no trump fan but you could pretty much insert any president's name from the last 20 years in this statement and it would still be true....

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[zifn4b]

Slap on the wrist, formal apology issued, dinner and drinks at the White House with the executives of the company so that they can swear fealty, and back to #MAGA. Next problem? This is easy.

Actually you forgot a la Wells Fargo, board members resign, receive golden parachutes for a job well done and then are replaced and the cycle continues. Every once in awhile though someone gets justice like Bernie Madoff or does anyone remember the Enron scandal [wikipedia.org]?

Re:

[Anonymous Coward]

Bernie Madoff scammed people with money. That is why he got hauled off to the can. Otherwise, scamming the proles is A-OK.

Of course,it's the most singificant data break yet

[evolutionary]

It would be surprising is there WASN'T an investigation given Equifax has credit and personal info on a huge number of the US population and controls credit access of virtually the entire country. Probably should have been more government monitoring for security which I would guess will occurs after a post-mortem of this incident.

Re:

[courteaudotbiz]

Probably should have been more government monitoring for security which I would guess will occurs after a post-mortem of this incident.

Seriously, you really think governments care about folks having their data leaked? If top govt execs info was leaked, then maybe we would get something real, but right now, all we'll see is a fake investigation with, as usual, no one going to jail or paying fines.

Re:

[Anonymous Coward]

based on the number of records leaked, there's a good 40% chance per top govt exec that their info WAS leaked

Re:

[courteaudotbiz]

Still we don't know for sure. Maybe their sensitive info is kept in a special, non publicly accessible database. I mean, I don't think Trump, Obama, Bush or Clinton's credit record can really be accessed by usual means. If so, I'd say it is fuc*ing careless.

Re:

[smccurry]

I'd say at best, they are in the same database and marked with some special restriction flags.

Re:

[mark-t]

It's higher than that. About 25% of the nation's population is under 18, and are less likely to be impacted anyways. Since top execs are typically over 18, it is probsbly closer to 55 or 60 percent

Re:

[Anonymous Coward]

And not all adults even have credit history. They pretty much compromised every American who has gainful employment.

Re:Of course,it's the most singificant data break

[Koreantoast]

based on the number of records leaked, there's a good 40% chance per top govt exec that their info WAS leaked

I would add, based on that percentage, not only is there a good chance that top government executives had their information leaked, but its most likely that information was also leaked about their spouses, adult children, parents, siblings, friends, etc. So I think many would take this personally. If you want to be cynical about it, this leak is going to create a lot of headaches for powerful entities like multinational banks, telecoms, and others who relied on Equifax to vet loans and identities and are going to have to deal with large spikes in fraud for years because of the breach. This kind of breach also helps to further undermine confidence in the banking system they are a part of. They may want this to go forward so they can take a chunk out of Equifax's hide as well. Oh, and their and their families, friends, etc. personal data has also been leaked, so they will probably have some personal motivations as well.

Re:Of course,it's the most singificant data break

[freeze128]

What makes you think that politicians' identities are exempt from this breach?

Re: Of course,it's the most singificant data break

[Anonymous Coward]

the place I used to work had a huge database and it protected the records of politicians, celebrities, and ultra wealthy.
I suspect it is a common practice.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Jason Levine]

Governments care slightly because upset voters can mean politicians get kicked out. By contrast, Equifax doesn't care at all because we're just data points to them and whether we're happy or upset data points doesn't matter at all. Government regulation might not be perfect, but it's better than just letting Equifax do whatever it wants and assuming that "the market will sort it out."

Re:

[ACE209]

Seriously, you really think governments care about folks having their data leaked? If top govt execs info was leaked, then maybe we would get something real, but right now, all we'll see is a fake investigation with, as usual, no one going to jail or paying fines.

They better do care.

As far as I know, if you know the social security number of someone, you can impersonate them.

If the leak really contains half the SSNs of the country, this could be used to cause quite a lot of trouble to the economy.

Without economy no elite.

Re:Of course,it's the most singificant data break

[OzPeter]

It would be surprising is there WASN'T an investigation given Equifax has credit and personal info on a huge number of the US population and controls credit access of virtually the entire country.

I'm not sure that the FTC actually cares about the data that was leaked. On the other hand those allegations of insider trading due to the breach are certainly to interest to them.

Re:

[lgw]

Insider trading is the SEC, not the FTC, right? The SEC actually scares executives and board members, unlike most regulatory bodies.

Re:

[dpilot]

It's not simply the breach. It's that after the breach, things just kept getting worse.
- Executives sold a bunch of stock between the breach and the report.
- The first "Am I affected?" site was horribly constructed from a security point of view, not to mention not being clear about the legalese regarding liability. There were also reports that it was acting like a simple random-response generator - putting in nonsense IDs gave specific answers - with both types of results.
- The "Fr

Re:

[account_deleted]

Comment removed based on user account deletion

Politicans were affected

[Merk42]

Since politicians' identities were compromised along with the unwashed masses, OF COURSE they are going to investigate and make it known.

Re:

[courteaudotbiz]

Since politicians' identities were compromised along with the unwashed masses [...]

Citation needed

Re:

[lactose99]

143 million Americans.

Roughly 44% of the country (per https://www.census.gov/popcloc... [census.gov])

Math ain't hard.

Re:

[courteaudotbiz]

I have learned something in IT. Never assume. Maybe they keep VIP info in another database that was not leaked. Once I get solid evidence that someone important personal info was leaked through that breach, I will still think this database was full of regular people's info.

Re:

[beanpoppa]

Even if Senator Hotair's information was not part of the leak, you can bet that the Senator's son/daughter/sister was.

Re:

[mark-t]

When you consider that there are over 167 million American adults with at least one credit card (2014 US Census), 143 million Americans would be equivalent to 85% of all credit card holders.

Basically, if you have a credit card in the US, you should probably be checking with your bank now, if you haven't already... and determining what course of action you can best immediately take to ensure that no damage is done.

Re:

[Anonymous Coward]

Then you will be relieved to know that the FCC is not heading this investigation. The FTC is a completely different entity.

Re:

[MyLongNickName]

Whoops, you are quite correct. Brain cramp on my part.

Re:Unusual would be NTSB investigating this

[ColdWetDog]

I don't think that would be unusual. After all, the NTSB is charged with investigating train wrecks.

Re:

[thegreatbob]

A +1 in spirit to you good sir.

I'm up for a corporate death penalty

[Just Some Guy]

I support the death penalty. So much, in fact, that I want to see Equifax executed - in this case, by having its corporate charter revoked. They're not "too big to fail". They're not providing a valuable product to our economy. They're not America's Last Great Hope at manufacturing or anything like that. They're a rent-seeking parasite on the economy who obviously can never again be trusty with the weaponizable data they collect on everyone who lives here. Cut off its head - sacrifice it on the altar of accountability and justice - and call it done.

And as we'd lock up a street-level criminal until their trial, Equifax should be imprisoned by having its bank accounts and stock trades frozen immediately. Sure, that means it can't pay its CEO. Yes, it means its employees will break up with it in favor of more upstanding members of society. Yeah, it means it won't be able to pay rent and will probably get evicted. If all that's good enough for Joe Accused Weed Dealer, it's good enough for Equifax Accused Stalker.

Re:I'm up for a corporate death penalty

[bev_tech_rob]

I support the death penalty. So much, in fact, that I want to see Equifax executed - in this case, by having its corporate charter revoked. They're not "too big to fail". They're not providing a valuable product to our economy. They're not America's Last Great Hope at manufacturing or anything like that. They're a rent-seeking parasite on the economy who obviously can never again be trusty with the weaponizable data they collect on everyone who lives here. Cut off its head - sacrifice it on the altar of accountability and justice - and call it done.

And as we'd lock up a street-level criminal until their trial, Equifax should be imprisoned by having its bank accounts and stock trades frozen immediately. Sure, that means it can't pay its CEO. Yes, it means its employees will break up with it in favor of more upstanding members of society. Yeah, it means it won't be able to pay rent and will probably get evicted. If all that's good enough for Joe Accused Weed Dealer, it's good enough for Equifax Accused Stalker.

Where are my mod points when I need them?? +1

Re:

[Christinagirl1]

With ya.

Re:

[Anonymous Coward]

Another possibility is to treat them the way American justice treats offenders who commit civil offense 'crimes' like copyright infringement when copying a DVD.

Each copy can result in fines up to $250,000 [riaa.com] because you copied a DVD instead of buying a movie ticket. The Movie company lost their percentage of a theater ticket sale (say about $10.00), so they need to fine you appropriately. Their math says you should pay $250,000 for each $10.00 they lost. Corporations, the Courts, American politicians all agre

Re:

[orgelspieler]

Or you could just have a relationship with anybody you are going to lend money to. But then landlords wouldn't be able to rent to strangers. The irony is that when businesses lend to each other, the still use old-fashion credit requests, with references etc.

Re:

[LeftCoastThinker]

Well said

Re:

[newdsfornerds]

I like how you think :)

Re:

[Just Some Guy]

No, no, no. Reframe that: what politician do you think if going to stand up and take responsibility for taking down one of America's most hated financial institutions, that has just directly caused an identity theft disaster of unimaginable proportions upon the citizenry? I bet you'd get a few takers.

Re:

[avandesande]

Frankly this is what should of happened after the recent Wells Fargo scandal.

Equifax Job Posting

[Anonymous Coward]

Saw this on Monster this morning:

EQUIFAX (Atlanta GA) is seeking a talented and highly motivated software engineer and security expert to manage the fallout of our recent security breach. Duties will include analyzing failures in security systems, taking the blame for prior failures, and generally being a scapegoat for the breakdown in security that lead to our infamous breach. Contract position is expected to last approximately 3-6 months, or until the end of criminal investigations, whichever is longer. Compensation includes generous exit bonus to compensate for ruining your career.

Interested candidates must have a BS or MS in Computer Science or equivalent work experience, not that it actually matters.

Re:

[Joe_Dragon]

also worked the up-sell squad at best buy after selling the most disk guard plans when they just a cashier. say for just $5 more can brake your disk and the next madden for free does sell people.

Re:

[Anonymous Coward]

The current Chief Security Officer's LinkedIn page indicates undergraduate and graduate degrees in music composition. Wish I were joking.

Good!

[plague911]

Equifax needs to face SEVERE punishment for negligence. Their incompetence impacts everything from personal finance, to national security. Just think what those nasty Russian's will do with the knowledge of exactly which pesky counter intelligence officer is having credit issues.

Re:Good!

[swb]

I think the reason that nothing serious will come of this is because it only really affects personal finances.

Some portion of the affected 143M will be victims of credit fraud and their credit scores will decline as a result. They will then end up paying a risk premium to borrow money, when, in fact, they don't represent the actual level of risk they pay a premium for. It's actually an increased level of profit for lenders.

At the margins, though, I would expect *some* lenders and sellers of financed products to be concerned about this. If a large amount of fraud came out of this, they could suffer writeoffs and potentially reduced sales as already high-risk consumers were pushed out of credit markets. But mostly I would expect the people vulnerable to fraud to be those with credit/identity worth stealing.

Bottom line, consumers pay and some corner of the lending and sales market experiences added friction and a dip in sales.

Re:

[Pascoea]

The only reason this is getting the attention it is? There are likely a whole pile of politicians in the "143m Americans" affected. That's why health care, social security, medicare are all fucked, they don't apply to those in power.

Re:

[swb]

I think the credit reporting agencies are a special racket -- their customers are the lenders, lenders who stand to profit when they can charge the highest possible risk premium to borrowers.

The credit reporting agencies have a moral hazard to increase the incremental perceived risk of borrowers. It makes their risk assessments appear more accurate (lenders only care about borrowers whose incurred risks don't include a risk premium) and allows lenders to charge a higher risk premium to borrowers.

It's close

Re:

[ausekilis]

Combine this data with the leak of personal information from OPM a few years ago, and you have yourself a nice list of people to target - folks with active (or recently active) security clearances THAT ALSO have debt issues.

It just got that much easier to make a target list.

Re:

[plague911]

Do you have a disability that prevents you from noticing tongue-in-cheek terminology? The Russian's were specifically called out at they are one of the few nations capable of doing that sort of sophisticated wet-work .

Re:

[DNS-and-BIND]

That's not what wet-work means. Doing things by computer is specifically not wet-work. The ridiculous Russophobic paranoia right now is approaching McCarthyism levels. People are seeing TEH ROOSHINS in their sleep and in their children's schools. It's not healthy, this level of irrationality.

hard time for any H1B fraud at the VP level and up

[Joe_Dragon]

hard time for any H1B fraud at the VP level and up.

Get a credit freeze

[Torodung]

If you aren't involved in credit application activities, get a credit freeze at all three agencies now. Then they will not provide information. Make things difficult for any fraudster.

You can lift the freeze when you need to.

Caveat: It costs money, but it's currently free at Equifax [equifax.com] (the page is sometimes cratered, however).

Good luck everyone. And kudos to LifeLock's cracker department (JK).

Re:

[Anonymous Coward]

Get a freeze at all FOUR agencies now. Don't forget Innovis.

Re:

[flink]

Get a freeze at all FOUR agencies now. Don't forget Innovis.

It's actually five. Don't forget Chex Systems.

Re:

[lgw]

The problem with this: enough information was leaked to impersonate you thoroughly. How can Equifax confirm the person asking for your credit to be unfrozen is actually you? By confirming you know a set of things that were leaked.

Re:

[lgw]

Just hope they don't beat you to the freeze. :)

Theory-

[WolfgangVL]

Tinfoil hattery:

This beach was state sponsored. Over the next few weeks, American identities will be stolen en-mass, prompting nationwide credit-freeze. Consumers lose trust in the American system of credit/debt as the fraudulently borrowed moneys and goods leave the country before the freeze. People demand companies are punished, and place blame on the money lenders and banks.

People go back to spending only what they've earned. Retail feels the pinch first. Many go under in the first months. Prices rise, as available supply of goods diminishes (no longer produced on a credit-line, volume drops)

When the money stops moving around, the financial sector of the US economy withers and dies within weeks.

The 1% panic. Crisis follows.

I imagine this is what 21st century warfare looks like.

Re:

[ColdWetDog]

Duct tape and tin foil are dangerous when used together. At least make little holes for breathing.

Re:

[Anonymous Coward]

Or, credit cards and banks start asking for actual proof of identity rather than just SSN and identify theft just plain stops.

Re:Theory-

[nehumanuscrede]

The prudent have already placed a security freeze on their credit with all three credit bureaus to prevent new accounts from being opened up.
( You should do this anyway since there is no need to run credit checks very often. Unfreeze when you need to )

Don't even bother trying to do it online unless you enjoy frustration. Just call them.

        Equifax — 1-800-349-9960
        Experian — 1-888-397-3742
        TransUnion — 1-888-909-8872

Banks / lenders will simply reissue new cards and / or change account numbers to be on the safe side. $$$ for them, but I suspect they're
going to recoup those costs and then some in the lawsuit they're gonna hit Equifax with.

Maybe we should add a user modifiable pin to the SSN for all transactions that require it.
( Or, quit using the GD thing since for day to day ID as it was never supposed to be used for such purposes )

You should probably pull your free credit report from all three agencies asap if you haven't done so already so you have a baseline to work with
going forward.

Re:

[Gravis Zero]

When the money stops moving around, the financial sector of the US economy withers and dies within weeks.

It would almost be worth it just to have that happen. The financial sector is a parasite.

Alternative theory

[LeftCoastThinker]

That is not an implausible theory, but it relies on the response sequence that you cite. In reality, events do not happen in a vacuum.

OTOH, the banks and lenders (or the federal government by regulation) could enable better safeguards to validate identity other than SSN (which was never intended to be a universal ID) and require all lenders of any amount greater than $50 to validate and document the identity in person of the borrower using two IDs at least one of which is a photo ID, 2 factor authenticatio

Re:

[SlideWRX]

If this was a State sponsored breach, then it is likely that the US told Equifax to withhold the news of the release until another major news event was happening, in order to reduce the effect. with a couple of hurricanes, there will (conveniently) need to be a lot of consumer purchasing to replace lost items, largely on credit. Crisis Averted!

Re:

[WolfgangVL]

Well that was close!

A MUST HAPPEN...verify everything.

[Christinagirl1]

One thing is for sure, from a legal standpoint Equifax and EVERY credit reporting must verify EVERY item on EVERY credit report. Why? Because that cannot prove that the data has not been tampered with for any reason. They need to prove they verified it as well. By law, they have to prove that the data about each of us is in fact true. They can not. If they are permitted to stay in business, they should wipe down to 0 for each of us. New slate. Them too. But, I think they should all be put out of bus

Re:

[HiThere]

Have they *ever* suffered for libeling someone in their "credit report"? I don't think so, but I could be wrong. If not, then their legal duty is purely theoretical.

Wow, it's worse than first thought

[Opportunist]

The data loss and ID theft seems to have affected the FCC head honchos, too.

Re:

[rainer_d]

Exactly.

Hopefully, somebody took out 30 credit cards on the chairman, his wife and his kids.

So Equifax bigwigs will be invited

[newdsfornerds]

to play a few rounds of golf with FTC bigwigs? That's what I'm guessing will happen.

Investigating is a way to control discontentment

[elcor]

FTC is saving their ass. Just see all the lawsuiting slow down.

BS

[Christinagirl1]

They have no teeth! They investigate them every minute of every day for something and then fine them some pidly amount. They never did anything in the past, why would they do anything now. Just look at their website and all of the complaints. BS. Total F*cking BS! Now they expect us to eat it. They should be investigated too! Why the hell have they waited so long to do something? They are partly to blame for this mess.