Equifax left their shit vulnerable, executives make millions

Community Tech Policy & News
36

This needs a giant [CITATION NEEDED] next to it. Class action lawsuits are one of the few tools consumers have to fight back against large corporations doing shitty things to fleece their customers.

And this is just flat out false. You’re going to hire a lawyer to go up against Nvidia’s team of lawyers they keep on retainer, and expect to get anything out of it? Spoiler alert: You won’t see anything out of it. SCO was able to drag on a case against IBM for 7 years, and SCO was a dying company. The lawyer you stumble across in a Google search is not going to make any progress against a fiscally healthy Nvidia.

3 Likes
37

How do you people mix Communism with Capitalism? Pretty sure he means the extreme Capitalistic rightwing that’s letting all this bullshit fly.

38

Both benefit those in positions of power. The method of achieving those benefits varies.

39

I don’t even know if the GTX 970 incident was bad enough to warrant a class action lawsuit, but THIS incident definitely is.

40

It was, it did, the result was the mentioned $30 per provable purchase of a GTX 970 or something to that effect.

1 Like
41

Not sure if you guys saw, but the “Security PINs” for freezing your account are just a timestamp, which is easily brute-forced. Also, they were told about the PIN flaw over a year ago.

4 Likes
42

Smart enough to short themselves after learning of the breach?
Using the company’s own dollar to float the boat/buy the shorted shares to make it look like nothing changed?
Lucrative black edge… but I don’t care.

In other news, why is kaspersky off shelves at bestbuy? A new apple vs encryption public fallacy?

1 Like
43

Saw it, laughed for a moment, then cried.

44

For those that don’t follow TWiT :

Timestamped to 1:13:18, goes to 1:28:14
Leo is onto something around the 1:17:35 mark, Equifax is probably going to try to benefit from all this indeed by tricking people into staying in their credit monitoring plan for more than a year.

45

this was always the plan

2 Likes
46

Here’s a video (with transcript) of an interview with a criminologist with field experience (from S&L crisis, which is the last time the US prosecuted anyone for large-scale financial sector fraud) in which everything is neatly tied together: https://www.nakedcapitalism.com/2017/09/bill-black-equifax-data-breach-10-10-scandal.html

Here’s more about the regulatory backstory of how this came to be: https://www.nakedcapitalism.com/2017/09/how-us-regulators-created-the-equifax-mess.html

47

Why do I get the feeling that the “fix” will be “less freedom”

3 Likes
48

I gotta disagree. In my personal experience, I was given just 25$ for a huge lawsuit with Charter One, a bank I used to use. Basically they got in trouble for charging overlapping overdraft fees to people who didn’t even overdraft. I lost over 400$ when I was in college. I was delivering pizzas at the time, and it was money I needed to live on.

So yeah, gotta agree in this case. We all could have our identities and personal information out there, and all we’re going to get is some shit money to ‘make up’ for the fact that you will have to spend the rest of your life wondering. A lawsuit shouldn’t be the punishment here, prison time should. But as we know:

49

https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/

Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”

Once inside the portal, the researchers found they could view the names of more than 100 Equifax employees in Argentina, as well as their employee ID and email address.

Each employee record included a company username in plain text, and a corresponding password that was obfuscated by a series of dots.

And lastly

However, all one needed to do in order to view said password was to right-click on the employee’s profile page and select “view source,” a function that displays the raw HTML code which makes up the Web site. Buried in that HTML code was the employee’s password in plain text.

TDLR: Ever hear some people want to claim that “View Source” constitutes hacking?

1 Like
50

This is barely one step above taking your friends phone and posting “hacked” level of hacking. What a fucking joke.

51

The point of class actions is to be punitive to the offending company, and people can get a little something back for very little effort.

Let’s take it a different route. What’s the alternative? I’ve already laid out exactly why Average Joe hiring a lawyer to go after a large company is a fruitless endeavor. So an individual lawsuit is out. A class action lawsuit (as completely misunderstood by this thread) is out. What are you going to do to fight back against a large company?

52

i have this shirt lol

53

I’d prefer to see the executives actually face some justice rather than anything financial… Because lets face it, often time these fines are nothing more than a drop in the bucket. I would take seeing those guys punished with something like jail time over a dumb 25$ check any day. I wouldn’t expect to fight them on my own. Money isn’t what I’d want, whats done is done. I’m being idealistic here obviously. The rich hardly ever get punished for their actions.

1 Like
54

Alright, now we’re gettin’ somewhere. :slight_smile:

2 Likes
55


"Three Equifax executives sold a combined $1.8 million in stock just days after the company discovered a major breach of its data system, but well before it disclosed the hack publicly."
And my FAV part:
"In a statement, the company said the executives “had no knowledge that an intrusion had occurred at the time they sold their shares."
Looking for these guys to get jail time is like looking for WMD’s in Iraq. :slight_smile:

1 Like