Not sure if you guys saw, but the “Security PINs” for freezing your account are just a timestamp, which is easily brute-forced. Also, they were told about the PIN flaw over a year ago.
4 Likes
Smart enough to short themselves after learning of the breach?
Using the company’s own dollar to float the boat/buy the shorted shares to make it look like nothing changed?
Lucrative black edge… but I don’t care.
In other news, why is kaspersky off shelves at bestbuy? A new apple vs encryption public fallacy?
1 Like
Saw it, laughed for a moment, then cried.
For those that don’t follow TWiT :
Timestamped to 1:13:18, goes to 1:28:14
Leo is onto something around the 1:17:35 mark, Equifax is probably going to try to benefit from all this indeed by tricking people into staying in their credit monitoring plan for more than a year.
2 Likes
Here’s a video (with transcript) of an interview with a criminologist with field experience (from S&L crisis, which is the last time the US prosecuted anyone for large-scale financial sector fraud) in which everything is neatly tied together: https://www.nakedcapitalism.com/2017/09/bill-black-equifax-data-breach-10-10-scandal.html
Here’s more about the regulatory backstory of how this came to be: https://www.nakedcapitalism.com/2017/09/how-us-regulators-created-the-equifax-mess.html
Why do I get the feeling that the “fix” will be “less freedom”
3 Likes
I gotta disagree. In my personal experience, I was given just 25$ for a huge lawsuit with Charter One, a bank I used to use. Basically they got in trouble for charging overlapping overdraft fees to people who didn’t even overdraft. I lost over 400$ when I was in college. I was delivering pizzas at the time, and it was money I needed to live on.
So yeah, gotta agree in this case. We all could have our identities and personal information out there, and all we’re going to get is some shit money to ‘make up’ for the fact that you will have to spend the rest of your life wondering. A lawsuit shouldn’t be the punishment here, prison time should. But as we know:
https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/
Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”
Once inside the portal, the researchers found they could view the names of more than 100 Equifax employees in Argentina, as well as their employee ID and email address.
Each employee record included a company username in plain text, and a corresponding password that was obfuscated by a series of dots.
And lastly
However, all one needed to do in order to view said password was to right-click on the employee’s profile page and select “view source,” a function that displays the raw HTML code which makes up the Web site. Buried in that HTML code was the employee’s password in plain text.
TDLR: Ever hear some people want to claim that “View Source” constitutes hacking?
1 Like
This is barely one step above taking your friends phone and posting “hacked” level of hacking. What a fucking joke.
The point of class actions is to be punitive to the offending company, and people can get a little something back for very little effort.
Let’s take it a different route. What’s the alternative? I’ve already laid out exactly why Average Joe hiring a lawyer to go after a large company is a fruitless endeavor. So an individual lawsuit is out. A class action lawsuit (as completely misunderstood by this thread) is out. What are you going to do to fight back against a large company?
i have this shirt lol
I’d prefer to see the executives actually face some justice rather than anything financial… Because lets face it, often time these fines are nothing more than a drop in the bucket. I would take seeing those guys punished with something like jail time over a dumb 25$ check any day. I wouldn’t expect to fight them on my own. Money isn’t what I’d want, whats done is done. I’m being idealistic here obviously. The rich hardly ever get punished for their actions.
1 Like
Alright, now we’re gettin’ somewhere. 
2 Likes
"Three Equifax executives sold a combined $1.8 million in stock just days after the company discovered a major breach of its data system, but well before it disclosed the hack publicly."
And my FAV part:
"In a statement, the company said the executives “had no knowledge that an intrusion had occurred at the time they sold their shares."
Looking for these guys to get jail time is like looking for WMD’s in Iraq.
1 Like
And if they do somehow get jail time, it’ll be Martha Stewart levels of jail time, rather than working class citizen jail time. “Oh, I see, you’re rich. Well we have to do something. We’ll give you months worth of jail time, rather than years. That should keep the peasants at bay.”
1 Like
Saw this yesterday, thought it would be helpful to post here.
2 Likes
https://www.schneier.com/blog/archives/2017/09/on_the_equifax_.html
This happened because your personal information is valuable, and Equifax is in the business of selling it. The company is much more than a credit reporting agency. It’s a data broker. It collects information about all of us, analyzes it all, and then sells those insights.
Again, Bruce is not wrong. The market can’t fix this. It has been proven again and again and again. Still we let it just happen.
Market failures like this can only be solved through government intervention. By regulating the security practices of companies that store our data, and fining companies that fail to comply, governments can raise the cost of insecurity high enough that security becomes a cheaper alternative. They can do the same thing by giving individuals affected by these breaches the ability to sue successfully, citing the exposure of personal data itself as a harm.
Yeah. Your FTC has no teeth, it might quack a bit like the lame duck it is, but that’s all. Class action lawsuit? Maybe, I don’t think there will come much of it. So as it is they’ll get away with it.
If you don’t like how careless Equifax was with your data, don’t waste your breath complaining to Equifax. Complain to your governmen.
Trump will save you right? Right?
Totally No biggie
1 Like
It’s adorable that you actually believe that.
Those three executives that short-sold stock will be used as sacrificial lambs to the public. Trump will do or say something totally inane and irrational, the public’s attention will shift, and Equifax will continue business as usual. Meanwhile they’ll start lobbying congress harder and harder to ease liability regulations so when the the shit starts falling out of this shit sandwich onto our laps they can retroactively say “Not our problem.”
4 Likes