Sorry you didn’t catch the humor, but the picture was just a joke…
“It’s a party!”…
1 Like
Prime example would be Wells Fargo.
When CEO John Stumpf “aired out” the laundry, he left his punishment to the board of directors. And said there were no more customers other than the ones already listed that were scammed. But it’s never true.
1 Like
Damnit dude, I can’t believe I missed that one.
1 Like
Well, at least we somewhat know what went wrong.
The breach happened due to a web vulnerability that was patched (and hence disclosed) 2 months earlier. Equifax just didn’t apply the patch.
1 Like
Failure to apply patches is just the tip of the iceberg. They had world-accessible web panels with user/pass admin/admin for example. And stored the private keys to databases in said panels. Etc. No need for any un-patched holes with such “security” practices.
3 Likes
Shit. That’s 5 year old level security
1 Like
It’s like leaving the keys to the safe on your desk…
1 Like
And labeling them “keys to safe. Don’t touch plz”
1 Like
How does this keep getting worse? This company should be shut down for good. There’s no going back from this.
2 Likes
not really. More like renting floor space in an airport, placing a safe plus keys next to it, hidden inside an envelope inside the designated, but wholly accessible area, and then declaring it safe and relying on the DMCA for cover.
OTOH, two of the directors who sold stocks before making the data breach public have just announced they will be retiring (not fired for cause, not sued by the company for malfeasance, and thus assuming they will be able to keep their right to any/all exit and/or pension payments) from the company. Must be great to be king, in a land where the relevant regulatory agencies refuse to prosecute fellow members of the professional class.
2 Likes
3 Likes
Competitors are happy happy happy
The story even made my local news
The Toys-R-Us or the financial world, put a fork in them…their done 
1 Like
I’ve seen some stupid shit, but Equifax takes stupid to a whole new level. This really just keeps getting worse.
They’ve put more effort into scrubbing any data about their head of security from the internet than they did keeping everyone’s records safe.
2 Likes
And still no fucks given on the stock price
in reality even if their db was compromised its likely encrypted and will take them too much time to crack it. While its great that they’ve passed law to freeze your credit line for free - its not the first leak of this magnitude; it may have been us goverment agency that did the hack anyway… toying with the company or there was some objective to it (false flag). Prep to loose freedoms … or maybe usa will overhaul their SSN system since it was leaked to Chinese anyway, and its not secure by couple years now.
You underestimate the stupidity of large corporations that are in charge of user data.
5 Likes
Really? That’s insane. Statutory damages from state law violations alone will bankrupt the company – its own insurance only covers up to $150m – i.e., 1.05$ per person affected. (And multiple states have already filed suit, and/or are indicating they are planning to do so.)
the took an initial hit but recovered most of it
well maybe, but not really. They must pass couple things before they can work with SSN, and credit cards including. Which in turn means they already had to have certifications above of PCI-Compliant (for that thing there’s a guy coming over once a year to take a look at their setups, databases etc to ensure data is protected, and that they have at least a year of backups). Since they must be certified with something - i assume they have non-related security guy verifying their security once a quarter. They had to have encrypted values in database… its a norm and a must in pci compliance (if they are have a hole somewhere and security officer sees it they loose their license - then all companies must cut ties with them that require it.)