Personal computing discussed
Moderators: askfranklin, renee, emkubed, Captain Ned
Klopsik206 wrote:God bless EU for GDPR.
Once GDPR regulation enters EU's legal system in 2018 such breach would result with monstrous fines (up to 4% of global revenue).
morphine wrote:Klopsik206 wrote:Got any sources or more info on this?God bless EU for GDPR.
Once GDPR regulation enters EU's legal system in 2018 such breach would result with monstrous fines (up to 4% of global revenue).
just brew it! wrote:https://arstechnica.com/information-technology/2017/09/equifax-moves-to-fix-weak-pins-for-security-freeze-on-consumer-credit-reports/
Waco wrote:Sigh. I hate everything about this idiotic system. The idiots running it give me as much confidence in their ability to judge my credit worthiness as they do in their ability to secure their systems: none.
"We recognize that some consumers continue to face challenges..."
MOSFET wrote:I can't get through to Equifax, at least to the point of getting a result. Phone system - lets you go through it, only to tell you it's unavailable at the end. https freeze equifax website - same result. Input all your important info and then errors out. This whole thing really feels like an even bigger setup than is currently being reported (and with that, I will put on the tin foil hat to keep the crazies out.) Apparently, smail mailing all your pertinent life details to a PO Box in Atlanta is the only way to freeze with Equifax right now.
morphine wrote:Klopsik206 wrote:God bless EU for GDPR.
Once GDPR regulation enters EU's legal system in 2018 such breach would result with monstrous fines (up to 4% of global revenue).
Got any sources or more info on this?
Klopsik206 wrote:It's EU regulation only, however it will impact US firm doing business in EU, too.
5. Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher:
(a)
the basic principles for processing, including conditions for consent, pursuant to Articles 5, 6, 7 and 9;
(b)
the data subjects' rights pursuant to Articles 12 to 22;
(c)
the transfers of personal data to a recipient in a third country or an international organisation pursuant to Articles 44 to 49;
(d)
any obligations pursuant to Member State law adopted under Chapter IX;
(e)
non-compliance with an order or a temporary or definitive limitation on processing or the suspension of data flows by the supervisory authority pursuant to Article 58(2) or failure to provide access in violation of Article 58(1).
6. Non-compliance with an order by the supervisory authority as referred to in Article 58(2) shall, in accordance with paragraph 2 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.
Glorious wrote:Klopsik206 wrote:It's EU regulation only, however it will impact US firm doing business in EU, too.
That's still an open question from the previous effort when the territoriality went the other way:
https://en.wikipedia.org/wiki/Microsoft ... ted_States
We'll know more this upcoming October term, but I wouldn't automatically count on it.
Glorious wrote:And you're not presenting this properly, it's not an automatic maximum fine for simply having the breach, there are conditions:
dMedici on Gizmodo wrote:I am somewhat glad that none of my credit cards use them as the CB. And I was wondering why they were all TransUnion and Experian.If you compare and contrast the smart phone apps between Transunion, Experian, and Equifax, you’ll notice that Transunion and Experian appear advanced and modern in their interface and functionality, while Equifax looks like something out of the nineties. I first noticed this several months ago, and quickly realized that this is clearly an institution that doesn’t value things like aesthetics, but now it’s become clear that they weren’t concerned in anything else other than their bottom line, including fundamental security practices.
DragonDaddyBear wrote:Back to the topic at hand, the fact it was Struts is pretty embarrassing. Sure, it's not just a patch but a patch and recompile (which implies significant QA testing), but it's not an excuse to fail. Not to mention they could have addressed it in the two months it took them to get powned. To not monitor, or increase monitoring, of servers for unauthorized or compromising activity knowing there is a CVSS v2/3 10 you are vulnerable to actively being exploited in the wild shows a lack of due diligence. That is to say, I a reasonable person would have taken those actions. Executives are ultimately accountable for the inaction of a company. There's a chance, I think, that a federal agency will take an executive to court and might actually win.
DragonDaddyBear wrote:
Captain Ned wrote:Here are the required SEC reports for insider securities sales
Rodolfo Ploder - President - Workforce Solutions
John Gamble, Jr. - CVP & CFO
Joseph Loughran - President - USIS (??)
All three sold on 8/1/17, but sold nowhere close to their entire holdings.
just brew it! wrote:Captain Ned wrote:Here are the required SEC reports for insider securities sales
Rodolfo Ploder - President - Workforce Solutions
John Gamble, Jr. - CVP & CFO
Joseph Loughran - President - USIS (??)
All three sold on 8/1/17, but sold nowhere close to their entire holdings.
Looks like they were trying to make some quick cash before the stock tanked, but not sell enough to raise red flags. I'm guessing it would be difficult to prove insider trading unless there's a smoking gun (e-mails, recorded conversations, etc.), but it sure smells funny.
The option transaction made by Mr. Loughran also makes me wonder whether he was afraid the stock might drop below $33.60.
SecretSquirrel wrote:And, I supposed, on the crazy, off hand chance they really didn't know about the breach over a month after it happened and only days before it was publicly announced, that would be a level of executive cluelessness that I just can't fathom.
Flying Fox wrote:SecretSquirrel wrote:And, I supposed, on the crazy, off hand chance they really didn't know about the breach over a month after it happened and only days before it was publicly announced, that would be a level of executive cluelessness that I just can't fathom.
With the level of incompetency demonstrated by the company so far, I would not put it past them.