Personal computing discussed

Moderators: Captain Ned, emkubed

 
DragonDaddyBear
Gerbil Elite
Topic Author
Posts: 604
Joined: Fri Jan 30, 2009 8:01 am

Re: Darn it, Equifax!

Mon Sep 11, 2017 11:30 am

The website is an amateur response to the incident, no doubt.

TransUnion's page for freezing credit is down. No surprise.

Here's the FTC page with links to each company for freezing your credit if you need it.

https://www.consumer.ftc.gov/articles/0 ... reeze-faqs
 
just brew it!
Gold subscriber
Administrator
Posts: 48783
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Darn it, Equifax!

Mon Sep 11, 2017 12:33 pm

Nostalgia isn't what it used to be.
 
Aether
Silver subscriber
Gerbil
Posts: 77
Joined: Sat Dec 20, 2014 8:50 pm

Re: Darn it, Equifax!

Mon Sep 11, 2017 12:40 pm

I didn't even bother checking the Equifax site to see if it says my info was affected; I just put freezes at each of the big 3 for both my wife and me. If 143M Americans were affected, the chance that we were not on the list seems pretty small, as that has to be almost the entire database of those with credit scores at Equifax. I hope Equifax is hit hard for this to send a message, but I am not optimistic.
 
morphine
Gold subscriber
Gerbilus Supremus
Posts: 11361
Joined: Fri Dec 27, 2002 8:51 pm
Location: Portugal (that's next to Spain)

Re: Darn it, Equifax!

Mon Sep 11, 2017 12:53 pm

Klopsik206 wrote:
God bless EU for GDPR.
Once GDPR regulation enters EU's legal system in 2018 such breach would result with monstrous fines (up to 4% of global revenue).

Got any sources or more info on this?
There is a fixed amount of intelligence on the planet, and the population keeps growing :(
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26209
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Darn it, Equifax!

Mon Sep 11, 2017 12:57 pm

morphine wrote:
Klopsik206 wrote:
God bless EU for GDPR.
Once GDPR regulation enters EU's legal system in 2018 such breach would result with monstrous fines (up to 4% of global revenue).
Got any sources or more info on this?

Might this remind you of a certain conversation?
If the Earth were flat, cats would have pushed everything off of it by now.
 
DragonDaddyBear
Gerbil Elite
Topic Author
Posts: 604
Joined: Fri Jan 30, 2009 8:01 am

Re: Darn it, Equifax!

Mon Sep 11, 2017 1:14 pm

just brew it! wrote:
https://arstechnica.com/information-technology/2017/09/equifax-moves-to-fix-weak-pins-for-security-freeze-on-consumer-credit-reports/


I was just going to post that. So much fail, all from a company that should be among the best at protecting your information.
 
Waco
Gold subscriber
Gerbil Jedi
Posts: 1964
Joined: Tue Jan 20, 2009 4:14 pm
Location: Los Alamos, NM

Re: Darn it, Equifax!

Mon Sep 11, 2017 1:40 pm

Sigh. I hate everything about this idiotic system. The idiots running it give me as much confidence in their ability to judge my credit worthiness as they do in their ability to secure their systems: none.
Z170A Gaming Pro Carbon | 6700K @ 4.5 | 16 GB | GTX Titan X | Seasonix Gold 850 | XSPC RX360 | Heatkiller R3 | D5 + RP-452X2 | Cosmos II | Samsung 4K 40" | 480 + 240 + LSI 9207-8i (128x8) SSDs
 
MileageMayVary
Gerbil First Class
Posts: 188
Joined: Thu Dec 10, 2015 9:18 am
Location: Baltimore

Re: Darn it, Equifax!

Mon Sep 11, 2017 2:14 pm

Waco wrote:
Sigh. I hate everything about this idiotic system. The idiots running it give me as much confidence in their ability to judge my credit worthiness as they do in their ability to secure their systems: none.

Agreed.

Also, aren't these the people who own Lifelock?
Main rig: Ryzen 1600@3.75GHz, R9 290@1050MHz, 16GB@2933MHz, 1080-1440-1080 Ultrasharps.
 
MOSFET
Silver subscriber
Gerbil First Class
Posts: 171
Joined: Fri Aug 08, 2014 12:42 am

Re: Darn it, Equifax!

Mon Sep 11, 2017 2:16 pm

I can't get through to Equifax, at least to the point of getting a result. Phone system - lets you go through it, only to tell you it's unavailable at the end. https freeze equifax website - same result. Input all your important info and then errors out. This whole thing really feels like an even bigger setup than is currently being reported (and with that, I will put on the tin foil hat to keep the crazies out.) Apparently, smail mailing all your pertinent life details to a PO Box in Atlanta is the only way to freeze with Equifax right now.

Edit to add from Eq website: September 11, 2017 We are committed to keeping consumers updated on the steps we are taking to provide them with the support they need and address any issues they are facing in response to this incident. We recognize that some consumers continue to face challenges and in response we have made the following updates:

"We recognize that some consumers continue to face challenges..."


Thank you. Thank you Equifax, for saving me, and telling me who I am, and what I need to know. Thanks again, buddy.

Later edit: I did finally get thru their web form later today, completing the freeze at all four majors.
Last edited by MOSFET on Mon Sep 11, 2017 8:24 pm, edited 3 times in total.
 
Hawkwing74
Silver subscriber
His Holy Gerbilness
Posts: 13671
Joined: Wed Aug 20, 2003 5:51 pm
Location: Streamwood, IL

Re: Darn it, Equifax!

Mon Sep 11, 2017 2:28 pm

MOSFET wrote:
I can't get through to Equifax, at least to the point of getting a result. Phone system - lets you go through it, only to tell you it's unavailable at the end. https freeze equifax website - same result. Input all your important info and then errors out. This whole thing really feels like an even bigger setup than is currently being reported (and with that, I will put on the tin foil hat to keep the crazies out.) Apparently, smail mailing all your pertinent life details to a PO Box in Atlanta is the only way to freeze with Equifax right now.

Seems like there are peak times. I tried yesterday afternoon and it was fine.
 
Klopsik206
Gerbil First Class
Posts: 176
Joined: Mon Apr 21, 2003 1:28 am
Location: old continent

Re: Darn it, Equifax!

Tue Sep 12, 2017 9:51 am

 
Glorious
Gold subscriber
Grand Admiral Gerbil
Posts: 10033
Joined: Tue Aug 27, 2002 6:35 pm

Re: Darn it, Equifax!

Tue Sep 12, 2017 9:55 am

Someone already made this point on the frontpage without the use of a link loaded with charged language and massive doses of unrelated acrimony.
 
Klopsik206
Gerbil First Class
Posts: 176
Joined: Mon Apr 21, 2003 1:28 am
Location: old continent

Re: Darn it, Equifax!

Tue Sep 12, 2017 10:25 am

morphine wrote:
Klopsik206 wrote:
God bless EU for GDPR.
Once GDPR regulation enters EU's legal system in 2018 such breach would result with monstrous fines (up to 4% of global revenue).

Got any sources or more info on this?


Sure:
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

It's EU regulation only, however it will impact US firm doing business in EU, too.
 
DPete27
Grand Gerbil Poohbah
Posts: 3057
Joined: Wed Jan 26, 2011 12:50 pm
Location: Wisconsin, USA

Re: Darn it, Equifax!

Tue Sep 12, 2017 10:30 am

Not sure if anyone else has said this, but what if this whole breach was cooked up by Equifax and/or related parties. Just think of all the credit monitoring revenue this has generated, especially to Equifax when the 1 year free monitoring expires and people renew their subscription.
Main: i5-3570K, ASRock Z77 Pro4-M, MSI RX480 8G, 500GB Crucial BX100, 2 TB Samsung EcoGreen F4, 16GB 1600MHz G.Skill @1.25V, EVGA 550-G2, Silverstone PS07B
HTPC: A8-5600K, MSI FM2-A75IA-E53, 4TB Seagate SSHD, 8GB 1866MHz G.Skill, Crosley D-25 Case Mod
 
just brew it!
Gold subscriber
Administrator
Posts: 48783
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Darn it, Equifax!

Tue Sep 12, 2017 10:39 am

I didn't say it, but it occurred to me. Unlikely though, because the hit to their reputation likely outweighs any positive effects on their bottom line, and it invites regulatory scrutiny.
Nostalgia isn't what it used to be.
 
Glorious
Gold subscriber
Grand Admiral Gerbil
Posts: 10033
Joined: Tue Aug 27, 2002 6:35 pm

Re: Darn it, Equifax!

Tue Sep 12, 2017 11:00 am

Klopsik206 wrote:
It's EU regulation only, however it will impact US firm doing business in EU, too.


That's still an open question from the previous effort when the territoriality went the other way:

https://en.wikipedia.org/wiki/Microsoft ... ted_States

We'll know more this upcoming October term, but I wouldn't automatically count on it.


And you're not presenting this properly, it's not an automatic maximum fine for simply having the breach, there are conditions:

5.   Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher:
(a)
the basic principles for processing, including conditions for consent, pursuant to Articles 5, 6, 7 and 9;
(b)
the data subjects' rights pursuant to Articles 12 to 22;
(c)
the transfers of personal data to a recipient in a third country or an international organisation pursuant to Articles 44 to 49;
(d)
any obligations pursuant to Member State law adopted under Chapter IX;
(e)
non-compliance with an order or a temporary or definitive limitation on processing or the suspension of data flows by the supervisory authority pursuant to Article 58(2) or failure to provide access in violation of Article 58(1).
6.   Non-compliance with an order by the supervisory authority as referred to in Article 58(2) shall, in accordance with paragraph 2 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.


That all seems to have to do with consent, transparency and complying with orders by regulators.

There *is* something in there about the requirement for 72-hour notification to people affected by data breaches....but that's the 10 million EUR or 2% revenue section. :roll:


There simply isn't anything in there that says data breach = 20 million EUR or 4% revenue.
 
Klopsik206
Gerbil First Class
Posts: 176
Joined: Mon Apr 21, 2003 1:28 am
Location: old continent

Re: Darn it, Equifax!

Wed Sep 13, 2017 6:38 am

Glorious wrote:
Klopsik206 wrote:
It's EU regulation only, however it will impact US firm doing business in EU, too.


That's still an open question from the previous effort when the territoriality went the other way:
https://en.wikipedia.org/wiki/Microsoft ... ted_States
We'll know more this upcoming October term, but I wouldn't automatically count on it.

I think there will be indirect influence anyway:
- Pressure from clients: I am already no longer able to procure any IT solution not meeting GDPR standards no matter what (I am from EU).
- GDPR is actually in large part about the system design and procedures (google: "GDPR Privacy by Design") I think it would make sense for companies operating globally to introduce this philosophy into their global solutions rather than make "EU edition".

This is of course doesn't concern Equifax which have no business in EU.

Glorious wrote:
And you're not presenting this properly, it's not an automatic maximum fine for simply having the breach, there are conditions:

You are absolutely right. :oops:
I was merely trying to refer to the fact GDPR to introduces significant fines for non-compliance, so no business operating EU can ignore it.
 
Flying Fox
Gerbil God
Posts: 25403
Joined: Mon May 24, 2004 2:19 am
Contact:

Re: Darn it, Equifax!

Thu Sep 14, 2017 4:30 pm

Giant facepalms. :o

Patch your apps! https://arstechnica.com/information-tec ... h-old-bug/
At least set to something not so obvious! https://krebsonsecurity.com/2017/09/ayu ... s-my-data/

I'm trying to avoid the Gizmodo spin on it due to all the click-baity titles. But there was a comment that caught my eye.
dMedici on Gizmodo wrote:
If you compare and contrast the smart phone apps between Transunion, Experian, and Equifax, you’ll notice that Transunion and Experian appear advanced and modern in their interface and functionality, while Equifax looks like something out of the nineties. I first noticed this several months ago, and quickly realized that this is clearly an institution that doesn’t value things like aesthetics, but now it’s become clear that they weren’t concerned in anything else other than their bottom line, including fundamental security practices.
I am somewhat glad that none of my credit cards use them as the CB. And I was wondering why they were all TransUnion and Experian.
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26209
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Darn it, Equifax!

Thu Sep 14, 2017 8:38 pm

Gold buggery split out to here:

viewtopic.php?f=8&t=120079
If the Earth were flat, cats would have pushed everything off of it by now.
 
DragonDaddyBear
Gerbil Elite
Topic Author
Posts: 604
Joined: Fri Jan 30, 2009 8:01 am

Re: Darn it, Equifax!

Fri Sep 15, 2017 8:48 am

Back to the topic at hand, the fact it was Struts is pretty embarrassing. Sure, it's not just a patch but a patch and recompile (which implies significant QA testing), but it's not an excuse to fail. Not to mention they could have addressed it in the two months it took them to get powned. To not monitor, or increase monitoring, of servers for unauthorized or compromising activity knowing there is a CVSS v2/3 10 you are vulnerable to actively being exploited in the wild shows a lack of due diligence. That is to say, I a reasonable person would have taken those actions. Executives are ultimately accountable for the inaction of a company. There's a chance, I think, that a federal agency will take an executive to court and might actually win.
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26209
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Darn it, Equifax!

Fri Sep 15, 2017 9:13 am

DragonDaddyBear wrote:
Back to the topic at hand, the fact it was Struts is pretty embarrassing. Sure, it's not just a patch but a patch and recompile (which implies significant QA testing), but it's not an excuse to fail. Not to mention they could have addressed it in the two months it took them to get powned. To not monitor, or increase monitoring, of servers for unauthorized or compromising activity knowing there is a CVSS v2/3 10 you are vulnerable to actively being exploited in the wild shows a lack of due diligence. That is to say, I a reasonable person would have taken those actions. Executives are ultimately accountable for the inaction of a company. There's a chance, I think, that a federal agency will take an executive to court and might actually win.

On the day job, this issue has consumed WAY too much of my time over the past 2 weeks. We're realizing, from the State-level perspective, that financial regulators aren't in the mix and that it'll be State Attorneys-General, under their consumer protection powers, that drive this bus.

Since no crisis can go to waste, I fully expect that the CFPB will try to assume total regulatory control over the Big 3 credit bureaux at a net cost to the credit-granting process and with no significant positive impact on consumer privacy.

Ten years a banker and twenty-one as a regulator. If I'm not cynical I need instant medical attention.
If the Earth were flat, cats would have pushed everything off of it by now.
 
DragonDaddyBear
Gerbil Elite
Topic Author
Posts: 604
Joined: Fri Jan 30, 2009 8:01 am

Re: Darn it, Equifax!

Fri Sep 15, 2017 9:17 am

Wow, it's worse than I thought.

http://spuz.me/blog/zine/3Qu1F4x.html
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26209
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Darn it, Equifax!

Fri Sep 15, 2017 9:24 am

DragonDaddyBear wrote:
Wow, it's worse than I thought.

http://spuz.me/blog/zine/3Qu1F4x.html

Welcome to my day job. I spend a good chunk of my professional life telling profit-hungry CEOs that, while increased investment in IT will not add to your bottom line, it will cushion the whack you take WHEN (not IF) you have a public disclosure required event.

They never get it until they GET IT.
If the Earth were flat, cats would have pushed everything off of it by now.
 
AMDisDEC
Gerbil
Posts: 84
Joined: Fri Sep 21, 2007 11:48 am

Re: Darn it, Equifax!

Fri Sep 15, 2017 9:59 am

Not to worry. The Admins can still play Cyanide & Happiness.
ASUS K8N-DL | Dual 860 Opterons | 4GB ECC
 
Flying Fox
Gerbil God
Posts: 25403
Joined: Mon May 24, 2004 2:19 am
Contact:

Re: Darn it, Equifax!

Sat Sep 16, 2017 8:39 am

I'm sure they took their golden parachutes with them: :evil:

https://www.engadget.com/2017/09/15/equ ... pany-hack/

I wonder if they are the ones selling the shares too? Mauldin's background also really troubling too, a music major? There needed to be some evidence that she successfully changed fields and got experiences, but of course there was no evidence on that.

The more I read about this, the more Equihax sounds like the old boy's company that really don't know how to run an organization in the modern highly connected world.
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26209
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Darn it, Equifax!

Sat Sep 16, 2017 9:00 am

Here are the required SEC reports for insider securities sales

Rodolfo Ploder - President - Workforce Solutions

John Gamble, Jr. - CVP & CFO

Joseph Loughran - President - USIS (??)

All three sold on 8/1/17, but sold nowhere close to their entire holdings.
If the Earth were flat, cats would have pushed everything off of it by now.
 
just brew it!
Gold subscriber
Administrator
Posts: 48783
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Darn it, Equifax!

Sat Sep 16, 2017 9:23 am

Captain Ned wrote:
Here are the required SEC reports for insider securities sales

Rodolfo Ploder - President - Workforce Solutions

John Gamble, Jr. - CVP & CFO

Joseph Loughran - President - USIS (??)

All three sold on 8/1/17, but sold nowhere close to their entire holdings.

Looks like they were trying to make some quick cash before the stock tanked, but not sell enough to raise red flags. I'm guessing it would be difficult to prove insider trading unless there's a smoking gun (e-mails, recorded conversations, etc.), but it sure smells funny.

The option transaction made by Mr. Loughran also makes me wonder whether he was afraid the stock might drop below $33.60.
Nostalgia isn't what it used to be.
 
SecretSquirrel
Minister of Gerbil Affairs
Posts: 2268
Joined: Tue Jan 01, 2002 7:00 pm
Location: The Colony, TX (Dallas suburb)
Contact:

Re: Darn it, Equifax!

Sun Sep 17, 2017 10:21 am

just brew it! wrote:
Captain Ned wrote:
Here are the required SEC reports for insider securities sales

Rodolfo Ploder - President - Workforce Solutions

John Gamble, Jr. - CVP & CFO

Joseph Loughran - President - USIS (??)

All three sold on 8/1/17, but sold nowhere close to their entire holdings.

Looks like they were trying to make some quick cash before the stock tanked, but not sell enough to raise red flags. I'm guessing it would be difficult to prove insider trading unless there's a smoking gun (e-mails, recorded conversations, etc.), but it sure smells funny.

The option transaction made by Mr. Loughran also makes me wonder whether he was afraid the stock might drop below $33.60.


I've got to assume these were 10b5-1 sales. I know big time execs may be able to skirt a lot of rules that would get us normal folk in trouble, but if these were unscheduled open market trades, they must have been smoking some strong stuff if they thought this wouldn't be noticed. That's not to mention the fact that this would have had to be vetted by corporate legal (at a minimum) and approved. And, I supposed, on the crazy, off hand chance they really didn't know about the breach over a month after it happened and only days before it was publicly announced, that would be a level of executive cluelessness that I just can't fathom.

Even if they were 10b5-1 sales, my personal approach would have been to release the supporting documentation for the sales, either as part of the breach notification, or immediately thereafter. But, they whole response to this has been a fiasco, so why would I expect anything more reasoned?

--SS
 
Flying Fox
Gerbil God
Posts: 25403
Joined: Mon May 24, 2004 2:19 am
Contact:

Re: Darn it, Equifax!

Sun Sep 17, 2017 10:23 am

SecretSquirrel wrote:
And, I supposed, on the crazy, off hand chance they really didn't know about the breach over a month after it happened and only days before it was publicly announced, that would be a level of executive cluelessness that I just can't fathom.

With the level of incompetency demonstrated by the company so far, I would not put it past them.
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
 
SecretSquirrel
Minister of Gerbil Affairs
Posts: 2268
Joined: Tue Jan 01, 2002 7:00 pm
Location: The Colony, TX (Dallas suburb)
Contact:

Re: Darn it, Equifax!

Sun Sep 17, 2017 10:38 am

Flying Fox wrote:
SecretSquirrel wrote:
And, I supposed, on the crazy, off hand chance they really didn't know about the breach over a month after it happened and only days before it was publicly announced, that would be a level of executive cluelessness that I just can't fathom.

With the level of incompetency demonstrated by the company so far, I would not put it past them.


I know. That's what may worry me the most. :o

--SS

Who is online

Users browsing this forum: Yahoo [Bot] and 3 guests