Equifax (44 million UK people's records) hacked.

[KiNgPiN83]

The new GDPR legislation that is coming in next year should hopefully start shafting companies that arent being secure enough with their user data. Obviously theres a lot of scaremongering and talks of fines of 4% of turnover should a company fall foul of GDPR but until it comes into effect we shall see. Hopefully its not a toothless legislation. (I'm sure other guys working in IT have heard a lot about it too..)

 

[Fishbait]

I....erm....what!? lol

Lifelock offers to protect you from the Equifax breach — by selling you services provided by Equifax

Oh sure, I'll take some of that action from a firm that's been hacked at least twice

 

[Cold Fusion]

Social Media Team seem to be just as good at their job as the IT security team....

Fake website fools Equifax staff

 

[Fishbait]

[URL='https://investor.equifax.com/news-and-events/news/2017/08-11-2017-005951319']Equifax acquired an identity protection company before making the hack public to profit from the theft.[/URL]

 

[LoadsaMoney]

CEO steps down with immediate effect.

http://www.bbc.co.uk/news/business-41403444

 

[Diddums]

I mean what I'm about to say in the sincerest, most honest, truthful way possible: I hope this CEO never gets another job again. I hope he ends up living out of a shopping trolley under Waterloo Bridge and asking people if they have any spare change. This guy ran one of the most morally indefensible, incompetent, corrupt, lax and greedy companies on the face of the earth, which ***** with peoples' livelihoods day in and day out, offering a 6 month drawn out process of being punted from pole to post, shrugged off, lied to, hung up on, made to wait on hold for half hours a go, just to get a detail on a credit file rectified.


Burn in hell you piece of ****. I hope your family disowns you too. You do not deserve to walk this planet.

 

[Tunney]

He’s retired. $15 million a year remuneration and then retirement at 57. Not a bad life.

 

[darael]

Equifax data hack affected 694,000 UK customers

The beleaguered credit reference agency Equifax has now admitted that 694,000 customers in the UK had their data stolen between May and July this year.

The firm's original estimate of its UK cyber-theft victims, made last month, was fewer, at nearly 400,000.

Equifax now says that it will contact its affected UK customers by letter to offer them help.

It admits they may be at risk of "possible criminal activity".

Patricio Remon, Equifax's chief European executive, said: "Once again, I would like to extend my most sincere apologies to anyone who has been concerned about or impacted by this criminal act."

Nearly 14 million further UK records were stolen, but they contained only names and dates of birth.

The huge data breach was part of an attack on the firm's world-wide customer records in which the personal details of 146 million people in the US were stolen, along with 8,000 Canadians.

The firm says that as an independent investigation into the saga has been completed, it can now help its UK customers by offering them free advice and ways to protect themselves from identity theft.

Four groups of affected UK customers have been identified:

• 637,000 whose phone numbers were stolen
• 29,000 whose driving licence numbers were stolen
• 15,000 who had some of their Equifax membership details, such as usernames and passwords, stolen
• and 12,000 whose email address was stolen.

The scandal led to the resignation last month of the company's chairman and chief executive, Richard Smith.

The company denied in September that the stolen UK data included any addresses, passwords or financial information.

However, the firm has now revealed that data belonging to the 15,000 customers, who had their Equifax membership details accessed, did indeed include Equifax passwords, secret questions and answers, and partial credit card details.

UK customers can phone Equifax for advice on 0800 587 1584.

http://www.bbc.co.uk/news/business-41575188

 

[Cold Fusion]

Still no word on exactly 'who' these customers are in terms of whether they are direct customers or through other institutions (Banks, Insurers etc)

Still no word on how the data was stored, if its plain text i hope the company is dismantled, there's no way it should operate if the security they employed was so lax.

Edit: it was plain text

Some good articles here:
https://krebsonsecurity.com/2017/10/equifax-hackers-stole-info-on-693665-uk-residents/#more-41105
https://krebsonsecurity.com/2017/10/fear-not-you-too-are-a-cybercrime-victim/

 

[Fishbait]

Equifax website borked again, this time to redirect to fake Flash update

 

[Destination]

Nearly 14 million further UK records were stolen, but they contained only names and dates of birth.

Ermm, wtf? So they lost 700K of more info, but a footnote is the 14M names and DOBs they lost?

 

[bobbarley]

Was more than a pit peeved off when I read about this the other day.

 

[Pixel]

They need to start prosecuting CEOs of companies who fail to protect their data.

 

[jaffveyda]

They need to start prosecuting CEOs of companies who fail to protect their data.

Especially if you are bank customer and you don't have choice and you have to use one of those institutions. Mass lawsuit will fallow but only in USA.

 

[Fishbait]

Equifax rival TransUnion also sends site visitors to malicious pages.

"Equifax isn't the only credit-reporting behemoth with a website redirecting visitors to fake Adobe Flash updates. A security researcher from AV provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, is also sending visitors to the fraudulent updates and other types of malicious pages."

They should either be fined a humongous amount or shut down for such screw ups as this, but doubt anything'll come of it.

 

[Jonny2284]

Whelp got my letter this morning.

Apparently they "only" got my name, dob and phone number, still a little unclear as to why (in their words) my data was copied across to the US servers as part of a "process failure" between 2011 and 2016 and why it was still there to be accessed in May 2017?

But the good news is, the company that just put said info in the shop window like this is graciously offering to let me give them more details for a free account in the name of protecting myself.

 

[Terminal_Boy]

Fetch your popcorn, the endless tales of corporate incompetence are going to be great.

Corporate incompetence is only ever matched and then exceeded by government incompetence.

 

[Belly]

But the good news is, the company that just put said info in the shop window like this is graciously offering to let me give them more details for a free account in the name of protecting myself.

Me and Mrs Belly and my friend's wife got letters this week. I'd never heard of them. I asked the postman if he had delivered loads of them, he said "No", so maybe they are laboriously going through the list name by name. Seems a bit unlikely......

I did phone them and opted for the free postal credit report. I didn't have to and wouldn't have given them any information other than that which was printed on their letter. I just gave them the reference number, DOB and address.

I'd think the other more detailed options: SMS, email notification of any credit searches etc would require more information. At least they didn't suggest that one opts for a paid for service. One of the options is free for 1 year but they have extended it to 2 years.

 

[Uther]

Excellent, letter from Equifax saying my details were accessed in the hack.Incompetent ********.

 

[glenimp617]

They need to start prosecuting CEOs of companies who fail to protect their data.

100% Agree

time and time again it's the IT departments who get blamed, but it's most probably those who are yelling at senior management for extra funding and resources