Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone

Re: 'We pride ourselves on being a leader in managing and protecting data'

I've lately made the scale on mine logarithmic,

No scale means anything unless it has dimensions. We need an SI or ElReg quantum for data breaches. I'd suggest that the unit is called a "Dido", but I'm wondering that the actual scaling should be. I think it needs to be some product of:

1) absolute size of the breach in individual accounts or records exposed,

2) the significance of the data lost on some scale of 1 to 5, where Talk Talk are a three, and Equifax a four - you'd get a five for losing personally sensitive information eg health, personal circumstances, where I have a distinction between personally confidential data and personally sensitive data.

3) a scaled value for the stupidity in allowing the breach on a 1-3 scale. A simple SQL attack is about as basic as you get, that's a 3, a nation-state attack using zero days is a 1.

4) Track record. Simply the number of known breaches in the previous three years.

So, for the last Talk Talk hack, I'm reckoning 157,000 x 3 x 3 x 3 / 1m = 4.24 Didos.

Now, do we take that number of 4.239m as one Dido, and measure other breaches against that? Or do we divide by a million to keep the numbers easy to use, and keep the honorarium, but then quantify the Talk Talk breach as 4.239 Didos? Either way the sheer size of the Equifax breach means Dan 55 is most certainly correct to be using a log scale.

Re: So?

Also monitoring fraud for the first year after your details are stolen is not very useful. These types of details are usually used multiple years after being stolen.

Re: Only

It's pretty unlikely. Rule 10b5-1 sets out how this goes for executive share sales:

1) Exec sits down with compliance officers and declares their desire to sell shares, along with some reason (e.g. new house, new boat, divorce etc.) for the sale and a neutral rationale for pricing (e.g. company price now +x% growth)

2) They agree upon a price and time window sufficiently broad and far into the future to eliminate the advantage of whatever privileged non-public information the exec holds, this is at least 90 days but usually >6 months away because that's a typical non-public information window (i.e. 2 quarters)

3) The plan is captured in writing and archived

4) The sale is triggered blindly triggered by a broker upon the conditions being met

Ironically insider trading is much, much harder to do when you're an actual insider. Presumably if the company has declared the sales they're happy 10b5-1 was followed.

Re: Only

whats to stop them going "ooh shit , dump shares" , now knock up one of those declaration things and date it 6 months ago.

Re: Thank goodness

"Its awesome when debt collectors come after you for purchases you never had anything to do with.When you straighten it out somewhat, they sell the debt and you start over again. And again, and again."

Sounds like the sub-prime disaster waiting to happen again.

I strongly suspect that the debt collecting agencies work on the principle that if they pester you enough, you'll eventually relent and pay to make them go away.

Advice I've had from family and friends encourages this route.

I also suspect that they give you a "gullibility" or "weakness in the face of pestering" rating. Pay up too easily and you let yourself in for future scam demands.

Re: Thank goodness

"Its awesome when debt collectors come after you for purchases you never had anything to do with."

It's a pity that there are not laws against irresponsible lending with penalties as severe as those for getting into debt. So many people are conned into taking on hidden debt - like the "only" £47 a month for the phone contract, the "only" £200 a month car contract, or the BT cheap Infinity deals which limit people to 10Gbytes/month in the small print - a friend of ours, not stupid, was hit with an £80 penalty charge by BT because she was visited by grandchildren who took the opportunity to download everything in sight - and had no idea about the limit because the account was set up by her deceased husband, who didn't tell her.

Credit rating agencies have done a huge landgrab, going from respectable organisations that gave businesses information on the creditworthiness of other businesses, to deeply intrusive organisations that collect information on everybody. It looks like it's now coming back to hit a lot more people than just the ones on which they hold junk information.

Re: Can't even be arsed to use an Equifax cert?

"Why didn't they use a subdomain under equifax.com?"

They are in no way the only culprits for that . There's a page somewhere with a tech bloggers rant about the subject , aimed at Halifax bank mostly . he set up similar domains to make the point.

twas very funny .

I doubt big business learned anything though.

youtube is another one and also one that gets liknto to a lot , with real ugly looking domain names

Re: Can't even be arsed to use an Equifax cert?

Yes, Quite. Sometimes I think I'm in a very small minority when I suggest this to people - they usually just look at me funny like i've said something insane.....

Re: Why didn't they use a subdomain under equifax.com?

Under the current cicumstances, who would trust the equifax.com domain?

Re: Can't even be arsed to use an Equifax cert?

I rebelliously ignored my antivirus' "phishing" warnings and had a peek at equifaxsecurity dot com, which turns out to be a page entitled "M-I-C-K-E-Y-M-O-U-S-E" and has an embedded YouTube video of some weird Japanese pop thing called "Hinoi Team - Night of fire".

Re: Sounds like 143 million POTENTIALLY affected

I think we'd probably be better in general if it wasn't so easy to do so much electronically or via mail just using a few bits of not-so-secret information to identify yourself. Most banks offer free notary services for their customers, which is basically "proving you are who are say you are" when signing something. If you had to visit when applying for a new credit card or signing your tax return the only effect would be that banks would have to dedicate a full time employee to this because demand would shoot up.

The additional hassle might keep people from applying for that 8th credit card, which is probably a good thing.