nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
44m UK consumers on Equifax's books. How many pwned? Blighty eagerly awaits spex on the breach

Anonymous Coward

So much worse than that ...

(AC, obviously)

the feature-creep of the credit reference agencies has certainly affected car and general insurance. Anyone who has used an aggregator service in the past 2 years will almost certainly have had their details verified using a service which goes back to Equifax/Experian.

Given that HMG is also an enthusiastic user of such services, WHAT ARE THEY DOING TO PROTECT THEIR CITIZENS, apart from the fuck-all currently on display.

Having been very closely involved with a lot of law-enforcement initiatives, it's painful to note that worldwide, UK citizens are a prize catch due to the useless nature of our government. As in so many other things, we could learn from the rest of Europe - particularly Germany.

58
0
Silver badge

Re: So much worse than that ...

"Given that HMG is also an enthusiastic user of such services, WHAT ARE THEY DOING TO PROTECT THEIR CITIZENS, apart from the fuck-all currently on display."

Probably nothing more than a couple of civil servants having a nice drinky poos around the westminster bar saying "I say, what a terrible business old man!", "Yes, isn't it what what. Never mind, another Glenfiddich?".

The government and the tax man only start giving a shit when THEY lose money, they don't give a monkeys if you lose any or all of yours either directly or indirectly through identity theft. Parties of all colours have shown the contempt they hold for the private details of UK citizens. Medical records to India? No problem. Data security? Who cares, we're saving a few quid.

12
0
Anonymous Coward

Re: So much worse than that ...

Actually, it's worse than worse than that (a fate worse than a fate worse than death ...)

Whilst fuck all progress has been made legitimately with "big data" (too many spivs), there has been a seismic shift in the illegitimate use of big data.

When miscreants around the world start marrying the Equifax data with *other* sources of data - probably all publicly visible (Facebook for a start), you have the perfect storm for some very intractable identity theft.

Echoing the PP about the UK government, bear in mind there have been victims of identity theft who have had to be issued with new NI numbers, as it wasn't possible to undo the damage associated with the old one.

19
0
Anonymous Coward

Re: So much worse than that ...

Maybe a little early for Schadenfreude, but I suspect some high-flying civil servants might be a low-hanging fruit for scamsters.

6
0
Silver badge

Re: So much worse than that ...

"Given that HMG is also an enthusiastic user of such services, WHAT ARE THEY DOING TO PROTECT THEIR CITIZENS, apart from the fuck-all currently on display."

Working hard at getting out from under any sort of extra-territorial jurisdiction that could hold them to account (standard MP uselessness will make sure Parliament won't).

11
0
Silver badge

Re: So much worse than that ...

Yes, isn't it what what. Never mind, another Glenfiddich?

I really hope our civil servants have better taste in whisky than Glenfiddich.

More on topic it's not entirely obvious what they can do. It's down to the ICO to figure out if there should be a prosecution and not really anybody else.

Nobody in the EU you guys all love so much wanted to put a requirement to notify in the EU data protection directives so we don't have one.. If we weren't in the EU we'd have had one years ago.

2
16
Silver badge

Re: Fraudsters never attack those in power...

else they draw attention. They would much more likely legitimise the method of extracting money. There are various ways to do so, with a smooth tongue and a bridge to sell...

2
0
Silver badge

Re: So much worse than that ...

"More on topic it's not entirely obvious what they can do. It's down to the ICO to figure out if there should be a prosecution and not really anybody else."

Remove the exemption that allows the credit reference agencies to store incorrect information would be a start. And allow people to opt-out of data processing would help. And stop giving them access to the unfiltered electoral role.

Plenty of things the government could do if it weren't in the pay of the banks.

3
0
Silver badge

Crucifed

is what Equifax deserve for this if only 'Pour Encourager Les Autres'

I hope any business using Equifax stops and they fold.

I had a Captial One credit card for a while and refused the free offer of Equifax credit reporting and monitoring. I didn't think it worth the risk of giving them more personal information than they already had. I suppose I just have to keep my fingers crossed.

23
0

Re: Crucifed

"I didn't think it worth the risk of giving them more personal information than they already had."

They probably had every bit of that information anyway. You'd be amazed at how much they know about you. It's probably up there with what the NSA has.

NSA here : Not quite, but close.

18
0
Silver badge

Re: Crucifed

The class action lawyers (in the US) are already recruiting. This is going to cost Equifax a minimum of 9 digits.

1
0
Silver badge

Re: Crucifed

Thinking of signing up, not for the money to me but bankrupt Equinefax. Also, I would like to see the C-suite being roasted alive for crimes against humanity (not going to happen but I can dream).

4
0
Silver badge
Gimp

Re: Crucifed

Look, I watched as much deep throat / bizarre porn as the next guy but what you're suggesting here makes even me uncomfortable...

0
0

Proof reading?

The quality of English in El Reg articles has gone seriously downhill in the last 12 months, did you sack all your proof readers or just not have any to begin with?

"BT has confirmed it was a user of Equifax services, with a spokesman adding it was in dialogue with credit reference agency about the matter. A BT spokesman courtesy told El Reg he wasn’t able to share any more at this point."

The first sentence in that article is missing a definite article and the second just doesn't make any sense grammatically. There are also multiple references to Equinox in the article that I presume should be Equifax.

22
0
Silver badge

Re: Proof reading?

The quality of English in El Reg articles has gone seriously downhill in the last 12 months, did you sack all your proof readers or just not have any to begin with?

This sentence could do with a spot of proof-reading too.

10
0
Silver badge

Re: Proof reading?

Plot twist: "Iron" is actually an El Reg author

4
0
Silver badge
Facepalm

Re: Proof reading?

This sentence could do with a spot of proof-reading too.

I think you meant That sentence could do with a spot of proof-reading too.

Muphry's Law strikes again. It can never be repealed.

13
0
Silver badge

Re: Proof reading?

Presumably the missing article is due to Russian hacking.

6
0
Silver badge
Trollface

Re: Proof reading? @iron

And you, sir, are missing a Grammar Nazi icon.

May I claim my £5?

0
0
Anonymous Coward

So the bodies using this service have been passing them information in the process?

No more wrist slapping, take them to the cleaners and break them on the wheel and fine anyone who used them as well. Everybody involved is guilty except the victim who ends up paying for it all

All these agencies have been making money off our backs for years and when that is not enough for them then "oops, your data just slipped through our fingers and into the hands of the more orthodox criminals"

24
0
Silver badge

Re: So the bodies using this service have been passing them information in the process?

You don't appear to understand how credit reference agencies work, or you wouldn't be at all surprised that as part of the deal their customers (companies who provide credit) give them information on how you behave, such as missed/late payments.

0
11
Silver badge

Re: So the bodies using this service have been passing them information in the process?

"You don't appear to understand how credit reference agencies work"

We understand all right. We just don't like it.

23
0

Re: So the bodies using this service have been passing them information in the process?

Credit Reference Agencies get feeds from almost every major company that deals with the consumer on an account basis. They will get feeds from all the credit card companies about late payments, balance, from banks, things like unapproved overdrafts. They'll have feeds from you phone company about missing/late payments. If you've got a store card and are in deficit, they'll know about that too.

It's not just company data - they'll know if there are any county court judgements, or if you are on the electoral roll and probably if you owe money on your council tax.

There fingers are everywhere. What's worse, if there's a problem with the source that provide adverse information (as sometimes happens - maybe some company has reported a bad debt wrongly) then the credit bureaux washes its hands. It's up to you to get the error corrected by whoever reported it. There have been some horror stories about that.

If you want to find out what they know about you, then sign up for one of the free services, like Clearscore. You might learn something about how information passes around.

In any event, there are going to be some big, big fines levied here. Not just in the US, but in the EU and (I hope) the UK. After all, the various US finance regulatory bodies have been making quite a nice pile of money fining European banks for misdemeanours.

2
0
Bronze badge
Mushroom

Re: So the bodies using this service have been passing them information in the process?

clearscore appear to be a bastard child of capital one and google. amongst other things they'll only answer a subject access request if you give them phone number (why?) and photocopies of passport & driving licence. no dl and passport? no subject access. if i thought it would make a difference I'd tell the ico.

0
0
Bronze badge

Answer: probably everyone

Unless you are a child who doesn't have a bank account, or an illegally trafficked slave, it is pretty much guaranteed that Equifax has a file on you.

18
0

EU data protection?

Customers of these companies might therefore be affected by the attack despite not having signed up for Equifax's services. The US agency holds the personal details of 44 million UK citizens

I'd be curious on which legal basis they hold the data in the US. And I'd be even more curious how they are going to inform all non-customers about the data they kept and failed to secure. 44 million UK citizens, for Christ's sake. That's almost all of the adult population.

17
0
Bronze badge

Re: EU data protection?

It is basically all of the adult population, except for people who aren't on the electoral register and have never had a financial product in their life.

23
0
Silver badge

Re: EU data protection?

"except for people who aren't on the electoral register and have never had a financial product in their life."

Lucky bastards.

6
0
Silver badge

Re: Lucky bastards.

Kindly refrain from referring to our monarch in this fashion.

8
0
Silver badge

Re: Lucky bastards.

I will, just as soon as I work out what "lucky bastards" is in German.

5
0
Silver badge

Re: EU data protection?

Legal basis? Legal basis?? What is this "legal basis" of which you speak? American corporations don't need no stinkin' "legal basis". They have the Marines, drones, B-52s, F-16s, napalm and white phosphorus.

And the alphabet soup.

Just be grateful they haven't disappeared you - yet.

5
0
Silver badge

Re: EU data protection?

I'd be curious on which legal basis they hold the data in the US.

I'd be equally curious about the legal basis on which they contacted Equifax in connection with me in the first place. By way of example, when I added broadband to my telephone account all those years ago it was all done over the 'phone and there was certainly no caveat that "we are going to discuss you with Equifax just to be on the safe side"; similarly I have no recollection of any similar warnings when we have changed energy supplier.

So never mind holding the data in the US; what is the basis of it being shared with another party in the first place without my clear informed consent? Do I sue Equifax with which I have no contract, or do I sue the organisations that shared information about me with Equifax?

13
1
Silver badge

Re: EU data protection?

And I'd be even more curious how they are going to inform all non-customers products about the data they kept

FTFY

7
0
Bronze badge

Re: Lucky bastards.

The Queen is entitled to vote in EU elections. It is less clear whether or not she is entitled to vote in Westminster or local elections, but she doesn't.

She certainly has financial products. I'm sure the electricity supplier did a credit check before deciding to open the account at Buckingham Palace, so Equifax will have a file on her.

1
0

Re: EU data protection?

By financial product, you have to include virtually everything paid on account. Like all the utilities, and probably local government too.

0
0
Silver badge

This is what we all need to do...

Right now... En masse...

https://www.gov.uk/change-name-deed-poll/make-an-adult-deed-poll

1
0
Silver badge

Re: This is what we all need to do...

Even better we all need to change our names to Equifax

2
0
Silver badge

Wow

This particular breech is the real deal. Massively sensitive info, on just about everyone. Equifax should get proper fucked for this.

6
0
Silver badge

Re: Wow

Considering the Sony hack a few years ago generated a fine of £250,000, I would not hold your breath.

8
0
Silver badge
Facepalm

What happens when we're all pwnd?

Is it game over? Do we start again, with newly assigned social numbers etc, and 3 new guys like in PacMan?

I know what a pain this can be. A family member had their identity stolen back in February, and still has not finished cleaning up that mess.

4
0
Silver badge

"It also said that the “arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident” in response to US consumer concerns that finding out if they had been affected by the breach might mean foregoing participation in a class action lawsuit."

Say what again? I'm sure that's not the get-out-of-jail card you're looking for...

5
0
Silver badge

Verbal contract

I suspect that this statement is worth less than the proverbial verbal contract.

1
0
Bronze badge

Surely someone should ask a question in the House at this point?

1
0

Take a letter to The Times, Miss Jones...

2
0
Anonymous Coward

re: Surely someone should ask a question in the House at this point?

Assuming you mean House *of Commons* (not Representatives) then you're a bit behind the times.

The next 5 or so years of UK parliamentary time are devoted to a single subject.

Brexit.

And like a badly written program, on a badly written OS, Brexit has ALREADY STARTED to consume resources at an alarming rate. Just wait until every single organ of government is at 100%, and you can't even process a hardware interrupt.

10
1
Silver badge

Did I opt in ...

I seem to recall the clause "we may contact credit reference agencies ..." at the bottom of some contracts which I took to mean "we'll check to see if you've got a dodgy financial history". At no point do I recall "we will give data to credit reference agencies which will be stored in a database outside the 'safe harbour' agreements.

To be honest, that one company can have so much personal data without the knowledge of the individual is damn scary ...

17
0
Bronze badge

Equinox? What's Equinox?

2
0

1) The moment the Sun passes from the Earth's Northern Hemisphere to the South and vice versa

2) A sadly missed science documentary program that used to be on Channel4

3) An album by Jean Michell Jarre

any more?

11
0
Silver badge
Happy

er (showing age)

an occult bookshop owned by former Led Zepplin guitarist on the Kings Road, London ?

5
0
Silver badge

Re: Equinox? What's Equinox?

It's what you get when you cross a cow with a horse.

16
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing