back to article Equifax mega-leak: Security wonks smack firm over breach notification plan

Credit reference agency Equifax has been criticised for its breach response in the wake of the disclosure on Thursday of a megahack that affected the data of up to 143 million people in the US alone. The credit reference agency admitted that criminals may have been able to access data including names, social security numbers, …

Page:

    1. Zaxxon

      Re: Right now on the Equifax site

      Not only did execs at Equifax sell stock, someone has bought a few hundred thousand $ worth of put options before the public announcement that are now worth millions.

    2. TonyHoyle

      Well considering one was the CFO and one was the 'president of U.S. information solutions' the idea that neither of them knew of a significant data breach days after it happened is farcical.

      1. AlbertH

        Well considering one was the CFO and one was the 'president of U.S. information solutions' the idea that neither of them knew of a significant data breach days after it happened is farcical.

        Isn't that the very essence of insider dealing? I was under the impression that this was illegal and should result in long jail sentences.

        There is also the issue of criminal irresponsibility - these clowns have no idea about data security (it's not the first time they've been compromised) and they should be shut down and jailed. The other "credit checking" agencies also need thorough investigation, and if there's the slightest possibility that they could be compromised, they also need to be shut down - and prosecuted for negligence - and the whole rotten industry should cease. Banks and other financial institutions should revert to doing their own checking of customers - just like they used to.

    3. Unhelpful Yoda
      Thumb Up

      Re: Right now on the Equifax site

      I would buy on any dips. In a country with no consequences for corporate crooks...

      ( reference search terms: WellsFargo CEO, Fake Accounts, Golden Parachute)

      ...companies will continue to use Equifax.

    4. post-truth

      Re: Right now on the Equifax site

      That's another thing the execs have to fear - derivative claims from shareholders. And you don't even need fraud to jail them. With the data protection laws changing, this will have peculiar effects on the "business record" admissibility rules of criminal evidence in each jurisdiction. Interestingly, as Google execs found out the hard way a few years ago, most EU nations award custodial sentences (generally five years or less, though Greece has up to 10) for criminal data protection offenders (i.e. controllers), and breaches undoubtedly will engage those criminal laws.

  1. Anonymous Coward
    Mushroom

    I tried placing a fraud alert for myself with TransUnion

    The Java Servlet blew up:

    500 Servlet Exception

    [show] java.lang.IllegalStateException: Can't sendRedirect() after data has committed to the client.

    java.lang.NullPointerException at com.truelink.app.consumerCredit.site.fa.tags.dfpAd.DFPAdTag.doStartTag(DFPAdTag.java:24) at _jsp._copy._fa._fraudAlert._addInitialAlertConfirm_0en__jsp._jspService(copy/fa/fraudAlert/addInitialAlertConfirm_en.jsp:147) at _jsp._copy._fa._fraudAlert._addInitialAlertConfirm_0en__jsp._jspService(_addInitialAlertConfirm_0en__jsp.java:30) at com.caucho.jsp.JavaPage.service(JavaPage.java:64) at com.caucho.jsp.Page.pageservice(Page.java:548) at com.caucho.server.dispatch.PageFilterChain.doFilter(PageFilterChain.java:194) at com.caucho.server.httpcache.ProxyCacheFilterChain.doRequestCacheable(ProxyCacheFilterChain.java:252) at com.caucho.server.httpcache.ProxyCacheFilterChain.doFilter(ProxyCacheFilterChain.java:193) at com.caucho.server.webapp.DispatchFilterChain.doFilter(DispatchFilterChain.java:131) at com.caucho.server.dispatch.ServletInvocation.service(ServletInvocation.java:290)

    [...]

    Awesomeness.

    1. Alan J. Wylie

      Re: I tried placing a fraud alert for myself with TransUnion

      https://www.equifax.com/cs7/faces/jspx/login.jspx

      Request Attributes

      Name Value

      _HKHACK_ yes

  2. Destroy All Monsters Silver badge
    Windows

    TOP.MEN are working on this.

    "Who?"

    "TOP. MEN."

    Yeah, looks like my former CIO has found a new job.

  3. Alan J. Wylie

    It's so secure

    that if you're called O'Reilly it won't let you enter your name.

    Nor Mountbatten-Windsor

  4. Public Citizen
    Flame

    What isn't covered in this article is the action taken by high level executives of Equifax between the time the breach was discovered and when it was disclosed.

    At least 3 high level executives sold large amounts of Equifax stock, probably in violation of US Securities Law.

    This whole situation stinks on ice.

  5. Captain Boing
    Trollface

    ... and Equifax sat on the news of the leak for 41 days! so that three senior execs could dump their stock...

    https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack

  6. Anonymous South African Coward Bronze badge

    Which company will remain schtum on a major leak for 41 days, then try to blame somebody else?

    Boggles the mind, really.

  7. Anonymous Coward
    Anonymous Coward

    sources of authoritative information

    Nearly every bloody link in this piece is to twitter! Who do you think you are, el Reg - Donald Trump?

    I suspect there may be some rather more reliable and authoritative journalistic sources available.

  8. andrew ginty

    Surely the FS companies who passed customers data to Equifax have a responsibility

    The banking, insurance and credit industries are dependent on credit reference checks as part of their risk processes. Compliance to risk processes is a regulatory necessity, so they have to go to companies like Equifax for such checks.

    So, if for example, I apply for interest-free credit on a TV, a new card, a loan, a mortgage or an insurance policy, it's a certainty that my details are checked with a reference agency, who, by the nature of their business, will keep records.

    If that agency, is foolish enough to lose those records, the companies who gave them their customers' details, should have at least a duty of care to those customers (and prospective customers) to check whether their details are amongst those that Equifax so generously shared with god-knows-whom are those of their customers (or prospective customers).

    So (all the banks, insurance companies, mortgage companies, mail-order companies, utilities etc ...) should be in the process of working out who's details have been shared with Equifax, and whether they are amongst the hundred-plus million.

    Holding breath. May go blue.

  9. Jake Maverick

    it's all a part of the plan...we seem to be somewhat behind schedule, hence this....but it wnt be long now until u are forced to give DNA samples and fingerprints everytime u do anything, like withdraw your own money from the bank....they're impossible to fake, right...? no.....

  10. Sam Therapy
    Happy

    Article picture

    Why is Steve Buscemi taking a pair of grips to his phone?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon