back to article Equifax peeks under couch, finds 2.4 million more folk hit by breach

Embattled credit-reporting company Equifax has done some data crunching and discovered another 2.4 million people that had their information slurped by hackers. The biz, which was subject to one of the biggest data breaches in US history last May, has already had to revise up the number of affected individuals. The total …

  1. Anonymous Coward
    Anonymous Coward

    I bet they weren't so lax calculating their bonuses.

    1. ecofeco Silver badge

      What makes you say that? :)

    2. robidy

      Oh but they were...they forgot to take account of the negative bonus for data theft...they'll remember it once said management have left.

    3. ecofeco Silver badge

      Before I get any more downvotes, it's a joke.

      I thought it would be obvious that I was agreeing with the OP.

  2. Anonymous Coward
    Anonymous Coward

    I keep on hearing that is what not that many Brits or Canucks that got exposed . But The Number keeps on going up with the yanks. Want to bet the number is much higher for the Canucks and the Brits but this data was all on US servers so they wont say. You Servers that they were not suppose to be on.

  3. Lysenko

    Why don't they just cut their losses and estimate about half the population of the country? It would probably be close to accurate and escape this death march of supplementary announcements.

    1. ecofeco Silver badge

      Half? I would bet it was everyone in the U.S. with a credit record. There is just no way they could report that and stay in business, so they are leaking it in bit and pieces.

    2. Anonymous Coward
      Anonymous Coward

      Equifax again?

      "Why don't they just cut their losses and estimate about half the population of the country? It would probably be close to accurate and escape this death march of supplementary announcements."

      No kidding!

      When I first logged in to El Reg I thought I must have pulled up an old bookmark of this story by mistake until I looked at the date.

      Equifax again?

  4. circusmole
    FAIL

    I asked them...

    ...what personal information they had leaked to the unknown hackers as a result of their incompetence. To provide this data they requested a whole raft of additional, personal information from me!!! I told them they must be fcuking joking.

  5. Anonymous Coward
    Anonymous Coward

    are they serious?

    Given the time that the system was hacked, does anyone really believe that only a portion of the data was taken?

  6. Andrew Barr

    GDPR

    Any point to this as everyone's details are public now anyway!

  7. Mayday
    Flame

    This annoys (well shits and horrifies) me.

    This is a mob who literally manage the wellbeing of millions of people. Someone has "bad credit" then they can't get a mortgage for a place to live. Missed something one day? Oh you can't get a mobile phone. The list goes on.

    My credit is good, but the point still stands, these companies have an enormous responsibility (which they have not met in my view) and when they have this monumental cockup with so much at stake we just get a simple "Sorry, we take security seriously" perhaps with mention of an investigation and even with all the bosses now gone we still need to rely on them to live pretty much.

    1. Mark 85

      Re: This annoys (well shits and horrifies) me.

      Indeed... correct on all counts. On top of all that, they sell us to those who seek our business. Some of those companies are on the up and up and others are shady as hell. I think they have the same business model as FB.. we are the product but there's no opting out.

      1. Mayday
        Thumb Down

        Re: This annoys (well shits and horrifies) me.

        Very much so.

        It's not like I can say to the bank, "Please don't check my credit rating when I rearrange my finances/loans/credit cards because I don't trust Equifax" now is it?

  8. Destroy All Monsters Silver badge
    Pint

    Hillary was right

    All that relentless p0wning so stokes my distrust in democracy,

  9. GermanDude

    Any new idea who took the data?

    Last thing I have heard is that it was probably state actors. This was October of 2017 and heard nothing new. Any idea if this was just crap? I would feel better if Russia or China stole this instead of people who want to make money by selling. Did any of the data ever appear to be sold?

    1. Anonymous Coward
      Anonymous Coward

      Re: Any new idea who took the data?

      North Korea, it makes sense when you think about it, they are a bit skint so could get loads of credit cards in American names and order everyone an iPhone. The American secret services are fully aware of this and are happy to let it happen in the hope that they adopt capitalism as a result.

    2. ThatOne Silver badge
      Unhappy

      Re: Any new idea who took the data?

      > I would feel better if Russia or China stole this

      Occam's razor says that this isn't information of political or strategic interest, it's typically information you need to commit fraud (or at least information to sell to those who want to commit fraud).

  10. Doctor Syntax Silver badge

    Analysing data is supposed to be what they're good at. If they keep finding these errors in their initial analysis of the breach what does it tell us about their competence to carry out their basic business?

  11. 404
    Mushroom

    They can no longer be trusted

    So why not fine them into nonexistence?

    Where the hell are the Feds on this anyway?

    1. alain williams Silver badge

      Re: They can no longer be trusted

      follow the money

      1. JCitizen
        Flame

        Re: They can no longer be trusted

        Hmm? That site says no affiliates of Equifax were identifiable as contributors - or something like that. But we all know that has to be hogwash, because the reporting agencies have had an iron grip on regulation for decades now - they keep saying that they will watch over their responsibilities and no need of more regulation - well, we can all so how that worked out!!

  12. elvisimprsntr

    They seem to be omitting the obvious question.

    Was DL info leaked for the other 145m people or just partial information for these particular 2.4m people?

    1. diodesign (Written by Reg staff) Silver badge

      Re: elvisimprsntr

      From the linked-to statement:

      "Equifax was able to identify approximately 2.4 million U.S. consumers whose names and partial driver's license information were stolen, but who were not in the previously identified affected population discussed in the company's prior disclosures about the incident."

      HTH

      C.

  13. Anonymous Coward
    Anonymous Coward

    The worst part is that instead of giving any compensation for losing your information which you never gave them permission to keep in the first place, they demand further details in order to offer you their protection from fraud with the ones they lost!

  14. Anonymous Coward
    Anonymous Coward

    Hold Equifax accountable for their negligence

    It's incomprehensible that Equifax and other data centers would not have the most stringent security systems in place to protect personal data. It's nothing short of pure negligence by these companies that results in security breaches that cause great harm to people for years to come as they try to correct all of the credit problems relating to these security breaches that are 100% preventable. Fines for this type of negligence should start at $100 Billion and increase appropriately.

    1. JCitizen
      Flame

      Re: Hold Equifax accountable for their negligence

      And hit them with regulations, that they've been dodging for at least a generation or two!

  15. sloshnmosh

    I guess that means it's less than 63 cents now...

    "The CEO of Equifax is retiring from the credit reporting bureau with a pay day worth as much as $90 million—or roughly 63 cents for every customer whose data was potentially exposed in its recent security breach."

    http://fortune.com/2017/09/26/equifax-ceo-richard-smith-net-worth/

  16. Anonymous Coward
    Anonymous Coward

    if you have a breach it's always better to split it out into smaller numbers so it doesn't look as bad. Eventually the total number may get to everyone but at least you don't have to say they got everyone's info.

    Lets take apart the 2.4 million number, did the hackers stop when they got to it as they ran out of space? Were these 2.4m records segmented into a different database to the total number of people they hold driving licence information on? Why were these separated from the other records? If the hackers had free reign on the data how do they know they only got 2.4 million? Answers on a postcard to the usual address.

  17. Anonymous Coward
    Anonymous Coward

    The sick part

    It disgusts me that firms like this are privileged to evaluate my personal trustworthiness.

  18. JCitizen
    WTF?

    I'm mad as hell !!!!!!..

    about Equifax and the lack of oversight by regulators - this is serious SHIT! If they don't start doing something about it, there will be angry mobs with pitchforks that will make the "Occupy Wall street" crowd look like Little Miss Muffet and the girl scouts!!.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm mad as hell !!!!!!..

      Welcome to generation "meh", business > government.

  19. SloppyJesse
    FAIL

    Will GDPR prevent companies using 3rd parties with such a bad history?

    GDPR article 28

    "Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. " [http://www.privacy-regulation.eu/en/index.htm]

    Think Equifax may struggle to provide such guarantees based on recent behaviour. Assuming the regulations expect guarantees to be worth more than the paper they are written on.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like