I bet they weren't so lax calculating their bonuses.
Equifax peeks under couch, finds 2.4 million more folk hit by breach
Embattled credit-reporting company Equifax has done some data crunching and discovered another 2.4 million people that had their information slurped by hackers. The biz, which was subject to one of the biggest data breaches in US history last May, has already had to revise up the number of affected individuals. The total …
COMMENTS
-
Thursday 1st March 2018 18:36 GMT Anonymous Coward
I keep on hearing that is what not that many Brits or Canucks that got exposed . But The Number keeps on going up with the yanks. Want to bet the number is much higher for the Canucks and the Brits but this data was all on US servers so they wont say. You Servers that they were not suppose to be on.
-
-
Friday 2nd March 2018 06:28 GMT Anonymous Coward
Equifax again?
"Why don't they just cut their losses and estimate about half the population of the country? It would probably be close to accurate and escape this death march of supplementary announcements."
No kidding!
When I first logged in to El Reg I thought I must have pulled up an old bookmark of this story by mistake until I looked at the date.
Equifax again?
-
-
Thursday 1st March 2018 21:27 GMT Mayday
This annoys (well shits and horrifies) me.
This is a mob who literally manage the wellbeing of millions of people. Someone has "bad credit" then they can't get a mortgage for a place to live. Missed something one day? Oh you can't get a mobile phone. The list goes on.
My credit is good, but the point still stands, these companies have an enormous responsibility (which they have not met in my view) and when they have this monumental cockup with so much at stake we just get a simple "Sorry, we take security seriously" perhaps with mention of an investigation and even with all the bosses now gone we still need to rely on them to live pretty much.
-
Thursday 1st March 2018 23:56 GMT Mark 85
Re: This annoys (well shits and horrifies) me.
Indeed... correct on all counts. On top of all that, they sell us to those who seek our business. Some of those companies are on the up and up and others are shady as hell. I think they have the same business model as FB.. we are the product but there's no opting out.
-
-
Thursday 1st March 2018 21:46 GMT GermanDude
Any new idea who took the data?
Last thing I have heard is that it was probably state actors. This was October of 2017 and heard nothing new. Any idea if this was just crap? I would feel better if Russia or China stole this instead of people who want to make money by selling. Did any of the data ever appear to be sold?
-
Friday 2nd March 2018 08:29 GMT Anonymous Coward
Re: Any new idea who took the data?
North Korea, it makes sense when you think about it, they are a bit skint so could get loads of credit cards in American names and order everyone an iPhone. The American secret services are fully aware of this and are happy to let it happen in the hope that they adopt capitalism as a result.
-
Friday 2nd March 2018 19:53 GMT ThatOne
Re: Any new idea who took the data?
> I would feel better if Russia or China stole this
Occam's razor says that this isn't information of political or strategic interest, it's typically information you need to commit fraud (or at least information to sell to those who want to commit fraud).
-
-
-
-
Friday 2nd March 2018 16:31 GMT JCitizen
Re: They can no longer be trusted
Hmm? That site says no affiliates of Equifax were identifiable as contributors - or something like that. But we all know that has to be hogwash, because the reporting agencies have had an iron grip on regulation for decades now - they keep saying that they will watch over their responsibilities and no need of more regulation - well, we can all so how that worked out!!
-
-
-
-
Friday 2nd March 2018 01:02 GMT diodesign
Re: elvisimprsntr
From the linked-to statement:
"Equifax was able to identify approximately 2.4 million U.S. consumers whose names and partial driver's license information were stolen, but who were not in the previously identified affected population discussed in the company's prior disclosures about the incident."
HTH
C.
-
-
Friday 2nd March 2018 03:13 GMT Anonymous Coward
Hold Equifax accountable for their negligence
It's incomprehensible that Equifax and other data centers would not have the most stringent security systems in place to protect personal data. It's nothing short of pure negligence by these companies that results in security breaches that cause great harm to people for years to come as they try to correct all of the credit problems relating to these security breaches that are 100% preventable. Fines for this type of negligence should start at $100 Billion and increase appropriately.
-
Friday 2nd March 2018 06:37 GMT sloshnmosh
I guess that means it's less than 63 cents now...
"The CEO of Equifax is retiring from the credit reporting bureau with a pay day worth as much as $90 million—or roughly 63 cents for every customer whose data was potentially exposed in its recent security breach."
http://fortune.com/2017/09/26/equifax-ceo-richard-smith-net-worth/
-
Friday 2nd March 2018 08:35 GMT Anonymous Coward
if you have a breach it's always better to split it out into smaller numbers so it doesn't look as bad. Eventually the total number may get to everyone but at least you don't have to say they got everyone's info.
Lets take apart the 2.4 million number, did the hackers stop when they got to it as they ran out of space? Were these 2.4m records segmented into a different database to the total number of people they hold driving licence information on? Why were these separated from the other records? If the hackers had free reign on the data how do they know they only got 2.4 million? Answers on a postcard to the usual address.
-
-
Saturday 3rd March 2018 13:55 GMT SloppyJesse
Will GDPR prevent companies using 3rd parties with such a bad history?
GDPR article 28
"Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. " [http://www.privacy-regulation.eu/en/index.htm]
Think Equifax may struggle to provide such guarantees based on recent behaviour. Assuming the regulations expect guarantees to be worth more than the paper they are written on.