## Equifax Hack

Lies, damned lies, and statistics.
Pyrrho
Posts: 25957
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6
Has thanked: 2723 times
Been thanked: 2785 times

WildCat wrote:In related news my debit card was cloned (probably) several months ago. To illustrate how cocky these bastards are, and sure they won't get seriously investigated, the big-ticket item they bought was a $1,680 Cobra health insurance premium payment. Surely, there's a real name attached to the policy that was purchased? This should be an easy open and shut case right? They won't tell me anything... Yup, they won't tell you anything about the perps. The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus. Abdul Alhazred Posts: 71428 Joined: Mon Jun 07, 2004 1:33 pm Title: Yes, that one. Location: Chicago Has thanked: 3322 times Been thanked: 1228 times ### Re: Equifax Hack Skeeve wrote:Wow AA! I thought I was the designated conspiracy person...You're joking right? This isn't a "conspiracy theory" conspiracy (the shadowy cabal that runs everything behind the scenes). This is a conspiracy of dreary ordinariness. That is a bunch of rich guys making a dishonest dollar. The only unusual detail is the magnitude. Any man writes a mission statement spends a night in the box. -- our mission statement plappendale Skeeve Posts: 10461 Joined: Wed Jun 09, 2004 7:35 am Has thanked: 65 times Been thanked: 80 times ### Re: Equifax Hack Abdul Alhazred wrote: Skeeve wrote:Wow AA! I thought I was the designated conspiracy person...You're joking right? This isn't a "conspiracy theory" conspiracy (the shadowy cabal that runs everything behind the scenes). This is a conspiracy of dreary ordinariness. That is a bunch of rich guys making a dishonest dollar. The only unusual detail is the magnitude. Okay, in other news: US Justice Department investigating Equifax execs ... The U.S. Justice Department is said to be investigating the questionable sale of stock by Equifax executives in advance of the company's public announcement of its massive data breach. The investigation is said to include U.S. prosecutors in Atlanta, the FBI and the Securities and Exchange Commission, according to a report this morning from Bloomberg. Three executives, Chief Financial Officer and Corporate VP John Gamble, President of U.S. Information Solutions Joseph Loughran and President of Workforce Solutions Rodolfo Ploder all sold substantive amounts of Equifax stock between the time the company learned of the hack and the date the hack was publicly announced. These trades, amounting to$1.8 million, saved the three executives from feeling the financial sting of the announcements.
Uh oh....okay, in other news
Equifax Execs Resign; Security Head, Mauldin, Was Music Major
Equifax's feet are being held to the fire — and that fire keeps getting higher.

The beleaguered company announced Friday evening that its chief information officer, David Webb, and chief security officer, Susan Mauldin, had retired. A statement said Mark Rohrwasser would serve as interim CIO and Russ Ayres would be interim CSO.

Since the breach, the now retired Mauldin's internet presence has begun to disappear. A podcast interview with her was taken down and her LinkedIn profile, which archival copies of showed the former chief security officer studied music composition in college and had no security degree, had the last name changed to "M." and was set to private.
Nothing like diversity to get qualified people in positions of importance.... good job Equifax.
Then Skank Of America could start in...

gnome
Posts: 22194
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL
Has thanked: 376 times
Been thanked: 403 times

### Re: Equifax Hack

Skeeve wrote: Nothing like diversity to get qualified people in positions of importance.... good job Equifax.
Really? I think you're assuming a lot.
"If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!"
--Soldier, TF2

Rob Lister
Posts: 19922
Joined: Sun Jul 18, 2004 7:15 pm
Title: Incipient toppler
Location: Swimming in Lake Ed
Has thanked: 593 times
Been thanked: 596 times

### Re: Equifax Hack

gnome wrote:
Skeeve wrote: Nothing like diversity to get qualified people in positions of importance.... good job Equifax.
Really? I think you're assuming a lot.
When Skeeve makes a post like that it makes me think DocX is right about multiple people having access to that account. Interestingly, it is a hand-in-glove fit for this thread. This hack brings to light a problem that is decades old: your identity is for sale. The better your credit, the more it is worth. I suppose mine isn't worth that much. And while you might not ultimately be held responsible for the debt resulting from the theft, your fucked until it gets resolved and then maybe forever after that.

So maybe this hack is a good thing. The current system is utterly broken. Better minds than mine are going to fix it but I can't fathom how.

Skeeve
Posts: 10461
Joined: Wed Jun 09, 2004 7:35 am
Has thanked: 65 times
Been thanked: 80 times

### Re: Equifax Hack

gnome wrote:
Skeeve wrote: Nothing like diversity to get qualified people in positions of importance.... good job Equifax.
Really? I think you're assuming a lot.
...
Since the breach, the now retired Mauldin's internet presence has begun to disappear.
A podcast interview with her was taken down and her LinkedIn profile, which archival copies of showed the former chief security officer studied music composition in college and had no security degree, had the last name changed to "M." and was set to private.
Although I have never seen a 'security degree' I would think a degree in IT or computer science would be more appropriate for the position she held, than a degree in music composition, don't you?

In other news: Equifax Got Hacked Nearly Five Months Before It Previously Said
Equifax has come under intense scrutiny since it announced earlier this month that hackers accessed personal data of 143 million U.S. consumers. But now it turns out the company knew about a significant breach of its computer systems nearly five months before the date it originally said, Bloomberg reports.
...
This does not mean the timeline Equifax has shared publicly is false, but rather the company left out the early portion of events when disclosing its breach to the public. This second, earlier incident may also complicate the company’s statements that its executives did not know about the hackers when they sold their shares in July.
:facepalm:
Then Skank Of America could start in...

Anaxagoras
Posts: 21749
Joined: Wed Mar 19, 2008 5:45 am
Location: Yokohama/Tokyo, Japan
Has thanked: 1410 times
Been thanked: 1235 times

### Re: Equifax Hack

Apparently they neglected to patch a known vulnerability.
A fool thinks himself to be wise, but a wise man knows himself to be a fool.
William Shakespeare

Skeeve
Posts: 10461
Joined: Wed Jun 09, 2004 7:35 am
Has thanked: 65 times
Been thanked: 80 times

### Re: Equifax Hack

Anaxagoras wrote:Apparently they neglected to patch a known vulnerability.
Failure to patch two-month-old bug led to massive Equifax breach
Critical Apache Struts bug was fixed in March. In May, it bit ~143 million US consumers.
...
The flaw in the Apache Struts framework was fixed on March 6. Three days later, the bug was already under mass attack by hackers who were exploiting the flaw to install rogue applications on Web servers. Five days after that, the exploits showed few signs of letting up. Equifax has said the breach on its site occurred in mid-May, more than two months after the flaw came to light and a patch was available.
The image at the article says it all...
Then Skank Of America could start in...

Witness
Posts: 16861
Joined: Thu Sep 19, 2013 5:50 pm
Has thanked: 2058 times
Been thanked: 2821 times

Gizmodo wrote:IRS Awards Equifax $7.25 Million No-Bid Contract to Help 'Verify Taxpayer Identities' https://gizmodo.com/irs-awards-equifax- ... 1819119424 Abdul Alhazred Posts: 71428 Joined: Mon Jun 07, 2004 1:33 pm Title: Yes, that one. Location: Chicago Has thanked: 3322 times Been thanked: 1228 times ### Re: Equifax Hack So they said they were sorry and found a scapegoat, so back on the gravy train. Any man writes a mission statement spends a night in the box. -- our mission statement plappendale Skeeve Posts: 10461 Joined: Wed Jun 09, 2004 7:35 am Has thanked: 65 times Been thanked: 80 times ### Re: Equifax Hack Equifax committee says executive stock sales weren’t insider trading The eyes of the Securities and Exchange Commission and the US Department of Justice have been focused on some questionable stock sales initiated by three Equifax executives a month before the data breach that exposed 143 million US consumers' personal information was revealed to the public. Those agencies have been investigating the sales, which amounted to nearly$1.8 million, and are working to determine whether they were the result of insider trading. However, CNBC reports today that an Equifax committee has reviewed the sales and found no signs of misconduct.
...
However, whether the DOJ and SEC will come to the same conclusion will remain to be seen.
Yea, well, we'll see.
Then Skank Of America could start in...

Abdul Alhazred
Posts: 71428
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 3322 times
Been thanked: 1228 times

### Re: Equifax Hack

So they said they were sorry and found a scapegoat, so back on the gravy train.

Where did I hear that before?
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale

Skeeve
Posts: 10461
Joined: Wed Jun 09, 2004 7:35 am
Has thanked: 65 times
Been thanked: 80 times

### Re: Equifax Hack

Abdul Alhazred wrote:So they said they were sorry and found a scapegoat, so back on the gravy train.

Where did I hear that before?
Not quite the same thing AA.

"Equifax committee says executive stock sales weren’t insider trading." Is a bit more like...

Just change the verbiage and badges a bit, that's all.
Then Skank Of America could start in...

RCC: Act II
Posts: 837
Joined: Thu Dec 07, 2017 2:56 am
Has thanked: 8 times
Been thanked: 87 times

### Re: Equifax Hack

A lot of this stuff is being made worse by the American Arbitration Act. That act has been interpreted in a way that allows a corporation to make you waive your right to sue (agree to mediation) whenever you agree to anything else. Add to that rules that prevent class action suits.

Fear of a class action suits went a long way to keeping these sorts of people in line. Corporate interests have somehow convinced people to focus on the injustice that these things make a lot of lawyers absurdly rich, obscuring the fact that not having class action lawsuits effectively created immunity for any sort of corporate misbehavior that hurts a lot of people but not any individual one all that much.

The mediation destroys even that as it tends to limit damages, and involve rules that rig the process in favor of the corporate interest.

But hey, you clicked on a user agreement of something you already bought and have no real and the part waiving your right to sue was on page 67 so stop whining. You agreed to it fair and square...

Witness
Posts: 16861
Joined: Thu Sep 19, 2013 5:50 pm
Has thanked: 2058 times
Been thanked: 2821 times

### Re: Equifax Hack

If I'm not mistaken, nobody posted about the Uber hack:
The Guardian wrote:Uber concealed massive hack that exposed data of 57m users and drivers

Uber concealed a massive global breach of the personal information of 57 million customers and drivers in October 2016, failing to notify the individuals and regulators, the company acknowledged on Tuesday.

Uber also confirmed it had paid the hackers responsible \$100,000 to delete the data and keep the breach quiet, which was first reported by Bloomberg.
[…]
Hackers stole personal data including names, email addresses and phone numbers, as well as the names and driver’s license numbers of about 600,000 drivers in the United States. The company said more sensitive information, such as location data, credit card numbers, bank account numbers, social security numbers, and birth dates, had not been compromised.

In his statement, Khosrowshahi said the company had “obtained assurances that the downloaded data had been destroyed” and improved its security, but that the company’s “failure to notify affected individuals or regulators” had prompted him to take several steps, including the departure of two of the employees responsible for the company’s 2016 response.

Uber’s chief security officer, Joe Sullivan, was one of the two employees who left the company, Bloomberg reported.
https://www.theguardian.com/technology/ ... ber-attack

gnome
Posts: 22194
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL
Has thanked: 376 times
Been thanked: 403 times

### Re: Equifax Hack

"Daaaahh yeah, we deleted it. Right Bosco?"
"But what about the backup fla--"
*SMACK*
"Right boss, totally erasified!"
"If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!"
--Soldier, TF2

Rob Lister
Posts: 19922
Joined: Sun Jul 18, 2004 7:15 pm
Title: Incipient toppler
Location: Swimming in Lake Ed
Has thanked: 593 times
Been thanked: 596 times

### Re: Equifax Hack

gnome wrote:"Daaaahh yeah, we deleted it. Right Bosco?"
"But what about the backup fla--"
*SMACK*
"Right boss, totally erasified!"
did they really misspell 'fla'

dumbasses.

Skeeve
Posts: 10461
Joined: Wed Jun 09, 2004 7:35 am
Has thanked: 65 times
Been thanked: 80 times

### Re: Equifax Hack

The Equifax data breach, in one chart

More than half of Americans may have had their social-security numbers exposed in the Equifax Inc. data breach, and that is just the start. Equifax (EFX) disclosed the shocking data breach a year ago, on Sept. 7, 2017, but it took the company until May 2018 to fully catalogue and disclose the personal information it believes was accessible to network intruders, with help from FireEye Inc.’s (FEYE) Mandiant unit.
Remember, diversity is our strength!

Yes a success, a flaming success.....
Then Skank Of America could start in...

gnome
Posts: 22194
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL
Has thanked: 376 times
Been thanked: 403 times

### Re: Equifax Hack

Yes, surely their diversity policy was their weakness here. Get rid of those and this will never happen.
"If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!"
--Soldier, TF2

sparks
Posts: 14089
Joined: Fri Oct 26, 2007 4:13 pm
Location: Friar McWallclocks Bar -- Where time stands still while you lean over!
Has thanked: 1967 times
Been thanked: 605 times

### Re: Equifax Hack

And how is it that 147 million is more than half of 325 million? Are they adjusting something without saying so in this graphic? (Pardon me, it's been one helluva day for me)
You can lead them to knowledge, but you can't make them think.