back to article Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Last year, Equifax admitted hackers stole sensitive personal records on 145 million Americans and hundreds of thousands in the UK and Canada. The outfit already said cyber-crooks "primarily" took names, social security numbers, birth dates, home addresses, credit-score dispute forms, and, in some instances, credit card numbers …

Silver badge

Some?

Some = >1 and <145 million or so. Thanks Equifax... got it.

29
1
Silver badge

Re: Some?

To be fair to Equifax it's quite obvious that they're too fucking incompetent to even begin to find out how much information was taken much less know what was taken.

3
0
Anonymous Coward

Equifux - The 'git' that keeps on giving.

All 3 credit-agencies have been an unanswerable mafia for decades. So, nothing ever got fixed. This will only add to the biggest fraud of all time: Tax Rebates. - American problem with American solution. - America Fuck Yeah!

22
2
Silver badge
Facepalm

Equifax hack worse than previously thought?

Since when does those culpable in a criminal negligence case get to decide what evidence to release to the court. Have Equifax since identified that lone programmer who failed to patch the system.

21
2
Silver badge

Re: Equifax hack worse than previously thought?

The so-called "DNC hack" came close. They complained their servers had been "hacked by Russia", but refused to allow the FBI to examine those servers.

Nothing to hide, no sirree bob.

9
14

Re: Equifax hack worse than previously thought?

Squirrel Could you try Squirrel to stay focused Squirrel on the topic Squirrel at hand without Squirrel running down the Squirrel rabbit hole? Squirrel

2
0
Anonymous Coward

Clearly allowing companies to hold this kind of information should not be allowed

Given the number of "oops we leaked all your personal information and there is nothing you can do about it" then Governments need to put a stop to the collection of personal data by faceless companies.

Individuals should retain control and ownership of their personal information and the trade in this data banned across the board.

Banks are always looking to put the blaim on their customers when there is fraud but since they insisted upon passing their customers details to companies that trade the info with whomever pays then they should be held responsible unless they can prove that the customer was actually guilty of anything other than trusting their bank/loan companies.

Without the above then no citizen should be held accountable for fraud and the onus to maintain their data should be returned to the data holder not the data owner.

28
0
Silver badge

Re: Clearly allowing companies to hold this kind of information should not be allowed

Sounds a bit difficult to put into practice, though. After all, a lot of that data is a matter of public record. The rest...well, how would people conduct business otherwise, especially when identity is critical to the transaction?

3
0
Anonymous Coward

Re: Clearly allowing companies to hold this kind of information should not be allowed

@Charles9 "how would people conduct business otherwise" via the reference issued by your Government who already have all the data.

Any personal data enquires to the Government are relayed to the citizen via mail/email whatever and once consent confirmed then businesses goes ahead.

Basically the citizen is kept in the loop and the companies get only the information required to confirm person will pay and address given is associated with that citizen. Any data the company recieves outside of the citizen reference is destroyed once transaction complete

Then add in real punishments if they abuse the system or attempt to get around it by pressuring their customers for information unrelated to the transaction.

They say that the reason they are currently asking for all the personal information is because they need to confirm who they are dealing with, once they have a unique reference backed by the Government then they need nothing else.

Effectively things are pretty much as they are now but without all the credit reference companies, they would be replaced by your government who is already getting all this information and in theory you have routes availible to you in the event that things go wrong.

As to those things that are public record then the question is why? if the same court documents become associated with your government account instead then your country can stop treating your citizens in debt as criminals. It would also get rid of the dodgy debt collectors who operate without a court judgement, since they wont know where you live unless they work via the courts.

13
0

Re: Clearly allowing companies to hold this kind of information should not be allowed

There is NO reason whatsoever for Government collected data, as in census or electoral roll etc to be made public & definitely NOT sold to Private companies to use as they see fit, but it has been going on for a long time. I remember in 1999 being sent a sample electoral roll CD for the whole of the UK & I was able to look up old girl friends & current company employees & get more info on them than was available to me as IT manager of the company. This was supplied as a sales contact database reference material.

These private companies, now determine your net worth & suitability for credit, but they are NOT regulated & are self appointed, so anyone hacking their systems, could do like the movies & destroy you economically, by reducing your credit score & thus having your cards cancelled by the provider etc, or stealing your data & using it to ruin your hard won credit score through fraudulent use of your private data :(

The governments of the world could & should do more, but they are living in the 19th century & take years to make simple common sense laws where no regulation exists & most of the time the laws are half baked & full of loop holes :( Useless the lot of them.

8
0
Anonymous Coward

Re: Clearly allowing companies to hold this kind of information should not be allowed

Legislating to enable the Govt to hold all this data and be the sole custodian would be far worse. You are placing the cookie jar in control of a Non-Profit with no drivers for improvement (civil servants are invariably less than civil and largely do not demonstrate an understanding of the concept to serve). Far better have the law makers on our side, legislating against such businesses (and driven by the democratic process to improve/prosecute such), than have them in control of the data. That would also be an open goal for biometric/other ID cards, as well as political/bureacratic abuse.

6
1
Anonymous Coward

Re: Clearly allowing companies to hold this kind of information should not be allowed

@Charles 9

I am not, nor ever have been, nor ever will be a customer of Equifax. Why should they have any information about me?

Roll on GDPR when I can get it all deleted....

8
0
Silver badge

Re: Clearly allowing companies to hold this kind of information should not be allowed

"There is NO reason whatsoever for Government collected data, as in census or electoral roll etc to be made public"

Except as a check against the government itself. It's basically a no-win situation. If you let the government hide data, they can exploit it against you with no recourse. But open it up, and others will do the same. Your personal information MUST be shared in order to do anything of note, but that very information can be used against you. It's all a matter of trust, and if you're in DTA mode, you're basically out of the loop of civilization, meaning you're hiding in that cabin in the forest subsisting on bugs. After all, anyone can backstab you at any time, and they don't even need to know your name to do it. So how far are you willing to take it?

0
0
Silver badge

Re: Clearly allowing companies to hold this kind of information should not be allowed

@AC

I am not, nor ever have been, nor ever will be a customer of Equifax. Why should they have any information about me?

Roll on GDPR when I can get it all deleted....

I would like to bet that Equifax do have information about you. If you have opened a bank account, have a credit card, or have applied for a loan or other credit, then the chances are your data was given to Equifax, as well as the other credit reference agencies.

And the GDPR doesn't give you the right to demand deletion of your data unconditionally, if Equifax can show a business need (which they can, as they are a credit reference agency) then they can refuse to delete your data.

2
0
Anonymous Coward

Re: Clearly allowing companies to hold this kind of information should not be allowed

Yeah, I get all that but it'll be good sport to argue with them and the ICO?

2
0

Re: Clearly allowing companies to hold this kind of information should not be allowed

"Then add in real punishments if they abuse the system or attempt to get around it by pressuring their customers for information unrelated to the transaction."

Why don't we go after the CEO, the Board of Directors, middle management and anyone else in the chain of command and personally make them responsible and paying for correcting the wrong, including prison.

This dipping into the company's petty cash to pay a fine is obviously not working.

2
0
Anonymous Coward

Re: Clearly allowing companies to hold this kind of information should not be allowed

@AC "Legislating to enable the Govt to hold all this data and be the sole custodian would be far worse"

Since the Government already has this data then what difference does it make?

As to civil servants (including police, polticians) then personally I have always believed that abuse in a position of authority should be punished on a basis of impact to society and by default at a higher level than an ordinary citizen. If working out how much damage has been done is a problem then treat each instance as treachery to the state. I would say that if abuse at this level results in a single death then back to public hangings.

"That would also be an open goal for biometric/other ID cards, as well as political/bureacratic abuse." a single ID would be great if only we could trust our civil servants but whilst being caught means at worst a slap on the wrist then abuse is a winning game.

0
0
Silver badge

Re: Clearly allowing companies to hold this kind of information should not be allowed

What we need is some sort of general regulation that protects data.

0
0
Anonymous Coward

National inSecurity

"The US government's Consumer Financial Protection Bureau promised a full investigation into the Equifax affair, and then gave up. On February 7, an open letter [PDF] from 32 senators to the bureau asked why the probe was dropped, and the gang has yet to receive a response"

15
0
Silver badge
Holmes

Re: National inSecurity

Could it be that the current head of the CFPB, Mick Mulvaney, is one of the Orange Turnip's cronies? There's also a certain lack of coincidence between the date of his appointment and the moment the Equifax investigation started to grind to a halt.

7
0
Anonymous Coward

Re: National inSecurity

The appropriate donation to a Trump approved "charity" was made via the brown envelop method, is my guess.

3
1
Silver badge

Things will never change

I mean where's the incentive?

Oops you done f****d up gents. Time to go. Have a multi-million <insert currency> severance package and good luck in the next role. If you need a reference, we'll be sure to put a good word in for you.

Only - and really only - when it begins to hit both the company AND the directors' pockets will they sit up and take notice.

16
0
Silver badge

Re: Things will never change

And then they'll just change the government to suit them. Money talks, all else walks.

14
0
Silver badge

Re: Things will never change

Remember in 1999-2000 when Microsoft had been found bang to rights in a criminal court of law, and the judge was pondering whether to break it up or just force it to publish the source code for Windows?

Then Dubya was elected and suddenly the DoJ dropped the case on the floor.

11
0
Silver badge

That is exactly the problem. Those in charge are never held responsible for the goofs. I don't care who you are or how well you've been working for the past 30 years, if your department or company negatively impacts the lives of millions, you're talking the fall and it should not be to land on a cushion full of money.

Except, of course, that in a country where the laws are written by corporations, that has a snowball's chance of happening.

13
0
Silver badge

"Except, of course, that in a country where the laws are written by corporations, that has a snowball's chance of happening."

ALL laws tend to be written by the rich barring a crisis, and it is the rich who have the best ability to get laws changed to their favor by financing changeovers. And no, Europe is not immune, just resistant for now.

8
1
Anonymous Coward

Re: Things will never change

That is entirely why there should be no private money in politics; no lobbying; and strict regulations about who a previously elected person can work for over a five year time frame. Some countries have managed this very successfully. The, apparent, graft and corruption in NA governments at all levels has thus far precluded these wise safeguards from being implemented.

2
0
Silver badge

Re: Things will never change

"Some countries have managed this very successfully."

Can you name some that are big enough to matter? I bet you the ones that SEEM that way are simply working deeper behind the scenes using things like family connections and favors that use degrees of separation to hide the details.

Remember, at the extreme, if they REALLY don't like the government, they can just covertly fund a coup. After all, in the final analysis, laws are just ink on a page.

1
1

Re: Things will never change

There's a hole in the American legislature process that allows virtually all of the external lobbyist and internal party pressure crap. The same thing that has helped contribute to polarizing partisan politics

https://youtu.be/1gEz__sMVaY

Easy fix if anyone ever gets the guts to donate right thing.

0
0
Silver badge

@Charles...A sadly true comment. And an equally sad indictment of the world we live in today.

6
1
Anonymous Coward

not on my shift

all's well that ends well (for the previous shift).

rinse...

0
0
Bronze badge

Watch out, Fauxcahontas is on the case.

0
2
Silver badge
Trollface

Cute name, you think that up all by yourself?

Yeah, that whole Consumer Financial Protection Bureau was a real waste of time and resources. May as well wind it up, because the banks, lenders, and finance companies are perfectly capable of self-regulation, right?

2
0
Silver badge

Actually, it's already been gutted by the Trump admin.

2
0

As Bugs Bunny used to say "What a maroon". Using racial taunts to disparage someone threatening the status quo shows nothing but ignorance and deep seated fear of the truth. Reminds me of the person forcibly removed from the West Virginia legislature this week for daring to list out the members who had received money from the oil industry while they were working on a new bill granting the oil companies the right to drill on land without all the owners permissions. You can't hide the truth forever, yet. Another few years of people like Dim Donny, the little man with little hands, and that may well change.

0
0
Coat

Then Equifax offers, for a small fee, Identity Theft Protection? Seriously....

2
0

That's the kind of job I want. Screw up real bad, take a golden parachute of a retirement package and not be held responsible for anything. Where do I sign up?

4
0
Silver badge

Your local country club, The fee will just be a few million dollars.

2
0

This post has been deleted by its author

Silver badge
Childcatcher

Re: The problem is much larger than you know

Until the U.S. changes its laws to allow for personal prosecutions and not just slap-on-the-wrist fines of mega-corporations, the problem will only get worse.

Upvoted, but tell me, how could it possibly get worse than it is already?

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018