back to article Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone

Global credit reporting agency Equifax admitted today it suffered a massive breach of security that could affect almost half of the US population. In a statement, the biz confessed that hackers managed to get access to some of its internal data in mid-May by exploiting a vulnerable website application. They remained on the …

  1. Keef

    'We pride ourselves on being a leader in managing and protecting data'

    Really, you do do you.

    I pride myself at being good at detecting bullshit, the needle moved a bit at that statement.

    It should have moved off the scale and bent the needle, but I've recently re-calibrated it.

    1. Dan 55 Silver badge

      Re: 'We pride ourselves on being a leader in managing and protecting data'

      I've lately made the scale on mine logarithmic, as a stopgap it works but I'm not convinced it's future proof.

      1. Anonymous Coward
        Anonymous Coward

        Re: 'We pride ourselves on being a leader in managing and protecting data'

        I've lately made the scale on mine logarithmic,

        No scale means anything unless it has dimensions. We need an SI or ElReg quantum for data breaches. I'd suggest that the unit is called a "Dido", but I'm wondering that the actual scaling should be. I think it needs to be some product of:

        1) absolute size of the breach in individual accounts or records exposed,

        2) the significance of the data lost on some scale of 1 to 5, where Talk Talk are a three, and Equifax a four - you'd get a five for losing personally sensitive information eg health, personal circumstances, where I have a distinction between personally confidential data and personally sensitive data.

        3) a scaled value for the stupidity in allowing the breach on a 1-3 scale. A simple SQL attack is about as basic as you get, that's a 3, a nation-state attack using zero days is a 1.

        4) Track record. Simply the number of known breaches in the previous three years.

        So, for the last Talk Talk hack, I'm reckoning 157,000 x 3 x 3 x 3 / 1m = 4.24 Didos.

        Now, do we take that number of 4.239m as one Dido, and measure other breaches against that? Or do we divide by a million to keep the numbers easy to use, and keep the honorarium, but then quantify the Talk Talk breach as 4.239 Didos? Either way the sheer size of the Equifax breach means Dan 55 is most certainly correct to be using a log scale.

        1. itzman

          Re: 'We pride ourselves on being a leader in managing and protecting data'

          It was the Bovine excrement meter that was logarithmic.

          And with good reasons, as drifting off topic, we are daily faced with two parts of the establishment essentially calling each other bare faced liars.

          Politics is no longer about who has the best policies, its about who tells the most attractive lies.

          Judging by latest polls, that would be Jeremy Corbyn.

          1. Nick Ryan Silver badge
            Stop

            Re: 'We pride ourselves on being a leader in managing and protecting data'

            Cut the crap, just vote for lizards. You know it makes sense.

            Just make sure that you vote for the correct lizard, ok?

    2. Anonymous Coward
      Anonymous Coward

      Re: 'We pride ourselves on being a leader in managing and protecting data'

      Sadly, I'm afraid the statement is true. In terms of big corporations, they may indeed be a leader in managing and protecting data.

      1. BebopWeBop Silver badge
        Holmes

        Re: 'We pride ourselves on being a leader in managing and protecting data'

        I notice that as of 18.00 UK time, equifax uk is still offline! Hmmm -

        1. Anonymous Coward
          Anonymous Coward

          Re: 'We pride ourselves on being a leader in managing and protecting data'

          My fault, I asked for a credit report, but as I don't use credit, their system went into meltdown at finding out they didn't have a single piece of information about me..

    3. JCitizen
      FAIL

      Re: 'We pride ourselves on being a leader in managing and protecting data'

      Wadda crock! How much you want to bet the other two agencies are compromised now, and just haven't discovered it yet, like Equifax did? Credit monitoring is NOT enough, They should lock down ALL our credit for free, and lift it when we need it with a simple phone call, for one transaction each, like opening another account. We shout NOT have to pay for their stupid mistakes!

    4. Oh Homer
      Flame

      Re: Assisting "every US consumer in the country"

      And screw everyone else, such as the "unknown number of Canadian and UK customers"?

      I'm asking seriously, because unfortunately I'm probably one of them.

      But then, as per the headline, probably so is everyone else who's ever had a bank account.

      It certainly looks like enough of the right sort of data has been pinched to commit identity theft, on an epic scale.

      Personally I'd like to know why such sensitive data is even accessible over the internet, instead of being secured behind a private network, as per trading systems and other sensitive financial data.

  2. 2+2=5 Silver badge
    Joke

    So?

    Credit reporting and checking agency Equifax has admitted to a massive breach of security that could affect almost half of the US population. In a statement, the credit-checkers claimed that hackers managed to get access to some of its data in mid-May

    Since Equifax's business model is selling credit data, it's not so much a 'hack' but more 'an unknown new client' that they can't bill.

    1. Mad Mike

      Re: So?

      Yes. They don't really care that the data is out there. Just outraged that they couldn't charge a fortune for supplying it and therefore make more profit. Their response is hardly inspiring. A years free identity fraud subscription for a service they run themselves and therefore costs them very little. Maybe saying they'll pay the costs of all fraud carried out because of it might be a bit more reasonable.

      1. Anonymous Coward
        Anonymous Coward

        Re: So?

        Also monitoring fraud for the first year after your details are stolen is not very useful. These types of details are usually used multiple years after being stolen.

  3. tfewster Silver badge
    Facepalm

    Only

    ... the names, Social Security Numbers, birth dates, addresses

    Isn't that all fraudsters need?

    > 3 execs sold stock

    Excellent, data loss might just get them a slap on the wrist, but the SEC hands out prison sentences for insider trading.

    Loved the tweet from ElReg, by the way!

    1. John Stirling

      Re: Only

      An interesting data point. How many execs hold stock? If it's a dozen then these three are dirty. If it's 2,000 then they are likely random noise.

      1. Anonymous Coward
        Anonymous Coward

        Re: Only

        It's pretty unlikely. Rule 10b5-1 sets out how this goes for executive share sales:

        1) Exec sits down with compliance officers and declares their desire to sell shares, along with some reason (e.g. new house, new boat, divorce etc.) for the sale and a neutral rationale for pricing (e.g. company price now +x% growth)

        2) They agree upon a price and time window sufficiently broad and far into the future to eliminate the advantage of whatever privileged non-public information the exec holds, this is at least 90 days but usually >6 months away because that's a typical non-public information window (i.e. 2 quarters)

        3) The plan is captured in writing and archived

        4) The sale is triggered blindly triggered by a broker upon the conditions being met

        Ironically insider trading is much, much harder to do when you're an actual insider. Presumably if the company has declared the sales they're happy 10b5-1 was followed.

        1. streaky Silver badge

          Re: Only

          Rule 10b5-1 sets out how this goes for executive share sales

          Prisons are full of people who broke rules. Insider trading is difficult when companies work by strict interpretations of those rules, but again, prisons.

          Not that I have any clue what happened here but saying insider trading doesn't happen because compliance is *absurd*. It might not be prosecuted successfully because good lawyers and technicalities but it happens, continuously.

        2. ctrlaltdelete

          Re: Only

          Exactly! The Board and Executives would likely have been informed immediately and halted any financial transactions.

          To see the Chief Financial Officer of Equifax sell stock just days after the breach was discovered is pretty strong evidence for an investigation.

        3. captainketchup

          Re: Only

          The Reuters article says " None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans. "... but it's ok, they say they didn't know about it when they sold...

          1. Anonymous Coward
            Anonymous Coward

            Re: Only

            "None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans.."

            Which also isn't unusual. 10b5-1 plans are confidential and do not have to be published, but must be produced if required by the SEC. At the end of the day they're private financial transactions, often quite substantial and often on a schedule.

            Now I'm not saying the process wasn't followed, but it'd be really surprising if it wasn't. The stocks dropped 15% after hours, and experience tells us they'll probably rebound; penalties for data breaches in the US are effectively nonexistant and the people impacted by the breach aren't equifax's customers.

            So these chaps, probably on 7 figure salaries, saved themselves at most 100k in the short term at the risk of serious prison time, million dollar fines and never working again.

            Again, not saying they didn't do it, but just because they offloaded a bunch of shares shortly after a major incident doesn't mean the two are connected. Directors and execs sell shares all the time.

    2. Anonymous Coward
      Anonymous Coward

      Re: Only

      I hope the SEC do exactly that.

      1. Prst. V.Jeltz Silver badge

        Re: Only

        whats to stop them going "ooh shit , dump shares" , now knock up one of those declaration things and date it 6 months ago.

        1. imanidiot Silver badge

          Re: Only

          The fact the declaration has to be made to an outside entity who's sole job it is to be as suspicious as possible for any shenanigans?

    3. Nick Ryan Silver badge

      Re: Only

      Can't see the problem here. (sarcasm, for those that don't detect such things without help)

      After all a free year of fraud monitoring from an organisation that was incompetent enough to cause the problem in the first place is a good thing right? Besides which, after a whole year, everyone will have changed their social security number, birth date and address anyway therefore prolonged monitoring past this arbitrarily low time period is not necessary. (again, sarcasm, for those that still don't detect such things without help)

      It still amuses/scares me about the daftness of using what's meant to be a largely private government identifier in as many (effectively public) databases as possible. A data value is either considered private and priviledged knowledge or it's a publicly available value - it can't be both at the same time. i.e. an SSN should be considered to have no additional value or identity importance than an individual's name would have.

  4. Lee Mulcahy

    New kind of social security numbers?

    The Register

    @TheRegister

    To avoid hackers, ensure you use lower and uppercase characters, and at least one symbol, in your social security number #equifaxadvice

    Did I miss something? social security numbers are digits only.

    1. DryBones

      Re: New kind of social security numbers?

      It's a joke about useless advice.

    2. Anonymous Coward
      Happy

      Re: New kind of social security numbers?

      Ah Merkin and Sarcasm

      May the two never meet and get on, as it provides endless entertainment for us Brits.

    3. anothercynic Silver badge
      Facepalm

      Re: New kind of social security numbers?

      *WHOOOOOOSH* As the joke goes right over his head...

      Where's the eyeroll emoticon?

    4. Oh Homer
      Holmes

      Re: "Did I miss something?"

      Yes, a British upbringing.

  5. InNY

    Thank goodness

    the thieving scum got

    <quote>...only the names, Social Security Numbers, birth dates, addresses and, in some instances, driver's license numbers of 143 million Americans were exposed</quote>

    I was worried they might have obtained some data that they could then use to commit some fraud related crime and cause some poor sod a barrel load of grief

    1. hotdamn

      Re: Thank goodness

      Its awesome when debt collectors come after you for purchases you never had anything to do with.When you straighten it out somewhat, they sell the debt and you start over again. And again, and again. The only person whom truly loses is the victim for years. They have to prove their innocence over and over.

      1. Anonymous Coward
        Anonymous Coward

        Re: Thank goodness

        "Its awesome when debt collectors come after you for purchases you never had anything to do with.When you straighten it out somewhat, they sell the debt and you start over again. And again, and again."

        Sounds like the sub-prime disaster waiting to happen again.

        I strongly suspect that the debt collecting agencies work on the principle that if they pester you enough, you'll eventually relent and pay to make them go away.

        Advice I've had from family and friends encourages this route.

        I also suspect that they give you a "gullibility" or "weakness in the face of pestering" rating. Pay up too easily and you let yourself in for future scam demands.

        1. Sir Runcible Spoon Silver badge

          Re: Thank goodness

          If you are certain you don't owe the debt, send them one letter by registered post telling them so.

          After that ignore them. If they send the bailiffs round, call the police. If they take you to court, take them to court back (for harassment and obtaining money with threats, aka extortion.)

          I'm pretty sure they won't be able to sell your debt on after any of that.

          1. Anonymous Coward
            Anonymous Coward

            Re: Thank goodness

            It doesn't work like that.

            The ONLY time bailiffs will turn up is when you have had a CCJ issued against you and you fail to make payments on a court ordered payment. In other words, you default.

            Debt collection agencies have NO power to send in bailiffs. NONE.

            """"""""""""""""""""""""""""""""""""""""""""""""""s at all!!!!!

            1. Sir Runcible Spoon Silver badge

              Re: Thank goodness

              The ONLY time bailiffs will turn up is when you have had a CCJ issued against you

              I agree wholeheartedly that this is what *should* happen, but sometimes the heavies are sent round to intimidate people who don't know their rights/legal position. That's why I advised calling the police.

            2. WallMeerkat

              Re: Thank goodness

              "In other words, you default."

              This is not a default.

              A default is between you and a bank but is not the same, legally, as a CCJ.

              Though creditors might see it the same.

              Though it does stay on your file for 6 years, making it extremely unlikely you'll get a mortgage, credit card, loan, car finance or possibly even a phone contract until it drops off.

              Not as bad as a payment arrangement without default, which means it stays on file for 6 years from the date of the last payment!

              1. Antron Argaiv Silver badge

                Re: Thank goodness

                I have no idea what my "credit score" is, and no desire to find out.

                I'm at the point in my life, where I don't need to buy much more. I do have a credit card, because it makes life much easier, but it gets paid off each month.

                If someone wants to open a credit card in my name with the information they stole from Equifax, there's probably very little I can do about it, short of telling the card company to go piss up a rope when they try to bill me for a card I never applied for. All I'm going to say, is "Equifax".

      2. Anonymous Coward
        Anonymous Coward

        Re: Thank goodness

        "Its awesome when debt collectors come after you for purchases you never had anything to do with."

        It's a pity that there are not laws against irresponsible lending with penalties as severe as those for getting into debt. So many people are conned into taking on hidden debt - like the "only" £47 a month for the phone contract, the "only" £200 a month car contract, or the BT cheap Infinity deals which limit people to 10Gbytes/month in the small print - a friend of ours, not stupid, was hit with an £80 penalty charge by BT because she was visited by grandchildren who took the opportunity to download everything in sight - and had no idea about the limit because the account was set up by her deceased husband, who didn't tell her.

        Credit rating agencies have done a huge landgrab, going from respectable organisations that gave businesses information on the creditworthiness of other businesses, to deeply intrusive organisations that collect information on everybody. It looks like it's now coming back to hit a lot more people than just the ones on which they hold junk information.

    2. Pirate Dave Silver badge
      Pirate

      Re: Thank goodness

      "I was worried they might have obtained some data that they could then use to commit some fraud related crime and cause some poor sod a barrel load of grief"

      I was worried they might have uncovered my secret fetish for midget poodle porn and tried to blackmail me. Fortunately, only Google knows about my fetish, so I can rest easy.

  6. Anonymous Coward
    Anonymous Coward

    Can't even be arsed to use an Equifax cert?

    If you follow the link to see if you've been affected it redirects twice - first to equifaxsecurity2017.com, with a cloudflare ssl cert, and then when you click on "Check Potential Impact" you get redirected to trustedidpremier.com, with an amazon cert. How the hell are you supposed to know if any of these sites are legit?

    1. Dan 55 Silver badge

      Re: Can't even be arsed to use an Equifax cert?

      If I ended up at either of those I'd close the browser window thinking I was being phished.

      Why didn't they use a subdomain under equifax.com?

      1. Prst. V.Jeltz Silver badge

        Re: Can't even be arsed to use an Equifax cert?

        "Why didn't they use a subdomain under equifax.com?"

        They are in no way the only culprits for that . There's a page somewhere with a tech bloggers rant about the subject , aimed at Halifax bank mostly . he set up similar domains to make the point.

        twas very funny .

        I doubt big business learned anything though.

        youtube is another one and also one that gets liknto to a lot , with real ugly looking domain names

      2. Mr. Flibble

        Re: Can't even be arsed to use an Equifax cert?

        Yes, Quite. Sometimes I think I'm in a very small minority when I suggest this to people - they usually just look at me funny like i've said something insane.....

      3. Ken Moorhouse Silver badge

        Re: Why didn't they use a subdomain under equifax.com?

        Under the current cicumstances, who would trust the equifax.com domain?

    2. streaky Silver badge

      Re: Can't even be arsed to use an Equifax cert?

      Most people are smart enough to delete those equifax root certs along with those chinese ones and turk trust is probably why.

    3. TonyHoyle

      Re: Can't even be arsed to use an Equifax cert?

      Also they failed to defensively register

      equifaxsecurity.com

      equifax2017.com

      equifaxsecurity2107.com

      equifaxsecurity2018.com

      etc.

      As a result they've all been registered by a mixture of people having fun and miscreants stealing data.

      1. Oh Homer

        Re: Can't even be arsed to use an Equifax cert?

        I rebelliously ignored my antivirus' "phishing" warnings and had a peek at equifaxsecurity dot com, which turns out to be a page entitled "M-I-C-K-E-Y-M-O-U-S-E" and has an embedded YouTube video of some weird Japanese pop thing called "Hinoi Team - Night of fire".

  7. DougS Silver badge

    Sounds like 143 million POTENTIALLY affected

    Another article had a link to an Equifax site where you could check if you were impacted, and it said I was not. I know they have my credit data, so obviously they didn't get everyone.

    Unless the whole thing was a ruse to get people to input their last name and last six of SSN which is what it required to determine impact, of course!

    The way I look at it, if hackers did get all the relevant information for every person in the US who has a credit rating, it wouldn't matter much to most of us. The odds of them using my information to try to get credit would be pretty low.

    Such a breach would also likely force some major changes in the way credit operates in the US, because they'd no longer have any way of validating if you were who you say you were without you presenting yourself in person with government issued ID at somewhere mutually agreed upon like your local bank. If it were no longer possible to apply for credit online it wouldn't be a bad thing at all.

    1. wub

      Re: Sounds like 143 million POTENTIALLY affected

      " ...they'd no longer have any way of validating if you were who you say you were without you presenting yourself in person with government issued ID at somewhere mutually agreed upon..."

      Huh, Exactly what I had to do recently, to prove to the IRS that I was who my tax return said I was BEFORE they would even process the form. Seems that there has already been a rash of false filings from my area lately. Has nothing to do with the flaw in the IRS website that allowed anyone to download complete copies of prior tax filings.

      Why did nobody use that security hole to grab Donald Trump's returns?

      1. DougS Silver badge

        Re: Sounds like 143 million POTENTIALLY affected

        I think we'd probably be better in general if it wasn't so easy to do so much electronically or via mail just using a few bits of not-so-secret information to identify yourself. Most banks offer free notary services for their customers, which is basically "proving you are who are say you are" when signing something. If you had to visit when applying for a new credit card or signing your tax return the only effect would be that banks would have to dedicate a full time employee to this because demand would shoot up.

        The additional hassle might keep people from applying for that 8th credit card, which is probably a good thing.

    2. Tree
      Terminator

      Re: Sounds like 143 million POTENTIALLY affected

      I believe about 22 million illegal aliens have fake Social Security numbers, The first thing they do when they sneak under the fence is get a fake ID. Seems like the have "documents".

  8. Anonymous Coward
    Anonymous Coward

    Equifax? Ahh security advisors to the credit industry...

    I believe a mandatory 7 year sentence/strike is the UK penalty for being unable to manage your affairs.

    They may find it difficult to obtain credit now. They should have let us know as soon as they knew they were in difficulty, rather than wait months with their head in the sand...

    btw Is there anyone left that hasn't had their data 'accessed'?

    1. TRT Silver badge

      Re: Equifax?

      Wasn't that Channel 4's version of BBC1's Tomorrow's World & BBC2's Horizon combined?

      1. BoldMan

        Re: Equifax?

        Loved that program but of course it got sacrificed in the downward spiral of increasingly banal "science" documentaries that now require some sort of celebrity standing overlooking the Serengeti while wittering about Black Holes and saying "Brilliant" a lot.

  9. inmypjs Silver badge

    "offering every US citizen a year's free identity theft monitoring for those who apply"

    Which like all the 'check your credit score of free' bullshitters will require you to directly give them a bunch more personal information that they can abuse and/or loose.

    1. Yet Another Anonymous coward Silver badge

      Re: "offering every US citizen a year's free identity theft monitoring for those who apply"

      The irony being most of these "customers" were people who got free equifax accounts because of their details being swiped by hacks at just about every US big box store

      The cherry on top being equifax announced that anybody could access their new account by using their name and the last 4digits of the credit card details that had been stolen in the hack ......

    2. Sir Runcible Spoon Silver badge
      Flame

      Re: "offering every US citizen a year's free identity theft monitoring for those who apply"

      bunch more personal information that they can abuse and/or loose.

      It's lose, lose, LOSE FFS! As in lost! It can't be that hard can it? It gets pointed out on here so often it's starting to make my teeth itch when people still do this.

      Genuine question: This happens so much these days I'd like to know if this sort of thing is covered in schools? I don't have kids so I can't tell how much worse it is now.

      Hmm, perhaps I should have my coffee now :)

      1. Alister Silver badge

        Re: "offering every US citizen a year's free identity theft monitoring for those who apply"

        Sir,

        I agree wholeheartedly, it really grates on me to see loose... AARGH.

        But the problem, as far as I can see is that children are not encouraged to read any more, which is the quickest and best way to promote correct spelling.

        My daughter was reading books from an early age, and therefore her vocabulary and spelling are much better than most of her peers.

        If you've never seen the words written down, then phonetic errors like this are bound to be more and more common.

        1. Aladdin Sane Silver badge

          Re: "offering every US citizen a year's free identity theft monitoring for those who apply"

          Maybe OP meant loose as in release?

        2. m-k

          Re: "children are not encouraged to read any more"

          sorry to hijack, but this is not (always) the case. We have encouraged our kids to read in every possible way short of forcing it down their throats (and we do love to read ourselves). But with kids, no can do. They can read, sure, they do read, but ONLY when they have to, never for pleasure. Naturally, they can't be bothered to look things up in an enclopedia or a dictionary on the shelf, sure, but it's worse than that, they can't be arsed to look it up on a f... wikipedia page, because, like, it's f... more than a few lines, too much (and then you ALSO need to try to understand?! No way!) And when I speak to other parents, their observation is pretty similar.

          This generation will be the first truely uneducated one. We ARE doomed! ;)

          ...

          now, back to equifucks...

          1. Alister Silver badge

            Re: "children are not encouraged to read any more"

            @ m-k.

            Yes, I think you are right that reading for enjoyment is not a thing for kids nowadays.

            One thing that we did with our kids to try and encourage them to look things up was to buy a book of quizzes, (and latterly use those available in phone apps or on the web).

            At meal-times we would all have a go at them - all sorts of subjects, from history to boy-bands (shudder) - but it made it fun for the kids 'cos they could laugh at us adults lack of knowledge, and get a feeling of pride when they got something correct.

            As a consequence, the kids now have minds full of all sorts of useless information :) but it does encourage them to take an interest in obscure subjects, and above all to enquire, instead of following the trend of only knowing things they absolutely need to to get through school.

          2. Captain Badmouth
            Headmaster

            Re: "children are not encouraged to read any more"

            "This generation will be the first truely uneducated one."

            Is this right? Ed.

        3. Prst. V.Jeltz Silver badge
          Paris Hilton

          reading

          "If you've never seen the words written down, then phonetic errors like this are bound to be more and more common."

          As a kid I was making phonetic errors because i'd *only* seen words written down .

          I used to think recipes was pronounced re-sypes

      2. inmypjs Silver badge

        Re: "offering every US citizen a year's free identity theft monitoring for those who apply"

        "It's lose, lose, LOSE FFS!"

        gsus u r anl. if u cn rd ths sht ytf r u btchn abt a xtr o in a wrd?

        i thnk ppl hu ntce splng mstks r actlly a bt wrd. I m qite splng blnd whn rdng stff, spclly stff tht i wrt.

        1. Sir Runcible Spoon Silver badge

          Re: "offering every US citizen a year's free identity theft monitoring for those who apply"

          It might seem anal, but if no-one has any standards (and sticks to them) doesn't it just become a race to the bottom?

          I'm sure our ancestors understood each others' grunts as well, but that doesn't allow for much eloquence now does it?

    3. DontFeedTheTrolls Silver badge
      Go

      Re: "offering every US citizen a year's free identity theft monitoring for those who apply"

      "give them a bunch more personal information that they can abuse and/or loose"

      They've already lost all the information you might be asked to give them.

      I'm in the UK and I've recently checked my scores from the three agencies, Equifax, Experian and CallCredit. Didn't need to give them anything they didn't already know, it was simply used to validate that I was who I claimed to be. I know this because I found two sets of partial records that as a whole pretty much cover my identity, all down to the Electoral Roll using a different address format from the Postcode Address File.

  10. Androgynous Cow Herd

    On the bright side

    All those affected will be offered 1 year free credit monitoring by Equifax.

    1. JCitizen
      Stop

      Re: On the bright side

      I'm sure that you are just being sarcastic, but it would be better if they LOCKED your credit report until you need a free unlock in case you applied for anymore credit. Too many things DON'T show up on regular credit reports to really tell if you've been dinged or not.

  11. Herby Silver badge

    Scott McNealy was right.....

    We should all remember the quote and treat data accordingly:

    "You have zero privacy anyway. Get over it."

    1. Prst. V.Jeltz Silver badge

      Re: Scott McNealy was right.....

      I'm really surprised , now that the world is finally waking up to the idea of data security , that these huge credit-checker databases of incredibly sensitive information , held without the owners consent wernt "The First Against The Wall"

      perhaps this incident will help trigger that.

  12. Anonymous Coward
    Anonymous Coward

    Equifux

    Couldn't happen to a nicer bunch of fux, sorry! Self-elected Gods unanswerable to anyone! Along with TransUnion these guys are right up there with S&P / Moody's for corporate racketeering. How many hacks has it been so far lads? You were warned! Now, reap the whirlwind:

    ~~~~~~~~~~~~~~~

    http://abcnews.go.com/Politics/equifax-confirms-hackers-stole-financial-data-launches-investigation/story?id=18715884

    https://krebsonsecurity.com/2017/05/fraudsters-exploited-lax-security-at-equifaxs-talx-payroll-division/

    http://abcnews.go.com/Politics/equifax-confirms-hackers-stole-financial-data-launches-investigation/story?id=18715884

    https://www.law360.com/articles/800482/equifax-hit-with-class-action-over-kroger-data-breach

    https://www.databreaches.net/equifax-discloses-data-breach-due-to-technical-error-during-software-change/

    https://www.scmagazine.com/breach-at-equifax-subsidiary-illustrates-risks-consumers-face/article/662982/

    1. anothercynic Silver badge

      Re: Equifux

      You forgot Experian...

      1. Anonymous Coward
        Anonymous Coward

        Re: Equifux...You forgot Experian...

        The world will be a better place when Experian is completely and utterly forgotten.

        1. This post has been deleted by its author

  13. Anomyous Curd

    This is why GDPR cannot come soon enough. As-good-as every working adult in the united states has their name, address, date of birth, social security number and maybe their driver's license number and highly sensitive dispute correspondence swiped and the cost to Equifax is...

    ...a year's free credit reporting? That they do anyway?

    Fuck. Off.

    1. Anonymous Coward
      Anonymous Coward

      This is why GDPR cannot come soon enough.

      Won't help our colonial cousins, will it? And given the year that seems to elapse between reporting of the breach and regulatory punishment, we won't be seeing any hot GDPR action until May 2019. I can't see Brexit making a difference since to continue to work with Europe we'll need an equivalent structure.

      1. NeilPost Bronze badge

        Cut'N'Paste

        You must have missed last weeks announcement on UK Data Protection which despite the spin is a re-skinned UK GDPR. However as GDPR will be incorporated into UK law, that's not a surprise or anything to thhank Westminster for.

        Youy can bet your ass it won;t stop GCHQ breaching your ECHR, which we are not leaving :-)

        This cluster-fuck of a data breach might give thhe US some food for thought into perhaps adopting GDPR themselves.... but I expect not and a Presidential pardon for his Exec mates at Equifax.

      2. Anonymous Coward
        Anonymous Coward

        "Won't help our colonial cousins, will it?"

        GDPR applies to any entity either operating in Europe or handling a European citizen's data. Violation of GDPR does not require a breach, as GDPR mandates security-by-design from the inception of a product (and actually mandates full documentation of that compliance.

        A quick scan of the relevant SEC page identifies at lest 15 EU-based subsidiaries. Even post-brexit there's more than enough EU exposure to make enforcement and fines desirable and viable.

        Not enough American companies have realised that GDPR very much applies to them. It'll be particularly tasty when fines start being doled out to those who are exposed because they're routing all their revenue through Ireland.

  14. fidodogbreath Silver badge

    Whoa, where'd the horse go?

    Smith pledged that the company would not stop until its servers were secure.

    A better choice would have been to not start until its servers were secure.

    Ah, but we all know that security is boring, and it gets in the way of selling people's private data.

  15. Anonymous Coward
    Anonymous Coward

    So due to mismanagement, misuse, abuse, hacking and an endless string of "financial crises", can we collectively agree that the consumer credit reporting system is itself a giant fraud?

    1. Adam 52 Silver badge

      The consumer credit rating system is a giant fraud full stop. It's got notice do with mismanagement or hacking, it's a scam by design.

      They acquire data from third parties under no obligation to check if it's correct, without consent and informing the data subject. They refuse to correct incorrect information and they refuse to disclose it.

      And then they derive a score using a secret algorithm which they then use to libel individuals.

      All which would be illegal unless there were an exemption in law.

  16. Anonymous Coward
    Anonymous Coward

    Co-incidence?

    Hardly! When you decimate wages / opportunities for IT staff and treat them like plumbers, this is what happens! Reminder: You're not masters of the universe CEO's... Hackers / cybercrims are!!! Wake up or don't... Start paying tech staff properly and maybe those that left or were shit-canned will return and bail your ass out! Otherwise good luck getting your multi-million dollar bonuses and retiring to winter homes in the Caribbean anytime soon!

    1. Anonymous Coward
      Anonymous Coward

      This CEO sure isn't getting his bonus anyway:

      "By the summer of 2017, A.P. Moeller-Maersk A/S was the world’s biggest containership operator. However, after a major cyberattack in June 2017, by July 2017, the company was "struggling to restore its global computer network" and was forced to rely on calls and texts to maintain operations. Disruption from the NotPetya ransomware attack was expected to cost Maersk about $250 million."

      1. Anonymous Coward
        Anonymous Coward

        Re: This CEO sure isn't getting his bonus anyway:

        We'll see. Worth noting that the accounts of Maersk indicate that bonuses are very small part of the board remuneration, something like $2m cash incentives against a basic pay of $13m last year.

        1. Anonymous Coward
          Anonymous Coward

          Re: This CEO sure isn't getting his bonus anyway:

          Yes, it's odd how companies like Maersk that really do have significant assets and a product don't pay as much in bonuses as companies that don't actually produce or deliver anything and just move money around.

          It's almost as if money and data companies attract extremely selfish people to their managements.

      2. itsecman

        Re: This CEO sure isn't getting his bonus anyway:

        CEO's always get their bonus, it's just labelled differently when they get it!

    2. Warm Braw Silver badge

      Re: Co-incidence?

      treat them like plumbers

      Judging by the number of irritating minor problems in the plumbing of my new house, I'd swear it had been installed by IT staff. Fortunately, plumbing is mostly open source and you can fix it yourself, which is more that can be said for the credit oligarchyindustry.

      The real problem is actually that IT staff pass themselves off as engineers when they really don't understand the meaning of the term. Many of them work on the same principle as plumbers - take a bunch of manufactured components and connect them all together - but have less understanding of what each component actually does, let alone how they will act together as a system. If management understood that most IT staff shouldn't be trusted to deliver secure solutions (partly because generations of IT staff before them have built incredibly shoddy foundations) they might be a bit more cautious in their ambitions.

      1. jdoe.700101

        Re: Co-incidence?

        This reminds me of an old joke.

        Q: what is the difference between car salesman and computer salesman?

        A: car salesmen know when they are lying.

  17. JustWondering
    Facepalm

    Ummm ...

    If they have spilled the data of pretty much everyone, shouldn't they just monitor everyone's accounts that are affected? They know who they are, they are sending them all a letter. Or are they hoping the idea of giving them more data might be repugnant to many, keeping the uptake low?

    1. DontFeedTheTrolls Silver badge
      Pirate

      Re: Ummm ...

      By making victims sign up for a free year of monitoring they'll manage to bill a sufficient number of lazy people who failed to cancel before the end of the free period.

  18. Florida1920
    Facepalm

    Equifax credit score

    About 0.001. Way to tank a corporation.

    1. Jim Mitchell

      Re: Equifax credit score

      I doubt it. Equifax's customers are not consumers, they are businesses that want to know something about somebody before they extend an offer of credit. That Equifax had a breach isn't their problem at all.

      1. Richard 12 Silver badge

        Re: Equifax credit score

        If the miscreants could read it, could they write it?

        Can Equifax prove that no records were added or altered?

        1. Sir Runcible Spoon Silver badge

          Re: Equifax credit score

          If the miscreants could read it, could they write it?

          This is exactly the correct attitude and thought processes required to be successful in IT Security. Equifax should hire you asap :)

      2. Anonymous Coward
        Anonymous Coward

        Re: Equifax credit score

        well, that breach IS a problem for real equifucks customers, like big business, because they rely on reliability / accuracy of this data when dishing out credit, at least statistically. So, the big business thinking is: if our dearest, safest business partner got pwned, who's to guarantee that all those credit scorings we pull from them have not been already "adjusted" and we'll be screwed when our marks turn out to be unable to pay back? (this is nonsense of course, but the big business will react with a flinch).

        Also a potential surge in scams will be directed against those marks' accounts held by big business, mostly banks. Not that they give a flying monkey about little people, but increased "traffic" in complaints and investigations falls upon their head, financially, as they will have to allocate resources (and money) to deal with this. So, they won't be happy.

        On top of everything, the issue of business "trust" is in large part smoke and mirrors (you're big, you project sense of reliability, security. It's called - reputation) until something like this breach occurs. A bit of a rude awekening to equifucks customers, to realize that all those assurances about security and reputation are worth - nothing. Ooops. In the spirit of schandenfreunde - exactly the same feeling little people experience when their bank, who cares oh so greatly about their security, and is so well-protected NOTHING can happen - gets hacked. What goes round, comes round.

        1. Anonymous Coward
          Anonymous Coward

          Re: Equifax credit score

          This could make a good plot for a film. The fall of western civilisation brought about by over enthusiastic lending brought about by some malefactor skewing everyone's credit score to allow them to borrow amounts they have no hope of repaying.

          It could be called "2008 - The Follow through."

          1. Anonymous Coward
            Anonymous Coward

            Re: Equifax credit score

            "some malefactor skewing everyone's credit score to allow them to borrow amounts they have no hope of repaying."

            Good morning. I am Mr. Nong from Nigeria. You have been identified by my company as an individual who is both ambitious and of modest means. I can show you how to raise your credit score so you can borrow the sum of thirty five million dollars ($35,000,000) and then change your identity so that you cannot be pursued for the debt. I will do this for you for only five percent (5%) of the amount borrowed plus a small initial down payment for me to pay my business associate to start the process.

      3. Adam 52 Silver badge

        Re: Equifax credit score

        "That Equifax had a breach isn't their problem at all."

        It is a bit, because those same customers also supply the data (which is what makes this such a great business, you get data from your customers and give it back to them). They can only do that if there's plausible deniability around customer security, and events like this make it blatantly obvious that data isn't being held as securely as the public and regulators much expect.

      4. Florida1920

        Re: Equifax credit score

        @ Jim Mitchell

        I doubt it. Equifax's customers are not consumers, they are businesses that want to know something about somebody before they extend an offer of credit. That Equifax had a breach isn't their problem at all.

        Wall Street isn't particularly thrilled with Equifax either. As of mid-day Friday, the company's stock was down nearly 14 per cent.

        http://www.theregister.co.uk/2017/09/08/lawyers_line_up_to_sue_equifax/

  19. Nick Kew Silver badge

    They're doing us a favour

    Whatever data equifax hold on most of us is self-evidently not secret or private: it's assembled from publicly-available information. And is the kind of thing that regularly leaks in bulk: here's from ten years ago.

    If this leak can help convince companies to stop misusing such public information as proof of identity, then it's done the world a favour.

  20. Alan W. Rateliff, II
    Flame

    Forced to use them, irrespective of how we want to live

    Equifax, Experian, and Trans Union all enjoy a captive user base. If you do anything in life your information flows through at least one of these companies. Need car insurance, a bank account, to get an apartment, to rent a car or moving truck, to rent storage, to buy a house, cellular, home phone, or cable TV services? Any one of those and more require that your information travel through these services which have proven time and again they lack security prowess.

    But, here is where I think we as consumers must accept some culpability: from my recollection all of these breaches have occurred via pathways of convenience, that is, some Internet portal which has access to a back-end rich with data which we can access on a whim via web browser or app. While, yes, we expect that companies will keep our information safe, whether we want them to have it or not, we should also expect a severe increase in risk for having conveniences like web access to such data.

    (Of course, we hear about data breaches so much I think we have on the whole developed a fatigue, complacency, and even ambivalence toward personal data collection

    But where does the problem really fall? Is it our requirement for instant and unfettered access to information, the entities which fulfill this requirement, or the fact these entities are able to collect this information in the first place? Maybe somewhere else?

    It aggravates me no matter how much I personally avoid (or at least try to avoid) situations in which I would be forced to give personal or private information to someone or something, others are quickly handing that information over, anyway. I avoid using Google products, but calling or sending a text message to an Android phone or email to a Gmail account exposes me. Even Some Business and its associated domain is not safe because it uses Google Apps for email, or Office 365, or its records are stored in Azure or Amazon cloud.

    I do not use social media, but my family or friends post everything about their lives on it, and by extension when I participate in their lives they post mine, as well, giving me the only recourse of becoming anti-social. FFS, even some of my customers do it!

    In order to survive this increasingly connected world I have to accept that my life may no longer be private, at least to some degree, and as such these entities which broker in information have to accept their place as responsible custodians of said information.

    1. Adam 52 Silver badge

      Re: Forced to use them, irrespective of how we want to live

      We, I at least, don't want them to have my data. But it goes to them anyway.

      I don't want the convenience of a web portal. I just want the whole protection racket - because that's what it is - shut down.

      I really, really, hope that our American friends get together a class action to take $200 a piece for every affected user. Which just happens to be Equifax's entire annual revenue.

      1. Anonymous Coward
        Anonymous Coward

        Re: Forced to use them, irrespective of how we want to live

        Better make it $199 to avoid Chapter 11.

  21. Anonymous Coward
    Anonymous Coward

    I'm safe..

    When the hackers scroll down to my Equifax Credit Rating, they'll just keep scrolling.

    LOL

    1. JCitizen
      Unhappy

      Re: I'm safe..

      I'd laugh, but unfortunately, when I think of all the trouble a criminal can do to make your life absolutely miserable, I just can't LOL!! :p

      I've seen people put in jail, in and out, arrested, you name it, because some crook used their identity to throw off the police when they get stopped. It can take 10 years and a LOT of personal finances to clean it all up, and it isn't even our fault. THAT is why I think the Feds need to take the toys away from the credit agencies until that can help us clean up the damage that THEY allowed to happen!!

  22. Winkypop Silver badge
    Facepalm

    Corporate criminality

    "only the names, social security numbers, birth dates, addresses and, in some instances, driver's license numbers of 143 million Americans were exposed."

    That's OK then, at least they didn't get hold of the key to the executive washroom!!

  23. xXSwolGunzXx

    " the company's core consumer and commercial credit reporting databases were untouched – only the names, social security numbers, birth dates, addresses and, in some instances, driver's license numbers of 143 million Americans were exposed"

    Rigorous risk analysis determined that securing the proprietary information was cost-effective. Not so much the PII--Equifax's competitors all have that data as well so why bother?

  24. FozzyBear Silver badge
    Mushroom

    Well If you are going to fuck up you may as well fuck up in spectacular fashion. I tip my hat at Equifax, they have managed a fuck up of monumental proportions .

    I mean it. Congratulations to everyone involved at equifax, you bunch of brainless wankers

  25. a_yank_lurker Silver badge

    Oh Well

    There goes my credit rating. I wonder if they can go negative? </snark>

    1. JCitizen
      Megaphone

      Re: Oh Well

      I could get worse - ever been arrested for something you didn't do? It can take 10 years to clean up the mess, and break the bank to boot.

  26. Anonymous Coward
    Anonymous Coward

    "After such a monumental IT cockup, Equifax has called in a professional security firm to lock down its systems and pick apart the event....". The parent company of the company I work for recently paid for an audit of its IT and security systems. To do the audit, they chose that well known and respected IT Audit company Standard and Poor's! I'd say the parent company wasn't too confident in their own abilities. That, or S&P's audit was cheap enough to get past the accountants. Anon for obvious reasons.

    1. JCitizen
      Pirate

      Yeah - S&P

      doesn't exactly sound like an IT security expert corporation to me. Sounds like someone in upper management has absolutely no clue. That is, unless they just want to ignore the problem and let a financial audit substitute for what really needs to get done.

  27. Marketing Hack Silver badge
    FAIL

    "exploiting a vulnerable website application"

    Just in case anyone was thinking that an organization that possesses key identity databases on hundreds of millions of people might have a policy on doing F'ING PEN TESTING on all internet facing applications, it turns out that they don't.

    1. JCitizen
      Facepalm

      Re: "exploiting a vulnerable website application"

      Aughhhh GEEZE! That figures!

  28. Hans 1 Silver badge
    WTF?

    hackers managed to get access to some of its internal data in mid-May by exploiting a vulnerable website application. They remained on the system until they were discovered on July 29.

    On September 7th, Equifax publicly announces the security breach.

    What took you so long ? Why do crackers get a month to do as they please before it gets announced ?

    1. Dan 55 Silver badge

      Didn't you read the article? So the execs can sell their stock.

  29. Mr Dogshit

    "the heart of who we are and what we do"

    You're fucking data pimps, you pimp data.

    Equifax and Experian should not exist. I believe it to be immoral that these companies make a profit from my very existence.

  30. Anonymous Coward
    Anonymous Coward

    we're all doomed

    Since when did anyone other than our self care about our data. To employers its an inconvenience which has to be processed as cheaply as possible. To M$ its a source of revenue which they can sell.

    To the uninformed its is something to broadcast on social media.

    The General Data Protection Regulations is too little and too late, unfortunately Article 25 (Data Protection By Design and Default), Article 30 (Records of Processing Activities), Article 32 (Security of Processing), Article 87 (Processing of National Indentification Number) should have been in place in 2016 not 25 May 2018.

    1. davidak
      Headmaster

      Re: we're all doomed

      Technically it is in place now, it just isn't being enforced until May 2018.

  31. Potemkine! Silver badge

    Security is our priority

    AFAIK, it's the third major security breach for Equifax in two years. Well done chaps!

    The best part in this story is the $1.8 millions of stocks sold by three executives 3 days after the breach was discovered, and the answer of Equifax when asked about it: "The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares"

    It tells a lot about how stupid Equifax considers the Rest of The World is.

    1. Anonymous Coward
      Anonymous Coward

      Re: Security is our priority

      I have to get permission from the board before I can trade in my employer's shares. Any credit rating agency worth it's salt should have the same rules.

    2. Wensleydale Cheese

      Re: Security is our priority

      The best part in this story is the $1.8 millions of stocks sold by three executives 3 days after the breach was discovered, and the answer of Equifax when asked about it: "The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares"

      Three days and the executives not knowing about it suggests a flaw in their management reporting processes.

  32. ctrlaltdelete

    Three top level executives including the CFO sold stock in unplanned transactions a few days after the breach was discovered and Equifax claims it was just a coincidence. I think that deserves attention from US regulators and law enforcement, because it sounds like people with inside information in a panic.

    Also, why hire a Chief Financial Officer named Gamble? Isn't that asking for trouble? It's like flying in a plane with a pilot who's name is Whiskey.

  33. Wonder Warthog

    Appears Indigenous

    In a possibly unrelated irony, attemps to view the Equifax page set up to inform you if your data was compromised, www.equifaxsecurity2017.com, shows it has an invalid https certificate, and is even blocked by OpenDNS as being a phishing site. Guess when you handle millions of people's personal info, you naturally have the best data security practices money can buy.

  34. Anonymous Coward
    Anonymous Coward

    only the names, social security numbers, birth dates, addresses

    and, in some instances, driver's license numbers

    Could have been worse, let me congratulate them!

  35. Anonymous Coward
    Anonymous Coward

    Selling company stock before the back was announced

    "Three Equifax bosses sold company stock just days after the intrusion was detected on July 29, and therefore about a month before details of the mega-hack were announced today"

    In the UK, that is a financial crime.

    1. Anonymous Coward
      Anonymous Coward

      Re: Selling company stock before the back was announced

      "In the UK, that is a financial crime."

      In theory, but compare the number of British bankers who went to prison after 2008 with the number in the US.

  36. Anonymous Coward
    Anonymous Coward

    couldn't have happened to nicer people

    ...

    that said, it would be poetic justice if the data of the actual clients got exposed, not data on milions of plebs...

  37. Aladdin Sane Silver badge

    Where's GDPR when you need it?

  38. Anonymous Coward
    Anonymous Coward

    Award for Equifax staff

    Can The Register award the three guys who sold their shares a DAFTS (Diploma in Alternative Facts and Transmission Studies)?

    1. Aladdin Sane Silver badge

      Re: Award for Equifax staff

      Is that the one supplied by Trump University?

  39. Anonymous Coward
    Anonymous Coward

    Credit ratings

    Should be abolished, they keep people in poverty and under the heel of brutal payday loan companies, for the sake of in some cases very small amounts of money that balloon into a Godzillabill of monumental proportions. In many cases the rates being charged are higher than the fines for *stealing* the goods purchased on credit. (9000% is an example given) not to mention student loans etc.

    (gets off soapbox)

    Equifax should be closed down and the executives involved put in pound-me-in-the-ass Federal prison for this abomination!!!!!! After a (short) fair trial of course.

    1. Aladdin Sane Silver badge

      Re: Credit ratings

      So you propose a return to lending to whoever asks for money? Were you around in 2008?

      1. Anonymous Coward
        Anonymous Coward

        Re: Credit ratings

        Credit scoring has been around for a lot longer than that. The issue in 2008 was a failure to understand the impact of lending so poorly to so many. This was brought about by bending the rules and accepting risk that was outside of normal parameters. The bankers, managers and policy makers are the cause of that.

        There is no such thing as free money, just look at the state of the UK after the Tony Blair and Gordon Brown debacle. If they hadn't been so profligate the economy would not have suffered so badly as it has. The UK is about to suffer another dose of reality thanks to the disruption caused by Brexit. ( There is no need to comment on Brexit as it is too late to avoid. )

        This is what happens when the lunatics take over the asylum.

        1. jdoe.700101

          Re: Credit ratings

          I think another part of the 2008 issue what that everyone thought that they had successfully transferred the risk, and thus weren't too concerned about credit ratings.

      2. Wensleydale Cheese

        Re: Credit ratings

        "So you propose a return to lending to whoever asks for money? Were you around in 2008?"

        Credit rating has been around since the 1970s, possibly much sooner.

        It didn't prevent the financial meltdown in 2008, did it?

  40. Dr U Mour
    Facepalm

    How Can You Protect Your Data?

    https://www.equifax.co.uk/resources/articles/what_are_data_breaches.html

    "If you are worried about the security of your personal data, Equifax Identity Watch Pro is available for £9.95 a month"

  41. Grunt #1

    Really ? I should just publish it on the web myself.

    "CEO Richard Smith said that the company's core consumer and commercial credit reporting databases were untouched – only the names, social security numbers, birth dates, addresses and, in some instances, driver's license numbers of 143 million Americans were exposed."

    Dick Smith, please tell me whether it is more important to lose your commercial data and income stream or my data multiplied 143 million times.

  42. Grunt #1

    How many idiots does it take to compromise everyone's security; 143,000,000 and counting.

    Why does anyone bother to willingly give their PERSONAL data to these shysters?

    1. NeilPost Bronze badge

      Re: How many idiots does it take to compromise everyone's security; 143,000,000 and counting.

      You don.t.............. as credit references agencies it's their business to slurp as much of it as they can get their grubbies on.

  43. NeilPost Bronze badge

    WTF

    Jeez, why the fuck are these fuckwits holding un-tokenised card data. Have they not heard of fucking PCI/DSS.

    Fine 'em, and fine their ass off with a punative fine - Say 25% of global revenue.

    1. Anonymous Coward
      Anonymous Coward

      Re: WTF

      US, not us.

  44. Paul 87

    Stock sell off

    Surely the stock sell off is the very definition of insider trading? Dumping a load of it right before you release a public report which any idiot knows would negatively affect the share price

  45. Stumpy

    Frankly, it should be illegal for any company that has suffered a breach to offer protection and remediation services to its caffected clients itself. It should always be a trusted third party, as should the investigation into the breach iteself also.

    Talk about marking your own homework....

    1. Anonymous Coward
      Anonymous Coward

      Quite right

      Equifax need to be sternly dealt with, as a deterrent to other companies with sucky security, "security through obscurity" ie keeping records on a PDP-11, etc.

      Just because its obsolete does not mean someone can't steal the database with a pickup truck during "routine" maintenance or walk out with the hard disk cartridge.

      Or for that matter getting around airgaps with a good old fashioned CDRW.

      (hint: this is why most sensible businesses have a no-music-or-MP3 policy)

    2. Anonymous Coward
      Anonymous Coward

      Perhaps any company suffering a breach must cease trading while they sort out the mess.

  46. imanidiot Silver badge

    Obvious 'innit g'vnr

    " possibly gaining clues as to who has it."

    World+Dog, possibly limited to the highest bidder for the moment.

  47. adam payne Silver badge

    "only the names, social security numbers, birth dates, addresses and, in some instances, driver's license numbers of 143 million Americans were exposed."

    Only!?!

  48. Anonymous Coward
    Anonymous Coward

    Not our data, change the laws

    Laws need to be changed to make it clear that an individual owns themselves, owns the data they create, and owns the date that is them. Then enforcement has to be on the level currently available to companies and industries trying to stop "piracy" of date they claim as their own. Data they claim as their own because that industry created it.

    Change the laws and put the operators and major owners of companies whose business model has them collecting and selling our data without concern for people or laws. We do the same when it comes to other crimes, recreational drugs for one example, there is no reason we should be applying the same standards to much more basic criminal activities.

    As it is no one from Equifax is going to jail, bonuses will still be paid, companies involved will not be called a criminal organizations, business will continue and profits will grow as has so often been the case in the past.

  49. Garymrrsn
    FAIL

    Customer Help Web Site No Help

    I followed the link to their web site from the article and Firefox gave me this instead.

    "Your connection is not secure

    The owner of www.equifaxsecurity2017.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."

    1. JCitizen
      IT Angle

      Re: Customer Help Web Site No Help

      I wonder what's up with that? I am not getting that on Firefox 64 bit (latest version) on Windows 7?! I'm not getting an SSL warning on Chrome (latest version) either. However Web of Trust has a grey rating for that web site!! That should be strange, as they should have had plenty of time to gather a good rating by now??!!

  50. Anonymous Coward
    Anonymous Coward

    Might want to mention that you waive your rights to legal action if you enroll in their trustid protection.

  51. DagD

    those responsible for stopping the hacking have been hacked...

    Mønti Pythøn ik den Hølie Gräilen Røtern nik Akten Di Wik Alsø wik Alsø alsø wik Wi nøt trei a høliday in Sweden this yër? See the løveli lakes The wøndërful telephøne system And mäni interesting furry animals The characters and incidents portrayed and the names used are fictitious and any similarity to the names, characters, or history of any person is entirely accidental and unintentional. Signed RICHARD M. NIXON Including the majestik møøse A Møøse once bit my sister... No realli! She was Karving her initials on the møøse with the sharpened end of an interspace tøøthbrush given her by Svenge - her brother-in-law - an Oslo dentist and star of many Norwegian møvies: "The Høt Hands of an Oslo Dentist", "Fillings of Passion", "The Huge Mølars of Horst Nordfink"... We apologise for the fault in the subtitles. Those responsible have been sacked. Mynd you, møøse bites Kan be pretti nasti... We apologise again for the fault in the subtitles. Those responsible for sacking the people who have just been sacked have been sacked. Møøse trained by YUTTE HERMSGERVØRDENBRØTBØRDA Special Møøse Effects OLAF PROT Møøse Costumes SIGGI CHURCHILLMøøse Choreographed by HORST PROT III Miss Taylor's Møøses by HENGST DOUGLAS-HOME Møøse trained to mix concrete and sign complicated insurance forms by JURGEN WIGG Møøses' noses wiped by BJØRN IRKESTØM-SLATER WALKER Large møøse on the left hand side of the screen in the third scene from the end, given a thorough grounding in Latin, French and "O" Level Geography by BO BENN Suggestive poses for the Møøse suggested by VIC ROTTER Antler-care by LIV THATCHER The directors of the firm hired to continue the credits after the other people had been sacked, wish it to be known that they have just been sacked. The credits have been completed in an entirely different style at great expense and at the last minute. Executive Producer JOHN GOLDSTONE & "RALPH" The Wonder Llama Producer MARK FORSTATER Assisted By EARL J. LLAMA MIKE Q. LLAMA III SY LLAMA MERLE Z. LLAMA IX Directed By 40 SPECIALLY TRAINED ECUADORIAN MOUNTAIN LLAMAS 6 VENEZUELAN RED LLAMAS 142 MEXICAN WHOOPING LLAMAS 14 NORTH CHILEAN GUANACOS (CLOSELY RELATED TO THE LLAMA) REG LLAMA OF BRIXTON 76000 BATTERY LLAMAS FROM "LLAMA-FRESH" FARMS LTD. NEAR PARAGUAY and TERRY GILLIAM & TERRY JONES

    1. JCitizen
      Devil

      Re: those responsible for stopping the hacking have been hacked...

      Where's that squirrel? It must be ALL his fault! LOL!

  52. GnuTzu Silver badge

    Rumors of Cybergeddon

    I double checked the U.S. population. Check my numbers: 44%

    At what point do we get to file a class-action suit for the way financial institutions manage our identities.

    Oh, too big to fail, huh?

  53. Lorribot

    Not an IT cock up

    This, like all the others, is not an IT cock up. It is a Management, development and planning cock up done by people who where tasked with delivering a project and had no focus on security or on going management, but hey the delivered the project.

  54. Kiers

    CULPABILITY in TIMING of NEWS RELEASE

    LOOK AT THE TIMING: CEO releases "NEWS" about the hacking, in between TWO MAJOR HURRICANE EVENTS and an 8.1 EARTHQUAKE in MEXICO, after SELLING $2M of shares at a $20 valuation share price advantage (compared to after the fact; in other words the market valued the "cost" of hack at $20 per share lower, which insiders avoided).

  55. onebignerd

    Joke

    Is Equifax going to pay the costs of restoring our credit after our identities are stolen? DOUBT IT!!

    1. Antidrivel

      Re: Joke

      Your ID's were stolen a long time ago. Over 3100 breaches in 2017 so far with over 3.5 billion records stolen. (vigilante.pw)

      Equifax acted properly, as they have over 100 years. The media people who have been pushing the panic hype for two weeks will all wind up looking like fools.

  56. Antidrivel

    182,000 as of Sept 13. NOT 143,000,000 !!!!

    You media types have never changed since Hearst claimed the Cubans/Spanish sank the Maine.

    Drivel, some of it lethal.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019