back to article Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Last year, Equifax admitted hackers stole sensitive personal records on 145 million Americans and hundreds of thousands in the UK and Canada. The outfit already said cyber-crooks "primarily" took names, social security numbers, birth dates, home addresses, credit-score dispute forms, and, in some instances, credit card numbers …

  1. Mark 85 Silver badge

    Some?

    Some = >1 and <145 million or so. Thanks Equifax... got it.

    1. Eddy Ito Silver badge

      Re: Some?

      To be fair to Equifax it's quite obvious that they're too fucking incompetent to even begin to find out how much information was taken much less know what was taken.

  2. Anonymous Coward
    Anonymous Coward

    Equifux - The 'git' that keeps on giving.

    All 3 credit-agencies have been an unanswerable mafia for decades. So, nothing ever got fixed. This will only add to the biggest fraud of all time: Tax Rebates. - American problem with American solution. - America Fuck Yeah!

  3. Anonymous Coward
    Facepalm

    Equifax hack worse than previously thought?

    Since when does those culpable in a criminal negligence case get to decide what evidence to release to the court. Have Equifax since identified that lone programmer who failed to patch the system.

    1. Archtech Silver badge

      Re: Equifax hack worse than previously thought?

      The so-called "DNC hack" came close. They complained their servers had been "hacked by Russia", but refused to allow the FBI to examine those servers.

      Nothing to hide, no sirree bob.

      1. FrozenShamrock

        Re: Equifax hack worse than previously thought?

        Squirrel Could you try Squirrel to stay focused Squirrel on the topic Squirrel at hand without Squirrel running down the Squirrel rabbit hole? Squirrel

  4. Anonymous Coward
    Anonymous Coward

    Clearly allowing companies to hold this kind of information should not be allowed

    Given the number of "oops we leaked all your personal information and there is nothing you can do about it" then Governments need to put a stop to the collection of personal data by faceless companies.

    Individuals should retain control and ownership of their personal information and the trade in this data banned across the board.

    Banks are always looking to put the blaim on their customers when there is fraud but since they insisted upon passing their customers details to companies that trade the info with whomever pays then they should be held responsible unless they can prove that the customer was actually guilty of anything other than trusting their bank/loan companies.

    Without the above then no citizen should be held accountable for fraud and the onus to maintain their data should be returned to the data holder not the data owner.

    1. Charles 9 Silver badge

      Re: Clearly allowing companies to hold this kind of information should not be allowed

      Sounds a bit difficult to put into practice, though. After all, a lot of that data is a matter of public record. The rest...well, how would people conduct business otherwise, especially when identity is critical to the transaction?

      1. Anonymous Coward
        Anonymous Coward

        Re: Clearly allowing companies to hold this kind of information should not be allowed

        @Charles9 "how would people conduct business otherwise" via the reference issued by your Government who already have all the data.

        Any personal data enquires to the Government are relayed to the citizen via mail/email whatever and once consent confirmed then businesses goes ahead.

        Basically the citizen is kept in the loop and the companies get only the information required to confirm person will pay and address given is associated with that citizen. Any data the company recieves outside of the citizen reference is destroyed once transaction complete

        Then add in real punishments if they abuse the system or attempt to get around it by pressuring their customers for information unrelated to the transaction.

        They say that the reason they are currently asking for all the personal information is because they need to confirm who they are dealing with, once they have a unique reference backed by the Government then they need nothing else.

        Effectively things are pretty much as they are now but without all the credit reference companies, they would be replaced by your government who is already getting all this information and in theory you have routes availible to you in the event that things go wrong.

        As to those things that are public record then the question is why? if the same court documents become associated with your government account instead then your country can stop treating your citizens in debt as criminals. It would also get rid of the dodgy debt collectors who operate without a court judgement, since they wont know where you live unless they work via the courts.

        1. Anonymous Coward
          Anonymous Coward

          Re: Clearly allowing companies to hold this kind of information should not be allowed

          Legislating to enable the Govt to hold all this data and be the sole custodian would be far worse. You are placing the cookie jar in control of a Non-Profit with no drivers for improvement (civil servants are invariably less than civil and largely do not demonstrate an understanding of the concept to serve). Far better have the law makers on our side, legislating against such businesses (and driven by the democratic process to improve/prosecute such), than have them in control of the data. That would also be an open goal for biometric/other ID cards, as well as political/bureacratic abuse.

          1. Anonymous Coward
            Anonymous Coward

            Re: Clearly allowing companies to hold this kind of information should not be allowed

            @AC "Legislating to enable the Govt to hold all this data and be the sole custodian would be far worse"

            Since the Government already has this data then what difference does it make?

            As to civil servants (including police, polticians) then personally I have always believed that abuse in a position of authority should be punished on a basis of impact to society and by default at a higher level than an ordinary citizen. If working out how much damage has been done is a problem then treat each instance as treachery to the state. I would say that if abuse at this level results in a single death then back to public hangings.

            "That would also be an open goal for biometric/other ID cards, as well as political/bureacratic abuse." a single ID would be great if only we could trust our civil servants but whilst being caught means at worst a slap on the wrist then abuse is a winning game.

        2. ITS Retired

          Re: Clearly allowing companies to hold this kind of information should not be allowed

          "Then add in real punishments if they abuse the system or attempt to get around it by pressuring their customers for information unrelated to the transaction."

          Why don't we go after the CEO, the Board of Directors, middle management and anyone else in the chain of command and personally make them responsible and paying for correcting the wrong, including prison.

          This dipping into the company's petty cash to pay a fine is obviously not working.

      2. ida71u

        Re: Clearly allowing companies to hold this kind of information should not be allowed

        There is NO reason whatsoever for Government collected data, as in census or electoral roll etc to be made public & definitely NOT sold to Private companies to use as they see fit, but it has been going on for a long time. I remember in 1999 being sent a sample electoral roll CD for the whole of the UK & I was able to look up old girl friends & current company employees & get more info on them than was available to me as IT manager of the company. This was supplied as a sales contact database reference material.

        These private companies, now determine your net worth & suitability for credit, but they are NOT regulated & are self appointed, so anyone hacking their systems, could do like the movies & destroy you economically, by reducing your credit score & thus having your cards cancelled by the provider etc, or stealing your data & using it to ruin your hard won credit score through fraudulent use of your private data :(

        The governments of the world could & should do more, but they are living in the 19th century & take years to make simple common sense laws where no regulation exists & most of the time the laws are half baked & full of loop holes :( Useless the lot of them.

        1. Charles 9 Silver badge

          Re: Clearly allowing companies to hold this kind of information should not be allowed

          "There is NO reason whatsoever for Government collected data, as in census or electoral roll etc to be made public"

          Except as a check against the government itself. It's basically a no-win situation. If you let the government hide data, they can exploit it against you with no recourse. But open it up, and others will do the same. Your personal information MUST be shared in order to do anything of note, but that very information can be used against you. It's all a matter of trust, and if you're in DTA mode, you're basically out of the loop of civilization, meaning you're hiding in that cabin in the forest subsisting on bugs. After all, anyone can backstab you at any time, and they don't even need to know your name to do it. So how far are you willing to take it?

      3. Anonymous Coward
        Anonymous Coward

        Re: Clearly allowing companies to hold this kind of information should not be allowed

        @Charles 9

        I am not, nor ever have been, nor ever will be a customer of Equifax. Why should they have any information about me?

        Roll on GDPR when I can get it all deleted....

        1. Alister Silver badge

          Re: Clearly allowing companies to hold this kind of information should not be allowed

          @AC

          I am not, nor ever have been, nor ever will be a customer of Equifax. Why should they have any information about me?

          Roll on GDPR when I can get it all deleted....

          I would like to bet that Equifax do have information about you. If you have opened a bank account, have a credit card, or have applied for a loan or other credit, then the chances are your data was given to Equifax, as well as the other credit reference agencies.

          And the GDPR doesn't give you the right to demand deletion of your data unconditionally, if Equifax can show a business need (which they can, as they are a credit reference agency) then they can refuse to delete your data.

          1. Anonymous Coward
            Anonymous Coward

            Re: Clearly allowing companies to hold this kind of information should not be allowed

            Yeah, I get all that but it'll be good sport to argue with them and the ICO?

          2. Anonymous Coward
            Anonymous Coward

            Re: Clearly allowing companies to hold this kind of information should not be allowed

            I would agree otherwise. They do have a business that runs using my data.

            BUT I didn't sign up to that.

            Even if I did, in some weird convoluted fashion. I now withdraw my consent. What to see all my data. Then have it all deleted.

            I appreciate this may cause me some pain if I ever need a car loan / credit card mortgage / etc, BUT, and it's a big but, F**k 'em. If they're going to collect data about me without my permission and make money out of it, they'd take better care of it*. They didn't, they erase my stuff.

            *Now I don't know there infrastructure but if a "sudo apt-get update && apt-get upgrade" had fixed it, I'm doubly p!ssed off...

            1. Charles 9 Silver badge

              Re: Clearly allowing companies to hold this kind of information should not be allowed

              "BUT, and it's a big but, F**k 'em."

              BUT they can F**k you back. Equifax is referred for credit trustworthiness, and people without a history normally can't be trusted because reaching out historically results in betrayal. So if you demand Equifax delete you data, the next time you apply for a loan, Equifax would reply, "No Data On You." Which to the rest of the credit history means NO history.

              Which tends to mean you get rejected unless you submit to unfavorable (maybe even predatory) terms, AND there's no law that requires banks to accept everyone wil ne nil ye. It's the old Catch-22: it takes credit to make a credit history, and it takes a credit history to get credit.

    2. Roj Blake Silver badge

      Re: Clearly allowing companies to hold this kind of information should not be allowed

      What we need is some sort of general regulation that protects data.

  5. Anonymous Coward
    Anonymous Coward

    National inSecurity

    "The US government's Consumer Financial Protection Bureau promised a full investigation into the Equifax affair, and then gave up. On February 7, an open letter [PDF] from 32 senators to the bureau asked why the probe was dropped, and the gang has yet to receive a response"

    1. Stoneshop Silver badge
      Holmes

      Re: National inSecurity

      Could it be that the current head of the CFPB, Mick Mulvaney, is one of the Orange Turnip's cronies? There's also a certain lack of coincidence between the date of his appointment and the moment the Equifax investigation started to grind to a halt.

    2. Anonymous Coward
      Anonymous Coward

      Re: National inSecurity

      The appropriate donation to a Trump approved "charity" was made via the brown envelop method, is my guess.

  6. TonyJ Silver badge

    Things will never change

    I mean where's the incentive?

    Oops you done f****d up gents. Time to go. Have a multi-million <insert currency> severance package and good luck in the next role. If you need a reference, we'll be sure to put a good word in for you.

    Only - and really only - when it begins to hit both the company AND the directors' pockets will they sit up and take notice.

    1. Charles 9 Silver badge

      Re: Things will never change

      And then they'll just change the government to suit them. Money talks, all else walks.

      1. Archtech Silver badge

        Re: Things will never change

        Remember in 1999-2000 when Microsoft had been found bang to rights in a criminal court of law, and the judge was pondering whether to break it up or just force it to publish the source code for Windows?

        Then Dubya was elected and suddenly the DoJ dropped the case on the floor.

      2. Anonymous Coward
        Anonymous Coward

        Re: Things will never change

        That is entirely why there should be no private money in politics; no lobbying; and strict regulations about who a previously elected person can work for over a five year time frame. Some countries have managed this very successfully. The, apparent, graft and corruption in NA governments at all levels has thus far precluded these wise safeguards from being implemented.

        1. Charles 9 Silver badge

          Re: Things will never change

          "Some countries have managed this very successfully."

          Can you name some that are big enough to matter? I bet you the ones that SEEM that way are simply working deeper behind the scenes using things like family connections and favors that use degrees of separation to hide the details.

          Remember, at the extreme, if they REALLY don't like the government, they can just covertly fund a coup. After all, in the final analysis, laws are just ink on a page.

        2. aquaman

          Re: Things will never change

          There's a hole in the American legislature process that allows virtually all of the external lobbyist and internal party pressure crap. The same thing that has helped contribute to polarizing partisan politics

          https://youtu.be/1gEz__sMVaY

          Easy fix if anyone ever gets the guts to donate right thing.

          1. Charles 9 Silver badge

            Re: Things will never change

            "There's a hole in the American legislature process that allows virtually all of the external lobbyist and internal party pressure crap. The same thing that has helped contribute to polarizing partisan politics"

            Thing is, you ALSO have to consider that Congresspeople are actually acting ON BEHALF of their constituents. Meaning the voters are the reason their votes are made public: to let the voters know how their Representatives and Senators are acting on their behalf. Intimidation and the like are SUPPOSED to be inflicted on them. Thing is, it's supposed to be the voters doing the intimidating. I mean, what better threat can you foist on a Congressman than a threat to vote against them in the next election (or, if allowed, start a premature recall process)? The system being corrupted in other ways dulls this angle. And you need other solutions for that, not to mention ways around those solutions (for example, some states may try to work around independent districting through city planning--if you can't draw the districts, designate residency to get around it).

            As for lobbying, they've already come up with a pretty bulletproof way to ensure the door's open: enlist congressional spouses and siblings. After all, a husband is expected to be in constant contact with his wife and so on, especially if they have kids. Otherwise, you risk the family unit. And someone as close as a sibling tends to have frequent contact as well.

    2. Pascal Monett Silver badge

      That is exactly the problem. Those in charge are never held responsible for the goofs. I don't care who you are or how well you've been working for the past 30 years, if your department or company negatively impacts the lives of millions, you're talking the fall and it should not be to land on a cushion full of money.

      Except, of course, that in a country where the laws are written by corporations, that has a snowball's chance of happening.

      1. Charles 9 Silver badge

        "Except, of course, that in a country where the laws are written by corporations, that has a snowball's chance of happening."

        ALL laws tend to be written by the rich barring a crisis, and it is the rich who have the best ability to get laws changed to their favor by financing changeovers. And no, Europe is not immune, just resistant for now.

  7. TonyJ Silver badge

    @Charles...A sadly true comment. And an equally sad indictment of the world we live in today.

  8. Anonymous Coward
    Anonymous Coward

    not on my shift

    all's well that ends well (for the previous shift).

    rinse...

  9. unwarranted triumphalism

    Watch out, Fauxcahontas is on the case.

    1. Antron Argaiv Silver badge
      Trollface

      Cute name, you think that up all by yourself?

      Yeah, that whole Consumer Financial Protection Bureau was a real waste of time and resources. May as well wind it up, because the banks, lenders, and finance companies are perfectly capable of self-regulation, right?

      1. ecofeco Silver badge

        Actually, it's already been gutted by the Trump admin.

    2. FrozenShamrock

      As Bugs Bunny used to say "What a maroon". Using racial taunts to disparage someone threatening the status quo shows nothing but ignorance and deep seated fear of the truth. Reminds me of the person forcibly removed from the West Virginia legislature this week for daring to list out the members who had received money from the oil industry while they were working on a new bill granting the oil companies the right to drill on land without all the owners permissions. You can't hide the truth forever, yet. Another few years of people like Dim Donny, the little man with little hands, and that may well change.

  10. dbt101
    Coat

    Then Equifax offers, for a small fee, Identity Theft Protection? Seriously....

  11. RareToy

    That's the kind of job I want. Screw up real bad, take a golden parachute of a retirement package and not be held responsible for anything. Where do I sign up?

    1. ecofeco Silver badge

      Your local country club, The fee will just be a few million dollars.

  12. This post has been deleted by its author

    1. Hans 1 Silver badge
      Childcatcher

      Re: The problem is much larger than you know

      Until the U.S. changes its laws to allow for personal prosecutions and not just slap-on-the-wrist fines of mega-corporations, the problem will only get worse.

      Upvoted, but tell me, how could it possibly get worse than it is already?

      1. Charles 9 Silver badge

        Re: The problem is much larger than you know

        Naked corporatocracy with them in control of the everything up to and including the nukes. Remind you of the Sprawl. anyone?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019