Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc Last year, Equifax admitted hackers stole sensitive personal records on 145 million Americans and hundreds of thousands in the UK and Canada. The outfit already said cyber-crooks "primarily" took names, social security numbers, birth dates, home addresses, credit-score dispute forms, and, in some instances, credit card numbers …
Given the number of "oops we leaked all your personal information and there is nothing you can do about it" then Governments need to put a stop to the collection of personal data by faceless companies.
Individuals should retain control and ownership of their personal information and the trade in this data banned across the board.
Banks are always looking to put the blaim on their customers when there is fraud but since they insisted upon passing their customers details to companies that trade the info with whomever pays then they should be held responsible unless they can prove that the customer was actually guilty of anything other than trusting their bank/loan companies.
Without the above then no citizen should be held accountable for fraud and the onus to maintain their data should be returned to the data holder not the data owner.
Sounds a bit difficult to put into practice, though. After all, a lot of that data is a matter of public record. The rest...well, how would people conduct business otherwise, especially when identity is critical to the transaction?
@Charles9 "how would people conduct business otherwise" via the reference issued by your Government who already have all the data.
Any personal data enquires to the Government are relayed to the citizen via mail/email whatever and once consent confirmed then businesses goes ahead.
Basically the citizen is kept in the loop and the companies get only the information required to confirm person will pay and address given is associated with that citizen. Any data the company recieves outside of the citizen reference is destroyed once transaction complete
Then add in real punishments if they abuse the system or attempt to get around it by pressuring their customers for information unrelated to the transaction.
They say that the reason they are currently asking for all the personal information is because they need to confirm who they are dealing with, once they have a unique reference backed by the Government then they need nothing else.
Effectively things are pretty much as they are now but without all the credit reference companies, they would be replaced by your government who is already getting all this information and in theory you have routes availible to you in the event that things go wrong.
As to those things that are public record then the question is why? if the same court documents become associated with your government account instead then your country can stop treating your citizens in debt as criminals. It would also get rid of the dodgy debt collectors who operate without a court judgement, since they wont know where you live unless they work via the courts.
Legislating to enable the Govt to hold all this data and be the sole custodian would be far worse. You are placing the cookie jar in control of a Non-Profit with no drivers for improvement (civil servants are invariably less than civil and largely do not demonstrate an understanding of the concept to serve). Far better have the law makers on our side, legislating against such businesses (and driven by the democratic process to improve/prosecute such), than have them in control of the data. That would also be an open goal for biometric/other ID cards, as well as political/bureacratic abuse.
@AC "Legislating to enable the Govt to hold all this data and be the sole custodian would be far worse"
Since the Government already has this data then what difference does it make?
As to civil servants (including police, polticians) then personally I have always believed that abuse in a position of authority should be punished on a basis of impact to society and by default at a higher level than an ordinary citizen. If working out how much damage has been done is a problem then treat each instance as treachery to the state. I would say that if abuse at this level results in a single death then back to public hangings.
"That would also be an open goal for biometric/other ID cards, as well as political/bureacratic abuse." a single ID would be great if only we could trust our civil servants but whilst being caught means at worst a slap on the wrist then abuse is a winning game.
"Then add in real punishments if they abuse the system or attempt to get around it by pressuring their customers for information unrelated to the transaction."
Why don't we go after the CEO, the Board of Directors, middle management and anyone else in the chain of command and personally make them responsible and paying for correcting the wrong, including prison.
This dipping into the company's petty cash to pay a fine is obviously not working.
There is NO reason whatsoever for Government collected data, as in census or electoral roll etc to be made public & definitely NOT sold to Private companies to use as they see fit, but it has been going on for a long time. I remember in 1999 being sent a sample electoral roll CD for the whole of the UK & I was able to look up old girl friends & current company employees & get more info on them than was available to me as IT manager of the company. This was supplied as a sales contact database reference material.
These private companies, now determine your net worth & suitability for credit, but they are NOT regulated & are self appointed, so anyone hacking their systems, could do like the movies & destroy you economically, by reducing your credit score & thus having your cards cancelled by the provider etc, or stealing your data & using it to ruin your hard won credit score through fraudulent use of your private data :(
The governments of the world could & should do more, but they are living in the 19th century & take years to make simple common sense laws where no regulation exists & most of the time the laws are half baked & full of loop holes :( Useless the lot of them.
"There is NO reason whatsoever for Government collected data, as in census or electoral roll etc to be made public"
Except as a check against the government itself. It's basically a no-win situation. If you let the government hide data, they can exploit it against you with no recourse. But open it up, and others will do the same. Your personal information MUST be shared in order to do anything of note, but that very information can be used against you. It's all a matter of trust, and if you're in DTA mode, you're basically out of the loop of civilization, meaning you're hiding in that cabin in the forest subsisting on bugs. After all, anyone can backstab you at any time, and they don't even need to know your name to do it. So how far are you willing to take it?
@AC
I am not, nor ever have been, nor ever will be a customer of Equifax. Why should they have any information about me?
Roll on GDPR when I can get it all deleted....
I would like to bet that Equifax do have information about you. If you have opened a bank account, have a credit card, or have applied for a loan or other credit, then the chances are your data was given to Equifax, as well as the other credit reference agencies.
And the GDPR doesn't give you the right to demand deletion of your data unconditionally, if Equifax can show a business need (which they can, as they are a credit reference agency) then they can refuse to delete your data.
I would agree otherwise. They do have a business that runs using my data.
BUT I didn't sign up to that.
Even if I did, in some weird convoluted fashion. I now withdraw my consent. What to see all my data. Then have it all deleted.
I appreciate this may cause me some pain if I ever need a car loan / credit card mortgage / etc, BUT, and it's a big but, F**k 'em. If they're going to collect data about me without my permission and make money out of it, they'd take better care of it*. They didn't, they erase my stuff.
*Now I don't know there infrastructure but if a "sudo apt-get update && apt-get upgrade" had fixed it, I'm doubly p!ssed off...
"BUT, and it's a big but, F**k 'em."
BUT they can F**k you back. Equifax is referred for credit trustworthiness, and people without a history normally can't be trusted because reaching out historically results in betrayal. So if you demand Equifax delete you data, the next time you apply for a loan, Equifax would reply, "No Data On You." Which to the rest of the credit history means NO history.
Which tends to mean you get rejected unless you submit to unfavorable (maybe even predatory) terms, AND there's no law that requires banks to accept everyone wil ne nil ye. It's the old Catch-22: it takes credit to make a credit history, and it takes a credit history to get credit.
"The US government's Consumer Financial Protection Bureau promised a full investigation into the Equifax affair, and then gave up. On February 7, an open letter [PDF] from 32 senators to the bureau asked why the probe was dropped, and the gang has yet to receive a response"
I mean where's the incentive?
Oops you done f****d up gents. Time to go. Have a multi-million <insert currency> severance package and good luck in the next role. If you need a reference, we'll be sure to put a good word in for you.
Only - and really only - when it begins to hit both the company AND the directors' pockets will they sit up and take notice.
Remember in 1999-2000 when Microsoft had been found bang to rights in a criminal court of law, and the judge was pondering whether to break it up or just force it to publish the source code for Windows?
Then Dubya was elected and suddenly the DoJ dropped the case on the floor.
That is entirely why there should be no private money in politics; no lobbying; and strict regulations about who a previously elected person can work for over a five year time frame. Some countries have managed this very successfully. The, apparent, graft and corruption in NA governments at all levels has thus far precluded these wise safeguards from being implemented.
"Some countries have managed this very successfully."
Can you name some that are big enough to matter? I bet you the ones that SEEM that way are simply working deeper behind the scenes using things like family connections and favors that use degrees of separation to hide the details.
Remember, at the extreme, if they REALLY don't like the government, they can just covertly fund a coup. After all, in the final analysis, laws are just ink on a page.
There's a hole in the American legislature process that allows virtually all of the external lobbyist and internal party pressure crap. The same thing that has helped contribute to polarizing partisan politics
https://youtu.be/1gEz__sMVaY
Easy fix if anyone ever gets the guts to donate right thing.
"There's a hole in the American legislature process that allows virtually all of the external lobbyist and internal party pressure crap. The same thing that has helped contribute to polarizing partisan politics"
Thing is, you ALSO have to consider that Congresspeople are actually acting ON BEHALF of their constituents. Meaning the voters are the reason their votes are made public: to let the voters know how their Representatives and Senators are acting on their behalf. Intimidation and the like are SUPPOSED to be inflicted on them. Thing is, it's supposed to be the voters doing the intimidating. I mean, what better threat can you foist on a Congressman than a threat to vote against them in the next election (or, if allowed, start a premature recall process)? The system being corrupted in other ways dulls this angle. And you need other solutions for that, not to mention ways around those solutions (for example, some states may try to work around independent districting through city planning--if you can't draw the districts, designate residency to get around it).
As for lobbying, they've already come up with a pretty bulletproof way to ensure the door's open: enlist congressional spouses and siblings. After all, a husband is expected to be in constant contact with his wife and so on, especially if they have kids. Otherwise, you risk the family unit. And someone as close as a sibling tends to have frequent contact as well.
That is exactly the problem. Those in charge are never held responsible for the goofs. I don't care who you are or how well you've been working for the past 30 years, if your department or company negatively impacts the lives of millions, you're talking the fall and it should not be to land on a cushion full of money.
Except, of course, that in a country where the laws are written by corporations, that has a snowball's chance of happening.
"Except, of course, that in a country where the laws are written by corporations, that has a snowball's chance of happening."
ALL laws tend to be written by the rich barring a crisis, and it is the rich who have the best ability to get laws changed to their favor by financing changeovers. And no, Europe is not immune, just resistant for now.
As Bugs Bunny used to say "What a maroon". Using racial taunts to disparage someone threatening the status quo shows nothing but ignorance and deep seated fear of the truth. Reminds me of the person forcibly removed from the West Virginia legislature this week for daring to list out the members who had received money from the oil industry while they were working on a new bill granting the oil companies the right to drill on land without all the owners permissions. You can't hide the truth forever, yet. Another few years of people like Dim Donny, the little man with little hands, and that may well change.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
