Home / Tag Archives: equifax

Tag Archives: equifax

Equifax filing reveals hack was somehow even worse than previous estimates

The 2017 hack of Equifax , already among the largest ever recorded, just got bigger. Well, they’re admitting that it was bigger than they had previously, which amounts to the same thing. Documents filed with the SEC reveal that more people, more IDs, and more info in general was stolen when the company utterly failed to protect its “users,” many of which didn’t even know they were in the database. The company revealed various numbers around the time it disclosed the hack, though one it neglected to include was how many millions of dollars in stock were sold by executives before publicly disclosing it. But let’s not linger on their past crimes. I’m sure they’re very sorry! Amanda Werner, dressed as Monopoly’s Rich Uncle Pennybags, sits behind Richard Smith, CEO of Equifax, during a Senate hearing. Today’s information was filed with the Securities and Exchange Commission as part of the company’s disclosures regarding the hack. It provided first a handy table listing what was stolen as raw strings of data from Equifax’s inadequately protected databases: Full name : 146.6M Date of Birth : 146.6M Social Security number : 145.5M Full address : 99M Gender : 27.3M Phone number : 20.3M Driver’s license number (incl. 2.4M partials) : 17.6M Email address : 1.8M Credit card numbers (with expiration dates) : 209,000 Individual Tax Identification Number (ITIN/Tax ID) : 97,500 Driver’s license state : 27,000 Previous estimates of driver’s license numbers leaked were around 10.9 million, and total affected put at 143 million . Sure, the difference between 143 million and 146.6 million is relatively small, but it’s still 3.6 million people . Secondly the filing includes a table listing images stolen by the attackers

Read More »

Equifax breach exposed millions of driver’s licenses, phone numbers, emails

Enlarge (credit: Smith Collection Gado/Getty Images) On May 7, executives of Equifax submitted a "statement for the record" to the Securities and Exchange Commission detailing the extent of the consumer data breach the company first reported on September 7, 2017 . The data in the statement, which has also been shared with congressional committees investigating the breach, reveals to a fuller extent how much personal data was exposed in the breach. Millions of driver's license numbers, phone numbers, and email addresses were also exposed in connection with names, dates of birth, and Social Security numbers—offering a gold mine of data for identity thieves and fraudsters. Equifax had already reported that the names, Social Security numbers, and dates of birth of 143 million US consumers had been exposed, along with driver's license numbers "in some instances," in addition to the credit card numbers of 209,000 individuals. The company's management had also reported "certain dispute documents" submitted by about 182,000 consumers contesting credit reports had been exposed as well, in addition to some information about British and Canadian consumers. But the exact details of the nature of these documents and information had not been revealed, in part because Equifax felt it did not have a legal obligation to disclose those details. "With respect to the data elements of gender, phone number, and email addresses, US state data breach notification laws generally do not require notification to consumers when these data elements are compromised, particularly when an email address is not stolen in combination with further credentials that would permit access," Equifax's management asserted in the SEC letter. Read 6 remaining paragraphs | Comments

Read More »

Equifax taps former GE exec Mark Begor as its new CEO

It’s been seven months since a major data breach sent shares of Equifax tumbling, and the company is still pulling itself together. On Wednesday, the credit bureau announced it was appointing former GE exec Mark Begor to take over the troubled company’s affairs. The hire comes six months after Equifax’s former CEO Richard Smith resigned and left  Paulino do Rego Barros, Jr. leading in the interim. He will “retire” from Equifax early next year as Begor takes over the role from him next month. Most recently, Begor was at Warburg Pincus LLC, a US private equity firm, which he joined after 35 years at General Electric where he operated in a variety of roles including as CEO of GE Energy Management and CEO of GE Capital Real Estate. Begor comes aboard as the company attempts to build back public trust or at least stay out of the news long enough for people to forget about their incompetence. Equifax shares have surprisingly only dipped around 18 percent since the admission of a massive breach which had released the personal data of over 140 million customers. The company’s public image has taken a much heavier hit. Earlier this month, an exec was hit with insider trader charges, alleging he used non-public information of the undisclosed hack to sell $1 million in shares before the company’s admission sent the stock price tumbling. “The team has made meaningful progress in the last several months to address a number of well-publicized issues while continuing to focus on delivering differentiated new products and advanced analytics to support our customers, Begor said in a statement released by Equifax. “…we will continue to invest in and strengthen our IT and data security. As a custodian of consumer and customer information, protecting that data is a central priority for Equifax and for me personally.”

Read More »

Senior ex-Equifax executive charged with insider trading

Enlarge / A monitor displays Equifax Inc. signage on the floor of the New York Stock Exchange (NYSE) in New York on Friday, September 15, 2017. (credit: Michael Nagle/Bloomberg via Getty Images ) Federal authorities have charged a senior Equifax executive with insider trading for allegedly selling almost $1 million worth of company stock 10 days before officials disclosed a website hack that exposed sensitive information for more than 143 million US consumers. Jun Ying was CIO of Equifax's United States Information Systems business unit in the months leading up to Equifax's bombshell announcement on September 7 that the breach exposed Social Security numbers, birth dates, and other sensitive data for as many as 143 million people. According to a complaint filed Wednesday by the US Securities and Exchange Commission, Ying's first indication his employer had been breached came on August 25 when he and colleagues received an email alerting them to a "very large breach opportunity" that would require additional capacity from IT systems to process. To keep the Equifax breach confidential, the email and subsequent discussions didn't name Equifax as the victim and instead suggested it involved an Equifax client. Putting 2 and 2 together Ying only needed a few hours, however, to suspect his employer was the one that had been breached, prosecutors said. At 5:27 that afternoon, after speaking privately with the CIO of the main Equifax company, Ying allegedly sent a text message to one of his employees that read: "On the phone with global CIO. Sounds bad. We may be the one breached... Starting to put 2 and 2 together." Read 8 remaining paragraphs | Comments

Read More »

2017’s biggest cybersecurity facepalms

2017 was a year like no other for cybersecurity. It was the year we found out the horrid truths at Uber and Equifax, and border security took our passwords. A year of WannaCry and Kaspersky, VPNs and blockchains going mainstream, health care hacking,...

Read More »