Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

November 14 2017

3we

Equifax Tells Investors They Could Be Breached Again - And That They're Still Profitable

"Equifax executives will forgo their 2017 bonuses," reports CNBC. But according to the New York Post, the company "hasn't lost any significant business customers... Equifax largely does business with banks and other financial institutions -- not with the people they collect information on."

Even though it's facing more than 240 class-action lawsuits, Equifax's revenue actually increased 3.8% from July to September, to a whopping $834.8 million, while their net income for that period was $96.3 million -- which is still more than the $87.5 million that the breach cost them, according to a new article shared by chicksdaddy:

The disclosure, made as part of the company's quarterly filing with the US Securities and Exchange Commission, is the first public disclosure of the direct costs of the incident, which saw the company's stock price plunge by more than 30% and wiped out billions of dollars in value to shareholders. Around $55.5m of the $87.5m in breach-related costs stems from product costs â" mostly credit monitoring services that it is offering to affected individuals. Professional fees added up to another $17.1m for Equifax and consumer support costs totaled $14.9m, the company said. Equifax also said it has spent $27.3 million of pretax expenses stemming from the cost of investigating and remediating the hack to Equifax's internal network as well as legal and other professional expenses.

...[weiter]...

November 06 2017

3we

Equifax Investigation Clears Execs Who Dumped Stock Before Hack Announcement

An anonymous reader quotes a report from Gizmodo:

Equifax discovered on July 29th that it had been hacked, losing the Social Security numbers and other personal information of 143 million Americans -- and then just a few days later, several of its executives sold stock worth a total of nearly $1.8 million. When the hack was publicly announced in September, Equifax's stock promptly tanked, which made the trades look very, very sketchy. At the time, Equifax claimed that its executives had no idea about the massive data breach when they sold their stock. Today, the credit reporting company released further details about its internal investigation that cleared all four executives of any wrongdoing.

The report, prepared by a board-appointed special committee, concludes that "none of the four executives had knowledge of the incident when their trades were made, that preclearance for the four trades was appropriately obtained, that each of the four trades at issue comported with Company policy, and that none of the four executives engaged in insider trading."

...[weiter]...

October 27 2017

3we

Equifax was warned

Lorenzo Franceschi-Bicchierai, reporting for Motherboard:

Months before its catastrophic data breach, a security researcher warned Equifax that it was vulnerable to the kind of attack that later compromised the personal data of more than 145 million Americans, Motherboard has learned. Six months after the researcher first notified the company about the vulnerability, Equifax patched it -- but only after the massive breach that made headlines had already taken place, according to Equifax's own timeline. This revelation opens the possibility that more than one group of hackers broke into the company. And, more importantly, it raises new questions about Equifax's own security practices, and whether the company took the right precautions and heeded warnings of serious vulnerabilities before its disastrous hack. Late last year, a security researcher started looking into some of the servers and websites that Equifax had on the internet. In just a few hours, after scanning the company's public-facing infrastructure, the researcher couldn't believe what they had found. One particular website allowed them to access the personal data of every American, including social security numbers, full names, birthdates, and city and state of residence, the researcher told Motherboard.

October 14 2017

3we

IRS Suspends $7 Million Contract With Equifax After Malware Discovered

After malware was discovered on Equifax's website again, the IRS decided late Thursday that it would temporarily suspend the agency's $7.1 million data security contract with the company. CBS News reports:

In September, Equifax revealed that it had exposed 143 million consumer files -- containing names, addresses, Social Security numbers and even bank account information -- to hackers in an unprecedented security lapse. The number of consumer potentially affect by the data breach was later raised to 145.5 million. The company's former CEO blamed a single careless employee for the entire snafu. But even as he was getting grilled in Congress earlier this month, the IRS was awarding the company with a no-bid contract to provide "fraud prevention and taxpayer identification services." "Following new information available today, the IRS temporarily suspended its short-term contract with Equifax for identity proofing services," the agency said in a statement. "During this suspension, the IRS will continue its review of Equifax systems and security." The agency does not believe that any data the IRS has shared with Equifax to date has been compromised, but the suspension was taken as "a precautionary step."
3we

Adware auf Equifax-Webseite: Unternehmen macht Drittanbieter verantwortlich

Schon wieder macht Equifax mit einem Sicherheitsvorfall von sich reden: Diesmal lieferte die Webseite des Unternehmens Adware aus. Auslöser soll allerdings kein Server-Hack, sondern Drittanbieter-Code gewesen sein.

October 12 2017

3we

Equifax website borked again, this time to redirect to fake Flash update

In May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers.

...[weiter]...

October 11 2017

3we

Equifax Increases Number of Britons Affected By Data Breach To 700,000

phalse phace writes:

You know those 400,000 Britons that were exposed in Equifax's data breach? Well, it turns out the number is actually closer to 700,000. The Telegraph reports: "Equifax has just admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised. The company originally estimated that the number of people affected in the UK was 'fewer than 400,000.' But on Tuesday night it emerged that cyber criminals had targeted 15.2 million records in the UK. It said 693,665 people could have had their data exposed, including email addresses, passwords, driving license numbers, phone numbers. The stolen data included partial credit card details of less than 15,000 customers."

October 04 2017

3we

Former Equifax CEO Blames Breach On One Individual Who Failed To Deploy Patch

Equifax's recently departed CEO is blaming the largest data breach in history on a single person who failed to deploy a patch. TechCrunch reports:

Hackers exposed the Social Security numbers, drivers licenses and other sensitive info of 143 million Americans earlier this summer by exploiting a vulnerability in Apache's Struts software, according to testimony heard today from former CEO Richard Smith. However, a patch for that vulnerability had been available for months before the breach occurred. Now several top Equifax execs are being taken to task for failing to protect the information of millions of U.S. citizens. In a live stream before the Digital Commerce and Consumer Protection subcommittee of the House Energy and Commerce committee, Smith testified the Struts vulnerability had been discussed when it was first announced by CERT on March 8th.

Smith said when he started with Equifax 12 years ago there was no one in cybersecurity. The company has poured a quarter of a billion dollars into cybersecurity in the last three years and today boasts a 225 person team. However, Smith had an interesting explainer for how this easy fix slipped by 225 people's notice -- one person didn't do their job. "The human error was that the individual who's responsible for communicating in the organization to apply the patch, did not," Smith, who did not name this individual, told the committee.

October 03 2017

3we

Equifax Says 2.5 Million More Americans May Be Affected By Hack

According to Reuters, Equifax said about 2.5 million additional U.S. consumers may have been impacted by a cyber attack at the company last month. Last month, the company disclosed that personal details of up to 143 million U.S. consumers were accessed by hackers between mid-May and July.

As for what led to the breach, Ars Technica reports it was "a series of costly delays and crucial errors." From the report:

Chief among the failures: an Equifax e-mail directing administrators to patch a critical vulnerability in the open source Apache Struts Web application framework went unheeded, despite a two-day deadline to comply. Equifax also waited a week to scan its network for apps that remained vulnerable. Even then, the delayed scan failed to detect that the code-execution flaw still resided in a section of the sprawling Equifax site that allows consumers to dispute information they believe is incorrect. Equifax said last month that the still-unidentified attackers gained an initial hold in the network by exploiting the critical Apache Struts vulnerability.

September 19 2017

3we

Equifax soll früheren Hack verheimlicht haben

Monate vor dem kolossalen Hack mit mehr als 143 Millionen Opfern soll Equifax bereits einmal gehackt worden sein. Derweil ermitteln US-Behörden wegen Insiderhandels gegen Equifax-Manager.

September 15 2017

3we

Apache Struts: Monate alte Sicherheitslücke führte zu Equifax-Hack

Die Kundendaten von Equifax haben durch eine mehrere Monate ungepatchte Sicherheitslücke gehackt werden können. Auch sonst macht das Unternehmen beim Thema Sicherheit wenig richtig - wie die Zugangskombination "admin/admin" auf einer Mitarbeiterseite zeigt.

September 10 2017

3we

TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results

An anonymous reader quotes security researcher Brian Krebs:

The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach -- equifaxsecurity2017.com -- is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones.

TechCrunch has concluded that "the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach." One user reports that entering the same information twice produced two different answers. And ZDNet's security editor reports that even if you just enter Test or 123456, "it says your data has been breached." TechCrunch writes:
The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there's no way to tell if you were really impacted. It's clear Equifax's goal isn't to protect the consumer or bring them vital information. It's to get you to sign up for its revenue-generating product TrustID.

Meanwhile, one web engineer claims the secret 10-digit "security freeze" PIN being issued by Equifax "is just a timestamp of when you made the freeze."
3we

Equifax Breach is Very Possibly the Worst Leak of Personal Info Ever

The breach Equifax reported Thursday is very possibly is the most severe of all for a simple reason: the breath-taking amount of highly sensitive data it handed over to criminals. Dan Goodin of ArsTechnica writes:

By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers, it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be. The theft, by criminals who exploited a security flaw on the Equifax website, opens the troubling prospect the data is now in the hands of hostile governments, criminal gangs, or both and will remain so indefinitely. Hacks hitting Yahoo and other sites, by contrast, may have breached more accounts, but the severity of the personal data was generally more limited. And in most cases the damage could be contained by changing a password or getting a new credit card number. What's more, the 143 million US people Equifax said were potentially affected accounts for roughly 44 percent of the population. When children and people without credit histories are removed, the proportion becomes even bigger. That means well more than half of all US residents who rely the most on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come. Besides being used to take out loans in other people's names, the data could be abused by hostile governments to, say, tease out new information about people with security clearances, especially in light of the 2015 hack on the US Office of Personnel Management, which exposed highly sensitive data on 3.2 million federal employees, both current and retired.
Meanwhile, if you accept Equifax's paltry "help" you forfeit the right to sue the company, it has said. In its policy, Equifax also states that it won't be helping its customers fix hack-related problems.

UPDATE (9/9/17): Equifax has now announced that "the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident."

Bloomberg reported on Friday that a class action seeking to represent 143 million consumers has been filed, and it alleges the company didn't spend enough on protecting data. The class-action -- filed by the firm Olsen Daines PC along with Geragos & Geragos, a celebrity law firm known for blockbuster class actions -- will seek as much as $70 billion in damages nationally.

September 08 2017

3we

Finanzdienstleister: Equifax gibt Hack von 143 Millionen Kundendaten bekannt

Beim US-Finanz- und Bonitätsdiensleister Equifax konnten Kriminelle offenbar rund 143 Millionen Kundendaten kopieren - über eine Sicherheitslücke in einer Webapplikation. Einige Manager verkauften kurz nach dem Hack Teile ihrer Aktienpakete.

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl