Equifax Data Breach Larger Than Disclosed, Congress Slams Execs For "Hiding Info From Public"

Equifax has some serious questions to answer after the Senate Banking Committee analyzing documents from last year's massive data breach discovered that far more private data was stolen than first revealed.

The breach, announced last September, was originally said to have compromised the personal information of approximately 145.5 million U.S. consumers. The information accessed "primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers." In other words, pretty much everything that should have been hidden behind an number of firewalls, was made available to the dark net's highest bidder. 

The additional information accessed by hackers include tax ID numbers as opposed to just Social Security numbers, email addresses, and more driver's license information than was previously disclosed by the company. 

Equifax said, in a document submitted to the Senate Banking Committee and reviewed by The Wall Street Journal, that cyberthieves accessed records across numerous tables in its systems that included such data as tax identification numbers, email addresses and drivers’ license information beyond the license numbers it originally disclosed. -WSJ

It is unknown how many of the 145.5 million people were exposed to the increased level of data theft, however the a company spokeswoman said that an "insignificant number" of email addresses had been compromised.

“We have complied with applicable notification requirements in the disclosure process,” the spokeswoman said, who added that email notices were sent to impacted consumers. 

Equifax confirmed to the Wall st. Journal that additional drivers' license information had been accessed, including issue dates and states. 

“Additional driver’s license information accessed other than the driver’s license number was extremely minimal” said the spokeswoman, adding that “anyone with a potentially affected driver’s license number” can look up their name on the Equifax website. 

Massachussets Senator Elizabeth Warren (D-MA) released a report  on the Equifax hack after the Banking Committee she sits on spent the last five months analyzing the breach. 

"As your company continues to issue incomplete, confusing, and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?" the letter reads. 

Warren's letter then issues four demands to Equifax:

1) A full and complete list of all data elements that Equifax has confirmed were accessed by hackers in the breach, and the number of individuals affected by the breach of these individual data elements. Please include information on when Equifax confirmed that taxpayer identification numbers, email addresses, and driver's license issue dates and states were accessed by the hackers.

2) A full and complete list of all data elements that Equifax has reason to believe may have been accessed by the hackers, the potential number of individuals potentially affected, and the status of Equifax efforts to confirm if they were or were not accessed.

3) A timeline of all Equifax efforts to determine the full extent of the breach, and summaries of any internal reports or information, or reports or information provided to Equifax by Mandiant or any outside entities describing the extent of the breach.

4) The process used by Equifax to inform members of the public that taxpayer identification numbers, email addresses, and drivers' license information has been breached.

Senator Warren and fellow committee member Sen. Mark Warner (D-VA) have concurrently introduced the Data Breach Prevention and Compensation Act, which will hold credit reporting agencies accountable for data breaches - fining them $100 for each customer who had one piece of personal data stolen, and $50 for each additional set of compromised data. 

Had this law been in effect during the 2017 breach, it would have cost Equifax billions. 

Following the disclosure of the hack, Equifax canned several executives, including CEO Richard Smith - who is set to receive an $18 million bonusSmith was replaced by interim CEO Paulino do Rego Barros Jr. 

In the weeks following, Mr. Smith and Mr. Barros appeared before congressional committees to discuss the breach; Mr. Barros stated that the company quadrupled spending on security and updated its security tools since the breach. -WSJ

Last month, Equifax launched a free service to allow consumers to "lock and unlock" their Equifax credit report in an effort to beef up security. 

In a world of flashing headlines and information overload, let the fact that nearly half of America had sensitive information stolen by hackers - a breach which will have serious and lasting effects on both consumers and banks whose fraud prevention departments will be working overtime for years to come.

Comments

whatswhat1@yahoo.com InjectTheVenom Sun, 02/11/2018 - 16:59 Permalink

There is a class action suit against these frauds.  Don't bother signing up unless you enjoy being circle jerked.  Lawyers and .INC team together to make claims virtually impossible to file.  Lawyers get their third. .INC keeps the rest of the fund. .GOV does jack shit. I've seen this before and I'm sure I'll see it again. Same shit. Different day.

In reply to by InjectTheVenom

overbet Miss Expectations Sun, 02/11/2018 - 14:42 Permalink

Yummm Russian hookers.

 

I had a uniform cop show up at my place about 6 months ago. He told me that the in another state, Utah, the Salt Lake police arrested a known violent criminal with gang associations that had a picture of my drivers license, debit card and social card on his phone. They contacted my local department to warn me. Apparently, the truck I drove to Utah to purchase from a dealership leaked my info. Nothing is safe. 

In reply to by Miss Expectations

whatswhat1@yahoo.com overbet Sun, 02/11/2018 - 18:52 Permalink

 

There are very few women who I would trust with a setup like your wife has.  Most women are generally scared being home alone. I'd be nervous coming home after a late night out knowing the gun was within arms length.  I think you should setup some type of code, like yelling AH-EU-GA!, as you open the door a crack.  Best of luck.

In reply to by overbet

chunga Lost in translation Sun, 02/11/2018 - 14:51 Permalink

IMO you shouldn't have to. The esteemed senators on the banking fraud committee should have ordered equifax to "lock" all of this back when this started. If I remember right the execs of the company sold a bunch of stock before this became public, another insult.

I'm pretty sure most of these effected consumers never engaged equifax for anything, their information was harvested and aggregated for profit without their consent and the grubby company should therefore be held responsible for all losses that result from their mishandling of this info on top of covering it up, insider trading etc. 

In reply to by Lost in translation

Bemused Observer Lost in translation Sun, 02/11/2018 - 15:47 Permalink

I'm not 'doing' anything about it either. It's not my fucking problem. I'm done with 'fixing' this and that, updating this, putting a hold on that, checking about the other thing, and my favorite, 'monitoring'. Like why the fuck am I wasting MY time doing all this shit? I didn't set any of this shit up, THEY did...let THEM "monitor" it!

I do NOT conduct ANY official business online...period. So I don't have to 'monitor' anything, I'll tell you right off the bat...If it, or any part of it, involved a computer and a log-in, it didn't come from me.

There, I've now made it easy-peasy to protect myself from internet threats...and I can state, truthfully and factually, that ANY issue involving an online account in my name is FRAUD, because I don't HAVE any.

I'm reclaiming all of my stolen time. But instead of continuing to screw about with all this 'security monitoring' and the forced wasting of MY time dealing with it (for which I'm not being paid), I've just decided to adopt the Alexandrian approach of just whipping out the ol' sword and parting that problem like the Red Sea...One and DONE!

You know, our progress to an industrialized world was supposed to free up more of our time, because time is what you need to put talent, and money, to work. Rob someone of their TIME, and force them to spend what's left on surviving, and that is a person who is going NOWHERE. His talents and money notwithstanding, he will remain gummed-up because he can't do what he needs to in the time he has left in that hard-limit 24 hour day.

The move to digital has actually allowed the trend to more free time to reverse, and to do so under the guise of an even greater 'progress'. Soon so much of our day will be occupied with the petty tyranny of a thousand and one added 'tasks'...things that now must be done in order to do other things. Chipping away at a few minutes here, a few there, until you look at the clock and realize how much you still have to get done today.

Without free time, progress and development stop dead. Everyone is worried about TPTB stealing their money and their STUFF...I am suggesting that people ought to be more upset at the theft of their time, and either begin demanding to be compensated for it, or refuse to spend it doing all that petty shit involved in 'security'. This is the system THEY set up, since when is it OUR job to see to security? If it isn't secure, maybe they shouldn't be using it at all, huh?

In reply to by Lost in translation

Shift For Brains Bemused Observer Sun, 02/11/2018 - 17:09 Permalink

Logged in just to say you have nailed it 100%. They want you to believe if they lose your info it is your problem becuase it's your identity. We need to start making it THEIR problem to lose information. Endless hours cleaning shit up, talking to sub-morons who couldn't help you even if they wanted to, more middlemen to"assist' you in dealing with countless chores, more often than not made necessary by the same orgs and individuals who who can't find their ass with both hands.

Fuck 'em all. And if you have your identity stolen and you can't get them legally, max out EVERYTHING you can and hide it or give it away. Time to make those responsible have some skin in the game rather than an $18 mil payout for fondling yourself when you're supposed to be running a company.

In reply to by Bemused Observer

Bemused Observer Shift For Brains Sun, 02/11/2018 - 17:48 Permalink

Yes! I'm always glad when I hear from others who have observed the same things I notice. What I think needs to be done is to draft some new rules regarding property rights on the internet. We the People have every right to ownership of our own info, especially since information is a very real commodity these days. And look how many are already using that info to profit! Info they have no rights to sell, info that rightfully belongs to YOU.

If we are going to use this digital realm, then we must ensure that the same basic rules are in place as are in any other markets and venues.

If they won't, then refuse to play. But I'd love to see a lawsuit to establish the clear legal right to refuse to participate in 'digital' venues. Obviously, for a global surveillance system to work, everyone must participate...there can be no other places to 'go'. And they push, push, push this shit, but I have seen no attempts to LEGALLY force people to use an online venue for their finances, or for any dealings with govt. agencies. So far, they've been able to keep the 'persuasion' as gentle, as quiet as can be, touting the virtues of 'paperless billing' and such. But they are going to hit a wall with some of us...what will they do then?

Be interesting to hear their arguments...In the brief time they've been 'digital', they've managed to lose the info of HALF the fucking country. I don't see how they prevail...THAT'S why I think we haven't seen any attempts to bully this in yet. The system they need and want is no way ready for prime time, and they know it. And it's getting worse quickly, and they have got to realize the window is closing fast here. Their only hope is a big tech push, something 'wow-ey' to lure them in...but apparently the masses weren't too impressed with the facial recognition technology, or the ability to superimpose animal faces on your selfies. The thousand dollar price tag didn't go over well either.

I am personally forcing anyone who wishes to conduct any type of official business with me to do so the old-fashioned way...by mail. Everything in writing and on paper in my possession...that's how it will be. I will simply refuse to do anything any other way. If they aren't happy, then THEY can initiate action trying to force me. And I will then force them to escalate until we reach the point where they must charge me with something or STFU.

Then THEY can pay for my lawyer, and we're on like Donkey Kong.

In reply to by Shift For Brains

Withdrawn Sanction Bemused Observer Sun, 02/11/2018 - 17:11 Permalink

"You know, our progress to an industrialized world was supposed to free up more of our time,..."

Or so we were lead to believe.  Time burglars like FB, Instachat, Snapgram, etc. serve at least 2 ulterior motives. The first is to keep the users occupied w/piffle so they'll be less inclined to notice the sh*tshow going on outside their front doors.  The second is to harvest information profiles for both targeted consumerism and state abuse.  

One wonders about the wisdom of the second however, given that most people I've encountered in real life who also have a social media presence are 2 entirely different people.  Their on-line personae are, shall we say, at variance w/their real personae. 

The harvesting of your credit profile information serves both purposes well since your profile is not reliant on your own direct input.  Freezing your profiles, while potentially tedious, is one small way to reduce profit in the system.  And before you say it, everyone does not need to participate for it to be effective.  Top line revenue losses fall almost straight to the bottom line in high fixed-cost industries.   

Help starve the beast.  Freeze your credit profiles at all 3 agencies.  Now.  

In reply to by Bemused Observer

Endgame Napoleon karenm Sun, 02/11/2018 - 15:36 Permalink

I worked in credit processing for a minute, but I was not a “culture fit.” A lot of emphasis was placed on Halloween dress-up parties and the like. As with all mom-dominated back offices in financial services, you do not want to be the only childless employee in a building full of frequently absentee moms, working for $10 per hour, willingly, due to 1) spousal income, 2) child support that covers rent or 3) layers of monthly welfare that cover rent and food and a refundable child tax credit that used to max out at $6,444 before RepubliCONs doubled it in their tax “reform” bill. The bonus there for avid participation in silly, juvenile, mom-bonding activities was well under $50 if you were the winner of one of their mom-themed contests, not $18 million. 

In reply to by karenm

SixIsNinE StychoKiller Tue, 02/13/2018 - 00:53 Permalink

men only learn from repetitious renditions of repeated examples of how we can get screwed over.

 

JFK RFK MLK and millions of other USA people who have died young with much more to give ....

the Wave of Luciferianism is running thin and weak.  eating a baby from the daughter that the mother made happen inorder to sacrifice it is an abomination that will end if we speak to each other that it's time to end it. 

In reply to by StychoKiller

TeethVillage88s karenm Sun, 02/11/2018 - 16:09 Permalink

Wait Banks are not Safe.

- I am Charged $1 a month for Protection Money on Savings Account

- Banks have ID Fraud each week for years, it takes months to fix this shit

- Point is that We citizens experience loss, wealth loss, fraud, and the System is corrupt, systemic corruption is clear

- Banks are not Safe for our Money, but TPTB want to outlaw cash, Bitcoin, limit cash withdrawals, get paperwork on Set amounts of purchases or withdrawals... FACTA Laws... Foreign Banks refuse to do business with intrusive System in USA and shut out Citizens who live or work overseas in some cases... Economic Freedom Reduced by FACTA & US Surveillance Systems, US Banking System, US Banking Regulators, Police Records & Data Records on all Citizens from Anglo Countries transferred to all countries for use in their hotels, tourist industry, travel industry, transportation industry, and ports

In reply to by karenm