Thursday, September 7, 2017

Last Call For Checkmating The Credit Checkers

It was only a matter of time before hackers hit the Holy Grail of data jackpots: consumer credit agency Equifax was nailed by a breach that could have essentially exposed everyone with a credit record in the US.

Equifax, a provider of consumer credit reports, said it experienced a data breach affecting as many as 143 million US people after criminals exploited a vulnerability on its website. The US population is about 324 million people, so that's about 44 percent of its population.

The data exposed in the hack includes names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers. The hackers also accessed credit card numbers for 209,000 US consumers and dispute documents with personal identifying information for about 182,000 US people. Limited personal information for an unknown number of Canadian and UK residents was also exposed. Equifax—which also provides credit monitoring services for people whose personal information is exposed—said the unauthorized access occurred from mid-May through July.

"Criminals exploited a US website application vulnerability to gain access to certain files," Equifax said in a statement late Thursday, without elaborating. That leaves open a wide range of possibilities, with injection bugs, faulty authentication mechanisms, and cross-site scripting vulnerabilities topping the list of the most widely exploited website flaws.

This isn't the first time a garden-variety website flaw has been exploited to obtain a massive amount of sensitive data. Associates of Albert Gonzalez, a convicted hacker who was sentenced to 11 years in federal prison, exploited a SQL-injection flaw that helped them obtain data for 130 million credit cards. On Wednesday, exploit code for a nine-year-old code-execution vulnerability in Apache Struts 2—a software framework used by many large financial service websites—went public, but there was no immediate indication that the Equifax site uses it.

You read that right. One hundred forty-three million credit records exposed.  Equifax is offering free credit monitoring to anyone affected, but that's pretty much everyone in the US with an Equifax credit file.

Which is, you know, anybody who ever had a credit card or loan application in the last 25 years.

Needless to say, you should consider your identity compromised and should take steps.

Until the next massive data breach, that is.  If you're wondering about consequences for Equifax's corporate leadership, well...let's just say they knew what was coming and acted in their own self-interest.

Three Equifax Inc. senior executives sold shares worth almost $1.8 million
in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers.

The credit-reporting service said late Thursday in a statement that it discovered the intrusion on July 29. Regulatory filings show that three days later, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 pre-scheduled trading plans.
In other words, they knew for over a month and didn't tell anyone, and sold shares before revealing the breach and the crash of Equifax stock.

Because corporate America.

Sure hope the credit records for these three aren't compromised, ya know?  That would be a shame.

Understanding Donald

Looks like Sen. Chuck Schumer, Rep. Nancy Pelosi and the Democrats in Congress finally realized the best way to get Trump to do something is "couch it as revenge against those who wronged you" and voila!

President Trump and Senate Minority Leader Charles E. Schumer (D-N.Y.) have agreed to pursue a deal that would permanently remove the requirement that Congress repeatedly raise the debt ceiling, three people familiar with the decision said.

Trump and Schumer discussed the idea Wednesday during an Oval Office meeting. The two, along with House Minority Leader Nancy Pelosi (D–Calif.), agreed to work together over the next several months to try to finalize a plan, which would need to be approved by Congress.

One of the people familiar described it as a “gentlemen’s agreement.”

The three people spoke on the condition of anonymity because they were not authorized to discuss details of the meeting.

Senate Democrats hope they will be able to finalize an arrangement with Trump by December.

On Thursday, Trump was asked by a reporter at the White House about abolishing the congressional process for raising the debt ceiling. He replied that "there are lots of good reasons to do that."

"It could be discussed," Trump said. "For many years, people have been talking about getting rid of [the] debt ceiling altogether."

He confirmed during the exchange with reporters at the White House that the issue was discussed during his meeting with congressional leaders on Wednesday.

Of course the corollary to this is "Trump will immediately screw you over on any deal you make with him" so of course this is going to fall apart well before December, but in the meantime Trump loses nothing to piss off Republicans who didn't get Trumpcare passed, because that's how America's government works now.

Whoever can babysit Tang the Conqueror and make him think everything is his brilliant idea to begin with wins.

Related Posts with Thumbnails