Archive for Equifax

BREAKING: Former Equifax Exec Charged With Insider Trading

Posted in Commentary with tags on March 14, 2018 by itnerd

You might remember that the feds, specifically the SEC were looking at execs at Equifax who on the surface dumped shares in the company before it became public that the company was pwned in epic fashion by hackers. Now It seems that a former CIO of an Equifax business unit has been nailed by the feds for doing just that:

According to the SEC’s complaint, Jun Ying, who was next in line to be the company’s global CIO, allegedly used confidential information entrusted to him by the company to conclude that Equifax had suffered a serious breach.  The SEC alleges that before Equifax’s public disclosure of the data breach, Ying exercised all of his vested Equifax stock options and then sold the shares, reaping proceeds of nearly $1 million.  According to the complaint, by selling before public disclosure of the data breach, Ying avoided more than $117,000 in losses.

“As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” said Richard R. Best, Director of the SEC’s Atlanta Regional Office.  “Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.”

Here’s the thing. When the feds charge you with insider trading, you’re likely going to the big house as your chance of defending yourself isn’t very good. So I hope this fellow has his affairs in order.

Oh, other execs whether they be current or former ones might want to put their lawyers on speed dial because the press release that I linked to above indicates that the investigation is still ongoing. Which means more Equifax types might be facing the same treatment in the near future.

Advertisements

Equifax Says That More People Were Affected Than Previously Thought

Posted in Commentary with tags on March 1, 2018 by itnerd

Bad news if you’re following the Equifax story. Apparently the company has now said that 2.4 million more people were affected in that epic pwnage from last year. That’s the second time they’ve had to revise the number of people affected by this upward:

Equifax said all affected users will be notified, and emphasized that these findings aren’t the result of any new hacks.

“This is not about newly discovered stolen data,” said Paulino do Rego Barros Jr., interim CEO at Equifax. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.”

The latest disclosure shows just how bad the company was hit. In September, initial reports said 143.3 million Americans were affected. By October, it had gone up to 145.5 million. The new total is 147.9 million. 

I think its safe to say that they have no clue how many people are truly affected by this. That should scare you. And it should highlight this fact via Senator Elizabeth Warren:

I agree. Equifax cannot be trusted and as a result must be held accountable.

Equifax: It’s Worse Than Was Previously Thought

Posted in Commentary with tags on February 12, 2018 by itnerd

It appears that in the shadow of a probe into the pwnage of Equifax being shelved, news is appearing that seems to indicate that the pwnage was worse than first thought:

The credit reporting company announced in September that the personal information of 145.5 million consumers had been compromised in a data breach. It originally said that the information accessed included names, Social Security numbers, birth dates, addresses and — in some cases — driver’s license numbers and credit card numbers. It also said some consumers’ credit card numbers were among the information exposed, as well as the personal information from thousands of dispute documents.

However, Atlanta-based Equifax Inc. recently disclosed in a document submitted to the Senate Banking Committee, that a forensic investigation found criminals accessed other information from company records. According to the document, provided to The Associated Press by Sen. Elizabeth Warren’s office, that included tax identification numbers, email addresses and phone numbers. Finer details, such as the expiration dates for credit cards or issuing states for driver’s licenses, were also included in the list.

The additional insight into the massive breach was first reported by the Wall Street Journal.

Equifax’s disclosure, which it has not made directly to consumers, underscores the depth of detail the company keeps on individuals that it may have put at risk. And it adds to the string of missteps the company has made in recovering from the security debacle.

This is exactly why a deeper investigation needs to be done. It is becoming clear that Equifax really dropped the ball here and consumers are really at risk. Thus understanding why that happened and what can be done to avoid in the future would be a good idea. Not only that, I’m pretty sure that someone needs to be held accountable over at Equifax over this. By that I mean some stiff fines and perhaps some time in the clink. But that will only happen if this issue is thoroughly investigated.

Feds Pull Back From Full Scale Equifax Probe…. WTF?

Posted in Commentary with tags on February 5, 2018 by itnerd

Reuters is reporting that the new head of the CFPB (aka: Consumer Financial Protection Bureau) is pulling back from a full-scale probe of how Equifax failed to protect consumer data in its breach affecting 145.5 million Americans.

All together now…. WTF?

This is the dumbest thing I have ever seen. About half the American population gets affected by the most epic pwnage the world has ever seen and the US Government doesn’t want to step in and protect their citizens? That’s just mind blowing. It basically means that there is no hope whatsoever when it comes to holding companies who get pwned accountable for getting pwned. Which means that the average person is pretty much on their own. Hopefully Americans remember that when they go to the polls is their mid-term elections this November.

Yahoo And Equifax Apologize To Congress For Being Pwned In Epic Fashion

Posted in Commentary with tags , on November 8, 2017 by itnerd

Equifax and Yahoo are two companies that have been pwned in spectacular fashion over the years. And in both cases, they really haven’t fully stepped up to take responsibility for that pwnage. Today both Marissa Mayer who is the ex-CEO of Yahoo and Richard Smith who is the ex-CEO of Equifax along with current CEO Paulino do Rego Barros, Jr. were in front of Congress today in the public flogging known as a Congressional Hearing to say “sorry”:

Mayer opened her testimony with an apology, pointing out that Yahoo had been hit by a sophisticated attack from Russian hackers, one that even the best security couldn’t have stopped.

“These thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users,” Mayer said.

And:

Equifax’s interim and former CEO apologized for the company’s failures and touted all the tools it’s offered to victims affected by the breach. That includes a credit-monitoring app that will be available in January and free credit locks from the company.

“We did not meet the public’s expectations, and now it’s up to us to prove that we can regain their trust,” Barros said.

However, sorry doesn’t cut it with Congress. When mid-term elections are a year away, it REALLY doesn’t cut it as evidenced by this:

Seemingly unsatisfied by most of the solutions offered by the company—beefing up their security and improving customer relations—Sen. Nelson insisted more work was required. “It’s going to take an attitude change among companies such as yours, that we’ve got to go to extreme limits to protect our customers’ privacy.”

Well no kidding. I’ve said for a while that if a company gets pwned and data gets stolen, the company must face some sort of penalty that not only severely hurts the company in question, but sends a message to other companies that pwnage is not acceptable. The question is, will that actually happen. I guess if you’re American, it’s time to call your Congressman and Senator to make sure it does because the next epic hack will happen unless companies are forced to beef up their defenses.

Equifax Won’t Be Getting That $7 Million Contract From The IRS….. For Now

Posted in Commentary with tags on October 13, 2017 by itnerd

Politico is reporting that the $7 million dollar contract that the IRS gave Equifax to do fraud prevention…. Yes that same Equifax that was pwned in epic fashion…… Has been suspended:

The IRS plans to continue reviewing the security of Equifax’s systems during the suspension. The agency had previously said its hands were tied and it had to keep the contract with Equifax.

“The IRS emphasized that there is still no indication of any compromise of the limited IRS data shared under the contract. The contract suspension is being taken as a precautionary step as the IRS continues its review,” agency spokesman Matthew Leas said in a statement.

What could they possibly be reviewing? This is a company that had such craptastic IT practices that it was on the wrong end of the most epic pwnage in history. If that’s not of a reason to steer clear of them, I do not know what would be.

Sometimes, you have to just shake your head.

Equifax Pwnage Gets Worse…. Much Worse

Posted in Commentary with tags on October 12, 2017 by itnerd

The hits keep coming from the saga of Equifax getting pwned in epic fashion. First up is this story that a reader pointed me towards:

Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to contest what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp:centerbluray.info that looked like this:

He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the control of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he’d see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.

Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. 

Wow. Now when the post that I linked to went online, the attacks stopped. So it is possible that Equifax got control of things again. But the fact that this even happened suggests that these clowns have learned nothing from being pwned.

But I’m not done yet. It now seems that as part of the epic pwnage of Equifax 10.9 million U.S. driver’s licenses were stolen: 

10.9 million U.S. driver’s licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers’ records, though only 693,665 among them had enough info in the system for the breach to be a real threat to their privacy. Affected customers provided most of the driver’s licenses on file to verify their identities when they disputed their credit-report information through an Equifax web page. That page was one of the entry points the attackers used to gain entry into the credit reporting agency’s system..

The higher amount of UK customer info that was swiped was something that I told you about yesterday. But the 10.9 million drivers licenses is new. That sort of information could cause havoc for years. I truly feel that we are still just learning how bad this pwnage was and perhaps (though unlikely) not even Equifax truly knows how much they were pwned. And we may never find out for sure. But every detail that does come out shows that this is bad….. And getting worse.