Equifax is one of the “big three” credit reporting companies. As such, they are charged with an immense amount of highly sensitive personal and financial information. Hot on the heels of hacker/info broker DoubleFlag’s latest attack on Experian, the credit reporting world has once again faced a major breach with some 143 million consumers data compromised. The latest hacking is the biggest since the Yahoo info grab of last year that resulted in up to 1.5 billion users’ information jacked.
Unlike previous attacks, according to the <i>Wall Street Journal</i> today “the attackers in one swoop gained access to several pieces of consumers’ information that could make it easier for the attackers to try to commit fraud.” Customer names, Social Security numbers, birth dates and addresses are among the identifying information absconded in the most recent attack.
<h2><strong>
<a href=https://www.wsj.com/articles/equifax-reports-data-breach-possibly-impacting-143-million-u-s-consumers-1504819765>EQUIFAX MAJOR HACK</a></h2></strong>
“This is the nightmare scenario-all four pieces of information in one place,” former Equifax manager and credit specialist told <i>WSJ</i>.
Equifax has reported the exploit to law enforcement and is working witha cybersecurity firm to run a forensic investigation as well. It may be unnerving to some that they had known about the breach since the end of July but the news is just now making it out into the mainstream. It could always be worse though.
Just last December, Experian, and WhoIs were hit hard. DoubleFlag was selling the bulk of the Experian database (over 200 million accounts) for 0.8082 Bitcoin which was at the time $600 USD. A small price to pay for such sensitive info. In the case of the Equifax hack, full name, full address, gender details, telephone contact information, birth date, CRA income classification code, income details, credit rating, ethnicity, religion and more were literally auctioned off on the Dark Web.
Experian attempted to keep their embarrassing breach quiet. No mention at their website, quite the contrary, cheery sounding White Papers released with titles like “Has fraud met its match.” After a couple of major hacks, they teamed up with CEB TowerGroup. Initially, Experian denied its servers had been hit claiming they had “thoroughly investigated” the claims and “concluded that these claims are not true.”
“We’ve seen this unfounded allegation and similar rumors before. We investigated it again – and see no signs that we’ve been compromised based on our research and the type of data involved. Based on our investigations and the lack of credible evidence, we consider this an unsubstantiated claim intended to inflate the value of the data that they are trying to sell – a common practice by hackers selling illegal data.”
As is the trend these days with corporations and governments, the plan of “lie, then double down” was employed. They had already been hit in October of 2016 when T-Mobile customer data was stolen. Irish cybersecurity startup Trustev actually first announced discovering the sale of breached Experian data online. The “FULLZ” data (hacker/data broker slang referring to full identifying deets) were
Experian is more than <i>just</i> a credit-checking firm. They are also one of the largest data broker firms in the world. In a world where Big Data is poised to swiftly outmaneuver Big Oil, this is a pretty Big Deal. Hospitals, universities, retailers, employers and insurance companies are some of the top consumers for the anonymised but accurate data packages.
Transunion in 2015 purchased the Irish cybersecurity start up Trustev for an astounding $44 million USD shortly after Experian finally owned up to the data theft uncovered by the Irish cybersecurity firm. Trustev actually turned <i>down</i> a healthy initial offer of $21 million from TransUnion. T-Mobile's John Legere acted quickly moving to TransUnion following the news. At this point, TransUnion’s new slogan might as well be “Trust TransUnion, we’ve got Experian’s data.”
<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">I hear you re: Experian as service protection option. I am moving as fast as possible to get an alternate option in place by tomorrow.</p>— John Legere (@JohnLegere) <a href="https://twitter.com/JohnLegere/status/649716186482016256">October 1, 2015</a></blockquote>
<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
Experian, then Experian again through T-mobile and now Equifax. This all coming hot on the heels as such major exploits as 145 million users at eBay, Heartbleed vulnerability and Sony in 2014. This followed up by US Central Command (attack claimed by ISIL), Ashley Madison, TalkTalk, JD Wetherspoon in 2015. And the list goes on and on and on…
<div style="width:100%;text-align:center;margin:0 auto;"><iframe width="360" height="202" src="https://www.youtube.com/embed/Ka6JDgbru7k/" frameborder="0" allowfullscreen></iframe></div>
Ah well, maybe Equifax can take a cue from (equally breached) competition at Experian. Just ignore the breaches, claim they didn’t happen and then offer “boogey-man insurance” making objectively impossible claims that reference your most recent faux pas. Yes, that’s right, after Experian’s “oopsie” their marketing department decided the best bet would be to make a commercial <i>referencing</i> the recent “dark web” auction of their customer’s data <i>while</i> claiming they can (and do) “monitor” [the entire?] dark web to protect their customers’ data.
Currently, the “AskEquifax” twitter profile seems to be experiencing some radio silence, so maybe that’s actually in the works.
<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Have a good evening! We’ll return tomorrow to help with the answers to your question!</p>— Ask Equifax (@AskEquifax) <a href="https://twitter.com/AskEquifax/status/906004180497813504">September 8, 2017</a></blockquote>
<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Equifax spokesman: "Okay, there's something we need to tell you but first you have to promise you won't be mad." <a href="https://twitter.com/hashtag/equifaxbreach?src=hash">#equifaxbreach</a></p>— Linnaeus (@linnaeus_tweets) <a href="https://twitter.com/linnaeus_tweets/status/906167461518614528">September 8, 2017</a></blockquote>
<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>
Ok, fine Experian, can’t wait to hear how you’ve rousted ISISrecruiting, shut down child pornography and solved the other issues of the deep state since you’re obviously “all on top of this thing.”
"Dark web insurance" eh? I'll take some of that and a side of "bad day insurance."