Topic: Equifax Hack - What to do about it... (Read 330 times)
It is good to see that Bitcoin is not the only game in town that has problems with hackers, etc. So the more legacy companies with the problem makes the issues with Bitcoin (scammers who use bitcoin) not appear as big.
I do believe decentralization should be the approach to solve such issues. No central point will be secure enough to not be hacked. Later on, I will write a post on how we are addressing such privacy concerns.
More info from Equifax's FAQ about the incident:
What happened?
We identified a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. We discovered the unauthorized access and acted immediately to stop the intrusion. We promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. We also reported the criminal access to law enforcement and continue to work with authorities.
When did the company learn of this incident?
We learned of the incident on July 29, 2017, and acted immediately to stop the intrusion and conduct a forensic review.
Over what period of time did the unauthorized access occur?
Based on our investigation, the unauthorized access occurred from mid-May through July 2017.
Who and how many people are affected?
This incident potentially impacts approximately 143 million U.S. consumers. We have established a dedicated website, www.equifaxsecurity2017.com, to help U.S. consumers determine if their information has been potentially impacted. As part of our investigation of this application vulnerability, we also identified unauthorized access to limited personal information for certain UK and Canadian residents. We will work with UK and Canadian regulators to determine appropriate next steps.
What information may have been impacted?
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. Criminals also accessed credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers. As part of our investigation of this application vulnerability, we also identified unauthorized access to limited personal information for certain UK and Canadian residents. We have found no evidence that personal information of consumers in any other country has been impacted.
Are Equifax’s core consumer or commercial credit reporting databases impacted?
We have found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
Is the issue contained?
Yes, this issue has been contained.
What was the vulnerability?
Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.
What are you doing to prevent this from happening again?
We have engaged a leading, independent cybersecurity firm to conduct an assessment and provide recommendations on steps that can be taken to help prevent this type of incident from happening again.
What steps should I immediately take?
To determine if your personal information may have been impacted and for steps to protect your information, please visit www.equifaxsecurity2017.com. We recommend that consumers be vigilant in reviewing their account statements and credit reports, and that they immediately report any unauthorized activity to their financial institutions. We also recommend that they monitor their personal information and visit the Federal Trade Commission’s website, www.ftc.gov/idtheft, to obtain information about steps they can take to better protect against identity theft as well as information about fraud alerts and security freezes.
Why am I learning about this incident through the media? Why didn’t Equifax notify me directly?
Equifax issued a national press release in order to notify U.S. consumers of this incident and has established a website, www.equifaxsecurity2017.com, where U.S. consumers can receive further information.
Why was there a delay between when the incident was discovered and the public was notified?
As soon as Equifax discovered the unauthorized access, Equifax acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm which has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Because this incident involves a substantial amount of personal identifying information, the investigation has been complex and time-consuming. As soon as we had enough information to begin notification, we took appropriate steps to do so.
What happened?
We identified a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. We discovered the unauthorized access and acted immediately to stop the intrusion. We promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. We also reported the criminal access to law enforcement and continue to work with authorities.
When did the company learn of this incident?
We learned of the incident on July 29, 2017, and acted immediately to stop the intrusion and conduct a forensic review.
Over what period of time did the unauthorized access occur?
Based on our investigation, the unauthorized access occurred from mid-May through July 2017.
Who and how many people are affected?
This incident potentially impacts approximately 143 million U.S. consumers. We have established a dedicated website, www.equifaxsecurity2017.com, to help U.S. consumers determine if their information has been potentially impacted. As part of our investigation of this application vulnerability, we also identified unauthorized access to limited personal information for certain UK and Canadian residents. We will work with UK and Canadian regulators to determine appropriate next steps.
What information may have been impacted?
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. Criminals also accessed credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers. As part of our investigation of this application vulnerability, we also identified unauthorized access to limited personal information for certain UK and Canadian residents. We have found no evidence that personal information of consumers in any other country has been impacted.
Are Equifax’s core consumer or commercial credit reporting databases impacted?
We have found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
Is the issue contained?
Yes, this issue has been contained.
What was the vulnerability?
Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.
What are you doing to prevent this from happening again?
We have engaged a leading, independent cybersecurity firm to conduct an assessment and provide recommendations on steps that can be taken to help prevent this type of incident from happening again.
What steps should I immediately take?
To determine if your personal information may have been impacted and for steps to protect your information, please visit www.equifaxsecurity2017.com. We recommend that consumers be vigilant in reviewing their account statements and credit reports, and that they immediately report any unauthorized activity to their financial institutions. We also recommend that they monitor their personal information and visit the Federal Trade Commission’s website, www.ftc.gov/idtheft, to obtain information about steps they can take to better protect against identity theft as well as information about fraud alerts and security freezes.
Why am I learning about this incident through the media? Why didn’t Equifax notify me directly?
Equifax issued a national press release in order to notify U.S. consumers of this incident and has established a website, www.equifaxsecurity2017.com, where U.S. consumers can receive further information.
Why was there a delay between when the incident was discovered and the public was notified?
As soon as Equifax discovered the unauthorized access, Equifax acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm which has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Because this incident involves a substantial amount of personal identifying information, the investigation has been complex and time-consuming. As soon as we had enough information to begin notification, we took appropriate steps to do so.
To me it was always obvious that Social Security Number is extremely weak method of authentication, since you have to trust that organization that use it won't fall victim to some data breach. I'm sure that in the future it will be replaced by some system based on public key cryptography, similar to how sites on the Internet can be verified via SSL. And the whole credit system can sometimes be very flawed and lead to economic crisises, which is actually one of the reasons why Bitcoin was created. Also, Bitcoin has very own authentication system, as users can sign messages with their Bitcoin addresses, to prove that they own it and all corresponding coins.
it hacked and same day lauched hellobloom.io same sector same job. and it won't be hacked because of blockchain tech.
You need to be aware that the US Federal Trade Commission has issued an alert on 14September2017 warning of phishing scams related to the recent Equifax breach. Please be aware of phone calls or emails purporting to be from Equifax. Equifax representatives will NOT contact individuals and ask them to verify their information. Additionally, the FTC has issued recommendations for steps you can take to protect yourself from potential identity theft resulting from this breach – please keep reading to learn more.
So what Happened?
Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.
Steps you can take to protect your identity:
Find out if your information was exposed (or assume it was if you’ve ever used credit). Go to Equifax's official website, www.equifax.com, and proceed from there; do not trust other sources.
Even if your information was not exposed in this breach, you can still sign up for a year of free credit monitoring through Equifax.
Check your credit reports from Equifax, Experian, and TransUnion – for free.
Consider placing a credit freeze on your files.
Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
If you decide against a credit freeze, consider placing a fraud alert on your files.
File your taxes early, as soon as you have the information, before a scammer can.
Remember to be suspicious of phone calls and emails asking for your personal information.
So what Happened?
Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too.
Steps you can take to protect your identity:
Find out if your information was exposed (or assume it was if you’ve ever used credit). Go to Equifax's official website, www.equifax.com, and proceed from there; do not trust other sources.
Even if your information was not exposed in this breach, you can still sign up for a year of free credit monitoring through Equifax.
Check your credit reports from Equifax, Experian, and TransUnion – for free.
Consider placing a credit freeze on your files.
Monitor your existing credit card and bank accounts closely for charges you don’t recognize.
If you decide against a credit freeze, consider placing a fraud alert on your files.
File your taxes early, as soon as you have the information, before a scammer can.
Remember to be suspicious of phone calls and emails asking for your personal information.
Jump to: