KOMMONSENTSJANE – SCHIFF AND FLAKE ARE WORRIED ABOUT FACEBOOK WHAT ABOUT EXPERIAN/EQUIFAX HACKS?

Posted on March 19, 2018 by kommonsentsjane

It looks like Democrat Russian schill, Rep Adam Schiff, and Elite Repub Russian schill, Senator Jeff Flake, have forgotten about the
Experian data hack of October, 2015, which affected 15 million people and the Equifax data hacked data belonging to 145 million Americans was stolen which included social security numbers, credit card numbers and addresses under the watchful eyes of propagandists, John Brennan and James Clapper, of the Obama administration and still on the government intelligence payroll in 2017.

Betcha the Democrats used this info for the 2016 election. Strange we haven’t heard anything about either of these massive hacks. It looks like it is very easy to hack into these large data bases since Brennan and Clapper were in charge – thank goodness they are gone now.

*********************

Experian data breach affects 15 million people including T-Mobile customers

Experian data breach affects 15 million people including T-Mobile customers

By Robert Hackett
October 1, 2015

Credit reporting agency Experian said Thursday that data breach at one of its business units may have compromised the personal records of about 15 million people including customers of T-Mobile.

A hacker or hackers appear to have obtained access to an Experian server—one that is not a part of its consumer credit bureau, the company said—that hosted the personal information of people who applied for the carrier’s services between Sept. 1 2013, and Sept. 16, 2015. The information accessed included names, addresses, Social Security numbers, dates of birth, driver’s license numbers, and passport IDs, Experian said. It added that “no payment card or banking information was obtained.”

Experian said it discovered the intrusion on Sept 15, 2015.

“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” said T-Mobile CEO John Legere in a letter to customers posted on the company’s website. “This is no small issue for us.”

Legere added that the breach did not affect T-Mobile’s own network. He also said that his company will offer two years of free credit monitoring to victims of the attack—ironically, through Experian, which markets the services with the tagline : “A name you can trust.”

Some commenters pointed out the irony on Twitter.

Experian, based in Costa Mesa, Calif., is one of the top credit reporting agencies alongside Equifax (efx, -0.36%) and TransUnion. According to federal credit laws, companies like Experian must maintain historical records of applicant data for at least 25 months.

A couple of years ago, the independent investigative journalist Brian Krebs called out Experian for selling data to an identity theft service.

Experian gave no hint about who may have accessed its customer data, other than to say it was “an unauthorized party.”

“We do not know who the criminals were behind this incident,” the company said. It added that “there is no evidence that the data has been used inappropriately,” and that it is working with law enforcement on the matter.

Experian said the data had been encrypted. But it added that it may have been compromised.

************************

https://www.foxbusiness.com/markets/equifax-hack-what-we-learned

Equifax hack: What we learned

Published December 27, 2017

Fmr. Equifax CEO accepts blame for mega hack in congressional hearing

Rep. Greg Walden (R-Ore.) discusses the congressional hearing, in which former Equifax CEO Richard Smith testified about the hack that may have breached the personal information of about 145.5 million Americans.

While 2017 was riddled with cyberattacks, including at the U.S. Securities and Exchange Commission (SEC) and global accounting firm Deloitte, the Equifax (NYSE:EFX) hack may take the cake in terms of both scale and consequence.

When unauthorized third parties gained access to one of Equifax’s portals, thanks to its failure to patch a software vulnerability, the personally identifiable information of more than 145 million consumers was compromised. That data included, among other things, Social Security numbers, birth dates and driver’s license numbers.

As experts grapple with improving online security, here are the lessons we learned from the Equifax breach.

You could be compromised for life

Due to the nature of the information obtained through the Equifax hack, compromised individuals are always going to be at risk online.

Social Security numbers and birth dates, for example, are two pieces of information that individuals do not have the power to change once they have been breached. So, once that information is out there, it will always be out there, and victims will be at the mercy of cybercriminals.

Social Security numbers are outdated

At every congressional hearing held by lawmakers, expert witnesses and CEOs agreed that the Social Security number is outdated. Even the White House has said that a new method of personal identification must be introduced.

“I feel very strongly that the Social Security number’s outlived its usefulness,” Rob Joyce, White House cybersecurity coordinator, said during a Washington Post conference in October. “It’s a flawed system. If you think about it, every time we use the Social Security number [we] put it at risk.”

While no formal solution has been publicly proposed, former Equifax CEO Richard Smith and a series of experts cited a public-private system as a viable option to improve security.

Joyce proposed a security system that uses a public and private key, or two random sets of numbers – one that is shared publicly and the other is kept secret by the owner. The two keys are mathematically related, so something encrypted and sent to the public key can only be turned back to its original form using the private key, for example.

Response time matters

Equifax said it discovered the breach in late July, but it did not notify the public until September. That raised concerns both among consumers, and lawmakers, especially since it’s Equifax’s job to protect consumer credit data.

Meanwhile, Uber waited a year to disclose a hack that it intentionally tried to hide from the public by paying hackers $100,000 to cover it up.

Events this year have brought the disclosure process for cyberattacks into the forefront of the national cybersecurity discourse.

SEC chair Jay Clayton has said the disclosure rules could use a rework. Three Democratic senators introduced a bill that would require companies to report any breach within 30 days, while deliberately attempting to conceal a hack could result in jail time for company executives.

However, Equifax didn’t just face criticism over its response time. On top of that, it engaged in a series of blunders as it laid out services for consumers to check whether their information had been stolen, including requiring them to agree to a clause stating that they wouldn’t join a class-action lawsuit against the company. That stipulation was removed after widespread public outrage. These missteps inflicted an additional layer of damage on the company and its reputation.

Consumer control may be the future

Former Equifax CEO Richard Smith and interim CEO Paulino do Rego Barros suggested that the future of data security at their company, and at other credit reporting agencies, may require them to relinquish control to the consumer. Equifax is working on a tool, expected to be available next month, which will allow consumers to lock their credit data for free, for life.

Barros acknowledged that Equifax currently owns consumer credit data, despite the fact that consumers have no choice in whether their information is collected and held by the company.

***********************

How Equifax Kept Its Mega Breach Secret From Its Own Staff

Thomas Fox-Brewster, Forbes Staff 

Equifax, the consumer credit reporting agency, was hacked in 2017, when data belonging to over 145 million Americans was stolen, including social security numbers, credit card numbers and addresses.

Did Equifax keep the massive 2017 data breach hidden from some of its own staff? That’s just one claim dropped by the SEC in its complaint against a former executive, international chief information officer Jun Ying, who’s been accused of insider trading after he sold stock just before the massive hack affecting 147 million individuals was publicly disclosed.

A source close to the Equifax breach confirmed that some staff were not informed of the real name of the victim as the company tried to compartmentalize what was known in the buildup to the public release. But, the source said, it was standard practice and nothing resembling a cover-up.

According to the SEC’s complaint, Equifax set up two separate operations — Project Sierra and Project Sparta – to deal with the breach. Project Sierra was the name given to the overall response to the attack, which led to the loss of social security numbers, credit card information and other personal data of customers. Those on the Sierra team were told to keep their work secret from anyone outside of Equifax’s “crisis action team,” the SEC said. The group’s work involved changing administrator passwords and other remediation efforts, according to the regulator’s account.

But it was Project Sparta, kept entirely separate from Sierra, that was required to be kept in the dark about the victim of the hack. On the one hand, the SEC said “they were tasked with setting up a website for consumers to determine whether they were affected by the breach, developing a suite of protective tools for consumers and staffing call centers.” But they weren’t told it was Equifax that was the real victim, according to the SEC, which wrote: “Those Equifax employees who were only part of Project Sparta were not told that Equifax had been breached, but were instead told that they were working for an unnamed client that had experienced a large data breach.”

In an internal email, Ying was one of those told that Equifax was working on a “VERY large breach opportunity” that needed a ramp-up in resources and a quick turnaround in response, the regulator wrote. But Ying started to figure out that Equifax was the one breached, the SEC wrote, noting that a month after Equifax started investigating the hack, in late August 2017, he texted a colleague: “On the phone with [global CIO]. Sounds bad. We may be the one breached… Starting to put 2 and 2 together.”

That same month, the SEC claimed Ying had searched for information regarding a breach at Equifax competitor Experian from 2015. “Within an hour of running the internet searches regarding the September 2015 cybersecurity breach of Experian, Ying accessed his company-sponsored stock plan account with UBS Financial Services, Inc., exercised all of his vested options to buy Equifax shares, and then immediately sold those Equifax shares for total proceeds of more than $950,000,” the complaint read.

The SEC has claimed Ying’s trading saved him more than $117,000 in losses, which he would’ve incurred if he hadn’t sold until after the breach news became public and Equifax shares dropped. By basing his decision to sell on nonpublic information entrusted to him by Equifax, Ying’s actions were “deceptive and fraudulent,” the SEC wrote.

‘Need-to-know basis’

A source close to Equifax confirmed to Forbes that employees working on Project Sparta were not informed of the true identity of the victim company, but said this was typical practice. For instance, when Equifax is working with a client on a data breach, those employees working on consumer tools and protective measures would not be informed of the customer’s identity until it went public. Only those who needed to know were told Equifax was the affected party; this was also standard and not in any way a cover-up, the source said.

But there was one problem, cited by former SEC supervisory trial counsel David Axelrod, that such an approach caused: Anyone working in or alongside the Project Sparta team was not informed of the share trading blackout enforced on the Project Sierra workforce. Equifax couldn’t tell employees (such as the accused) about the blackout without giving away its status as a victim, and finding the balance was a tricky question for the company, noted Axelrod, now a partner at law firm Ballard Spahr. “I think Equifax’s heart was in the right place,” he said. “It seemed like Equifax was trying to do the right thing, but probably the safer thing would’ve been to go broader [with the fact it was breached].”

Of the charges against Ying, Equifax’s interim chief executive officer, Paulino Do Rego Barros Jr., said: “Upon learning about Mr. Ying’s August sale of Equifax shares, we launched a review of his trading activity, concluded he violated our company’s trading policies, separated him from the company and reported our findings to government authorities. We are fully cooperating with the DOJ and the SEC, and will continue to do so.”

Ying’s attorney could not be reached at the time of publication, but declined to comment to the Washington Post. He’s also facing a federal charges from the Department of Justice after an investigation by the FBI.

*******************

It looks like hacking into the credit bureau data bases is a “walk in the park.” Computer business is a big thing because insider workers can make millions of dollars selling this information every day of the week and nothing happens to them.

Therefore, how can this be changed to protect the people’s information?

kommonsentsjane

Unknown's avatar

About kommonsentsjane

Enjoys sports and all kinds of music, especially dance music. Playing the keyboard and piano are favorites. Family and friends are very important.
This entry was posted in Uncategorized and tagged . Bookmark the permalink.

Leave a comment