• Welcome to The Truck Stop! We see you haven't REGISTERED yet.

    Your truck knowledge is missing!
    • Registration is FREE , all we need is your birthday and email. (We don't share ANY data with ANYONE)
    • We have tons of knowledge here for your diesel truck!
    • Post your own topics and reply to existing threads to help others out!
    • NO ADS! The site is fully functional and ad free!
    CLICK HERE TO REGISTER!

    Problems registering? Click here to contact us!

    Already registered, but need a PASSWORD RESET? CLICK HERE TO RESET YOUR PASSWORD!

In Other Disaster News . . . Massive Credit File Breach

J

JayTheCPA

Well-Known Member
Messages
2,306
Reaction score
2,773
Location
Annapolis, MD
Equifax announced that ~143M credit files were compromised and personally identifiable information was stolen.

Translated: this means that pretty much any detail necessary to help identity theft was made available to the thieves. Exactly what data is not exactly clear where indications are that it not only includes SSN and credit (card, mortgage, etc) information, but possibly / probably other details including driver's license number and other historical information (exactly what I personally do not know).

From the 'dont-flame-the-messenger' category . . . It looks like the only real protection at this point is to actually pay a small fee to each of the three credit bureau's (Equifax, Experian, and Transunion) to place a 'freeze' on your credit file. Placing a freeze on the fill will then force you to manually unlock the file(s) when applying for any new credit and then re-lock the file(s). What is not clear to me is whether the freeze will prevent creditors from making their automated normal periodic review of your file unless they coordinate with you first.
 
Charging us for their fk up.

I heard the top brass or whatever they are, kept it under wraps until they could sell of shares.

So are we supposed to say thanks?

(to the credit agencies, not shooting you Jay, lol)
 
So, in reversal, this negligent cyber entity known as equifax has decided 'quietly' to let people sign up for a monitoring deal without you giving out your CC info. Wow. Just wow.

They're gonna pull out all the stops and offer this free for a YEAR. Can barely contain my excitement.

Don't you think a shitface like this should kinda DEFAULT to saving face and the livelihoods of what some people WORK their lifetime to ACHIEVE?

The horse is outta the barn.
 
Never saw where the horse was really in the barn to start with. Ironically, the only segments of the Internet that from what I can tell took security seriously from 'day-1' was the <ahem> 'adult' and gambling segments; financial is arguably in second place.

Just read an article where if anybody went to their alternate web site to check whether that individual's data was actually one of the files compromised, Equifax embedded terms of use language which required that individual to go to arbitration and waive any right to litigate.

Hmmm . . . .

Maybe our grandparents idea of stashing cash in a mattress is not so loony after-all . . .
 
Yesterday, Reuters announced the FTC is investigating Equifax's breach. The FTC does not normally state anything at all about a target of investigation.

And some researchers figured out that in Argentina, Equifax used 'Admin' for both its user ID and password on at least one of its servers. Here in the US, we got stung by Equifax not applying a patch two *months* after it was released.

So, my vote is that Equifax is going to have to pony-up and reach out to all individuals effected by the breach rather than make everybody go to them. IIRC, the ~22M victims of OPM's data theft got much more than 1 year free monitoring, so 'stay tuned' for what Equifax will have to offer.

Were I the CEO of the other two credit bureau's, I'd be sweating and not sleeping until all of my tech's swear that all of the systems are current with guarding against all known exploits and positively identify each and every device in the network as fully patched.



Aside, I hope that our Admins are keeping pressure on TTS's hosting provider for making sure that we are current with system patches. ;)
 
We all get complacent with our passwords. Not changing them, using the same ones, no complexity etc.. But *Admin*?? Wow what a joke.
 
3500GMC said:
We all get complacent with our passwords. Not changing them, using the same ones, no complexity etc.. But *Admin*?? Wow what a joke.
Click to expand...

This has been a problem for years. But, as I work in a Corporate IT setting for my day job, I couldn't sleep at night knowing that was a password to a system that contained that kind of data. My primary system I work on is a cloud based, so we really don't have much control over the hardware.
 
Yeah no doubt. It's literally the 'keys to the kingdom' for a hack when people entrust basically their life to some online 'thingy'. It's all nice and neatly compiled into one spot. Kill millions of birds with one stone.

It's moved way beyond a hacker going after an individual person. Like Jay said, the horse has been outta the barn since the inception, really.

That's where the anger stems from for me, I/we do the best to be a good custodian for stuff and some D-bag(s) pisses it all away with one lame mistake.

Local banks are just as guilty. Even if you chose not to partake in 'online' banking of any kind...They do it for you anyway.
 
Last edited:
3500GMC said:
Yeah no doubt. It's literally the 'keys to the kingdom' when people entrust basically anything to anybody online. It's all nice and neatly compiled into one spot. Kill millions of birds with one stone.

It's moved way beyond a hacker going after an individual person. Like Jay said, the horse has been outta the barn since the inception, really.

That's where the anger stems from for me, I/we do the best to be a good custodian for stuff and some D-bag(s) pisses it all away.

Local banks are just as guilty. Even if you chose not to partake in 'online' banking of any kind...They do it for you anyway.
Click to expand...

I don't do online banking or pay any bills online. If I order anything online I use a credit card and not my banking card. I am still old fashioned and write a check for the majority of Bills that I have. I recently had a SH$T BAG use one of my credit card numbers in GREAT STATE OF CALIFORNIA to make 3 purchases. No offense to you great guys that live there, but that state has its share of SH@T BAGS. One purchase was at a Taco Bell so go DAM figure, they love tacos, I do too. I contacted the credit card company and told them that I had never been to California so therefore it was not I that made the charges. They kindly closed the account and removed the charges like they should do.
 
3500GMC said:
Yeah no doubt. It's literally the 'keys to the kingdom' for a hack when people entrust basically their life to some online 'thingy'. It's all nice and neatly compiled into one spot. Kill millions of birds with one stone.

It's moved way beyond a hacker going after an individual person. Like Jay said, the horse has been outta the barn since the inception, really.

That's where the anger stems from for me, I/we do the best to be a good custodian for stuff and some D-bag(s) pisses it all away with one lame mistake.

Local banks are just as guilty. Even if you chose not to partake in 'online' banking of any kind...They do it for you anyway.
Click to expand...

The banks push online banking on you like crazy. And you are absolutely right. Even if you opt out of online banking, they still set it up whether you want it or not. All your banking info is just setting there waiting on a username and password. That's messed up if you ask me.
 
BigR I hear ya but, even your paper checks are scanned into images and stored on a computer to be accessed by banks..you guessed it.. online. I remember the days when you got all of your endorsed/cashed checks back from the bank in the mail. The U.S. mail.. Where are all the paper checks we write?
 
Last edited:
3500GMC said:
BigR I hear ya but, even your paper checks are scanned into images and stored on a computer to be accessed by banks..you guessed it.. online.
Click to expand...

Yelp you are correct, I can go online and look at the image of the checks for sure.

I had someone to use my debit card one time in a fraudulent manner a few years ago. I was at deer camp on my mind refreshing getaway and my wife called me and said did you make such and such purchases? I told her H$LL no and said to myself son of a BISCUIT, this is all I need to worry about I am in the middle of no where trying to deer hunt. Luckily I called my bank and got everything squared away, when I got back home I had to do some more leg work.

As we all know, this day and age of computers and Hackers, nothing, nothing is safe that is stored on a computer. Computers will be our down fall one way or another.
 
I don't understand how they can be so smart with computers and not put it to work in a good way. I'm sure they would make a lot less money doing it the legal way but there are businesses and part of the federal government that pay professional hackers to try and hack into their stuff just so the businesses and the government know what their weaknesses are.
 
3500GMC said:
BigR I hear ya but, even your paper checks are scanned into images and stored on a computer to be accessed by banks..you guessed it.. online. I remember the days when you got all of your endorsed/cashed checks back from the bank in the mail. The U.S. mail.. Where are all the paper checks we write?
Click to expand...

You are old school if you can remember the canceled checks coming back in the mail for sure. My parents don't even own a debit card and write checks or pay cash for everything they purchase.
 
With a powerful enough computer you can hack anything it just a math problem to a computer with the right software.
 
And the equifax execs part company, chief information officer and chief security officer purportedly "retired". Kept things hush long enough for them to sell off shares and negotiate a severance package. How convenient.
 
Jaryd said:
I don't understand how they can be so smart with computers and not put it to work in a good way.
Click to expand...


And that is the issue. To make a system secure, it is not usable. To make a system usable, it is not secure.

Done properly, it is a constantly changing balance of acceptable and mitigated risk.

Sadly, this balance had tilted for far too long toward usable where IT staff were considered a necessary expense and just a drain on revenue :(


As mentioned, some players are starting to get smart and paying bounties for bugs found and reported to the company *before* reporting to the rest of the world. While the bounty programs are a good step, we should have had something like this when a modem came into the equation and not as the result embarrassment.
 
JayTheCPA said:
And that is the issue. To make a system secure, it is not usable. To make a system usable, it is not secure.

Done properly, it is a constantly changing balance of acceptable and mitigated risk.

Sadly, this balance had tilted for far too long toward usable where IT staff were considered a necessary expense and just a drain on revenue :(


As mentioned, some players are starting to get smart and paying bounties for bugs found and reported to the company *before* reporting to the rest of the world. While the bounty programs are a good step, we should have had something like this when a modem came into the equation and not as the result embarrassment.
Click to expand...

I agree 100%
 
You must log in or register to reply here.
Back
Top