What is the impact of the Equifax cybersecurity breach on American voters?

  • Context: News 
  • Thread starter Thread starter stoomart
  • Start date Start date
Click For Summary

Discussion Overview

The discussion revolves around the implications of the Equifax cybersecurity breach on American voters, particularly focusing on the exposure of sensitive personal information and the subsequent actions individuals can take to protect themselves. Participants explore the potential long-term effects on identity security and the corporate response to the breach.

Discussion Character

  • Debate/contested
  • Exploratory
  • Technical explanation
  • Conceptual clarification

Main Points Raised

  • Some participants express concern over the vast number of individuals affected, noting that nearly every American voter may have had their sensitive information compromised.
  • There are suggestions for protective actions, including monitoring financial accounts, signing up for credit monitoring services, and registering for fraud prevention with reporting agencies.
  • Several participants criticize Equifax for profiting from the breach through their credit monitoring service, which requires a credit card and may automatically convert to a paid service.
  • Some participants speculate that the breach could lead to a shift towards multi-factor identity assurance systems.
  • Concerns are raised about the effectiveness of Equifax's free check service, with claims that it may provide misleading information regarding data exposure.
  • There are allegations regarding insider trading by Equifax executives, with discussions about the timing of stock sales relative to the breach discovery.
  • Participants highlight the potential legal implications of enrolling in Equifax's monitoring service, noting that it may restrict participation in future class-action lawsuits.

Areas of Agreement / Disagreement

Participants generally express dissatisfaction with Equifax's handling of the breach and the adequacy of their response. However, there is no consensus on the effectiveness of the proposed protective measures or the implications of the executives' actions.

Contextual Notes

Some participants note limitations in the information provided by Equifax's check service, suggesting that it may not accurately reflect the extent of the breach. There are also concerns about the legal language in Equifax's terms of service that could affect individuals' rights.

stoomart
Messages
392
Reaction score
132
This is a big one guys: with 146 million registered voters in the US, losing the SSNs, birth dates, full names, and addresses of 143 million people equates to almost every American voter's sensitive information being compromised. Here are the recommended actions you should take in order of effectiveness, severity, and paranoia:

- Monitor your financial accounts, and ensure they require personal security questions for access.

- Sign up for a credit monitoring service (not owned by Equifax).

- Register with the three reporting agencies for fraud prevention, which requires authorization (usually by phone) to open new accounts.

- Register for a credit security freeze, which prevents new accounts from being opened ("nuculer option").https://securingthehuman.sans.org/b...s-what-to-communicate-about-the-equifax-hack/

https://www.usatoday.com/story/mone...-lawsuits-over-massive-cyberbreach/653909001/
 
Last edited:
  • Like
Likes   Reactions: russ_watters
Computer science news on Phys.org
This is so sad. No matter what you do to protect your information you are still exposed.
 
jedishrfu said:
This is so sad. No matter what you do to protect your information you are still exposed.
I suspect this type of incident will eventually usher in a new era of multi-factor identity assurance (combination of something you are, have, and know). All it will take is for someone to publish this information on wikileaks or something like that.
 
I just love (not) how Equifax is trying to profit off of this by offering a 'free' monitoring service that requires a credit card and turns into a paid service automatically after one year. I wonder how hard that will be to turn off. :oldeyes:
 
  • Like
Likes   Reactions: russ_watters, stoomart and Greg Bernhardt
Borg said:
I just love (not) how Equifax is trying to profit off of this by offering a 'free' monitoring service that requires a credit card and turns into a paid service automatically after one year. I wonder how hard that will be to turn off. :oldeyes:
Absolutely, even a very small percentage of converts could turn into very big profits. Their stock didn't take nearly a big enough hit. Hoping these lawsuits are successful and put a dent in them. These days data breaches aren't harmful enough to companies. Most people just shrug.

I agree we need a new system. SSNs are clearly a thing of the past. I had my identity stolen and used to open cell phone contracts several years ago. Massive PITA and transunion profited as I had to register for protection for a few years.

Using their free check, it appears my wife and I have been affected.

"The real outrage isn't Equifax's arbitration clause — it's all the others"
http://www.latimes.com/business/laz...uifax-arbitration-clauses-20170912-story.html
 
Last edited:
  • Like
Likes   Reactions: russ_watters and stoomart
Greg Bernhardt said:
Using their free check, it appears my wife and I have been affected.
:oldsurprised:
Hope all goes well Greg.
 
dlgoff said:
:oldsurprised:
Hope all goes well Greg.
I checked the same interface and was informed that my data was also 'likely compromised'. With 143 millions records stolen, odds are that you're in the same group as Greg and I.
 
  • Like
Likes   Reactions: Greg Bernhardt
Thieves are the lowest form of scum. Also wouldn't surprise me if it was an intentional leak. Theyd profit from it in the long run if they don't get hammered with lawsuits.
 
Borg said:
I just love (not) how Equifax is trying to profit off of this by offering a 'free' monitoring service that requires a credit card and turns into a paid service automatically after one year. I wonder how hard that will be to turn off. :oldeyes:
I went to their site (www.equifaxsecurity2017.com) and found that my info was likely exposed -- they didn't say for sure. Due to the widespread outrage over their incompetence and their requirement for getting a credit card, I believe they have eased up on this requirement.

One thing not mentioned already is that a number of higherups sold stock before the public announcement was made. I think we'll hear more about this in the near term.
 
  • Like
Likes   Reactions: russ_watters
  • #10
Mark44 said:
One thing not mentioned already is that a number of higherups sold stock before the public announcement was made. I think we'll hear more about this in the near term.
Which is surprising because they seriously couldn't believe they wouldn't get caught right? Maybe they think the prosecution would be weak and still can get away with it.
 
  • #11
Mark44 said:
One thing not mentioned already is that a number of higherups sold stock before the public announcement was made. I think we'll hear more about this in the near term.
I've heard this also. Do you know who the executives were? It would be interesting to look up their SEC filings to see what is being reported as suspicious. I do have a link to all of the insider trades for Equifax but it would help to narrow it down.
 
  • #12
Borg said:
I've heard this also. Do you know who the executives were?
Offhand, I don't, but I think this would be relatively easy to find out.
 
  • #13
Greg Bernhardt said:
Using their free check, it appears my wife and I have been affected.
Equifax's free check site is essentially worthless. You can put in made up information and it will tell you your info has been stolen. Likely means that they don't really know what was stolen:
https://techcrunch.com/2017/09/08/p...may-tell-you-youve-been-impacted-by-the-hack/
http://www.zdnet.com/article/we-tested-equifax-data-breach-checker-it-is-basically-useless/
https://www.cnet.com/how-to/psa-equifaxs-hack-checker-is-a-hot-mess/
Essentially, if you have a credit history, you should assume your information was stolen.

Info on the three Equifax executives who sold $2 million in stock ~3-4 days after the breaches were discovered on July 29 (but a month before the breach was publicly disclosed)
Regulatory filings show the three Equifax executives — Chief Financial Officer https://www.sec.gov/Archives/edgar/data/33185/000089924317019691/xslF345X03/doc4.xml, U.S. Information Solutions President https://www.sec.gov/Archives/edgar/data/33185/000089924317019692/xslF345X03/doc4.xml and Workforce Solutions President https://www.sec.gov/Archives/edgar/data/33185/000089924317019702/xslF345X03/doc4.xml — completed stock sales on Aug. 1 and 2.
http://www.npr.org/sections/thetwo-...s-after-hack-that-wasnt-disclosed-for-a-month
 
Last edited:
  • Like
Likes   Reactions: stoomart, Borg and Greg Bernhardt
  • #14
Ygggdrasil said:
Equifax's free check site is essentially worthless.
That's the conclusion I reached, after finding out from their site (www.equifaxsecurity2017.com) that my information "might have been compromised."
 
  • #15
Ygggdrasil said:
Equifax's free check site is essentially worthless. You can put in made up information and it will tell you your info has been stolen. Likely means that they don't really know what was stolen

Just a word of caution from the Oregon AG about Equifax's impact validation site:

Do NOT visit Equifax’s website to find out if your information was exposed or to enroll in Equifax’s credit monitoring service. The website’s terms of service potentially restricts your legal rights. Buried in the terms of service is language that bars those who enroll in the Equifax checker program from participating in any class-action lawsuits that may arise from the incident. And because the hackers gained access to the information through Equifax’s U.S. website, it is unclear whether the information you enter to determine if your information has been compromised (your last name and the last six digits of your Social Security number) will be protected from future breaches.​

https://www.doj.state.or.us/media-home/news-media-releases/equifax-data-breach-need-know/
 
  • Like
Likes   Reactions: Ygggdrasil and Greg Bernhardt
  • #16
First, the claim that the executives didn't know about the data breach when they "spontaneously" sold stock is almost worse than insider trading - it's gross malfeasance. The Board should immediately remove them for, by their own admission, incompetence. This won't happen, of course, because they don't care. We aren't their customers. We're their product.

Second, the class action opt-out when checking if you're a victim of the breach. They have a lot of chutzpah if they think that knowing a SSN and a last name is tantamount to a signature when they just released a multimillion line long list of just that.
 
Last edited:
  • Like
Likes   Reactions: Drakkith, Borg, dlgoff and 3 others
  • #17
Greg Bernhardt said:
Absolutely, even a very small percentage of converts could turn into very big profits. Their stock didn't take nearly a big enough hit. Hoping these lawsuits are successful and put a dent in them. These days data breaches aren't harmful enough to companies. Most people just shrug.

I agree we need a new system.
This one is different from, say, the Target breach because as V50 said, we aren't their customers, we are (our data is) their product. So whereas Target took a big hit when people were scared to shop there anymore, Equifax clearly doesn't care if we're upset because us being upset doesn't affect (and can even enhance) their income/profit.
http://www.cnn.com/2017/09/11/opini...nd-government-act-opinion-schneier/index.html

I suspect they will get hammered in the class-action suits, but in the meantime it is just mind boggling how little they care or perhaps even recognize how serious this is. Along those lines, the insider trading is mind blowing too. How could they possibly expect to get away with that? Anyway, besides the lawsuits, I agree that regulations have to change to make data protection be taken more seriously and in particular to change, regulate or eliminate the credit agencies.
 
Last edited:
  • #18
I will have to reserve judgement on the three executives. If you look in their transaction history since the beginning of 2015, two of the three have tended to keep their total share ownership hovering around 40,000 shares each and all three are currently in that range. They also tend to execute their transactions in Feb., May, and Aug. throughout that time so an end of July/beginning of Aug transaction isn't out of the ordinary for them.

Yes, $2 million is a lot of money, it looks very suspicious and I fully agree that the trades should be investigated. However, those same three execs sold over an additional $11 million before July of this year. Mr. Gamble alone sold 61,000 shares in May - well before the breech was discovered. His shares had climbed to over 100,000 and those sales brought them back down into the 40,000 range. Mr. Gamble's Aug sale of 6500 shares (~$900,000) was a fraction of the May sales ($8.35 million) and still kept his portfolio in the 40,000 share range.

Long story short - I don't see anything that screams selloff by them. The $2 million in shares that they sold is now worth around $1.6 million for a gain of about $400K divided three ways. However, their remaining 120,000 shares have lost $3.7 million in value during that same period. I have to wonder if people who are worth 10's of millions would risk that to make an additional $130K each.
 
Last edited:
  • Like
Likes   Reactions: russ_watters, stoomart and Greg Bernhardt
  • #19
$400,000 looks pretty good to me. Even split three ways. And remember, Martha Stewart went to jail for a mere $45,000 gain.
 
  • #20
I didn't know about Martha Stewart going to jail for so little. It's beyond my understanding how people so rich would take such risks for such a small percentage gain on their overall wealth.
 
  • #22
I was already at risk from the DoD or VA security breach about a decade ago. Hopefully I don't get screwed from this one as well...
 
  • #23
Greg Bernhardt said:
Equifax blames breach on a server flaw it should've patched
https://www.engadget.com/2017/09/13/equifax-apache-argentina
Our Struts servers were getting attacked within hours of that exploit being released, but the web application firewalls stopped them dead in their tracks, same with the last one earlier this month. I suspect Equifax was compromised several months before July based on what I saw coming at out systems.
 
Last edited:
  • #24
Shockingly, Equifax told me I probably was not affected.
 
  • Like
Likes   Reactions: Borg
  • #25
Nothing is secure. Over the Labor Day weekend, I went into my bank account online, and instead of it going into my account, it was odd, like I had already tried to gain access to my account, and the window that popped up was a screen saying that for my security it was asking me one of my "security questions", well, problem is, the ANSWER to the question was ALSO already correctly filled in and visible! And it's an answer no one would know. So the security company screwed up. I had to wait until the bank opened to report the incident to the bank and they locked my account and I had to reset everything.
 
  • #26
While Equifax is going around saying "Golly, we were as surprised as anyone" the fact of the matter is that this breach is a result of business decisions. They could have hired a larger security branch - including a "red team" whose job it is to periodically probe their security. They could have put in place internal controls limiting how many records can be pulled at once. Maybe even they could have hired someone with a background in IT rather than a music major to lead their security enterprise. There are many things that they could have done, but it was decided that they cost too much money compared to the risks.

And they were right.

What are the consequences? They are going to get a "tsk tsk" and a stern talking to, but I don't see their customers leaving. Remember, we're not their customers. And yes, their stock price is down, but it will go up again once time has passed and it's seen that Equifax is making as much money as it ever was.

I don't see that consumers have much power here. About the only thing that would work is a massive boycott of Equifax's actual customers. But I don't see that individuals will buy a Ford when they want a Chevy because the Chevrolet dealer uses Equifax. One could think about the government and a similar boycott, but I can't see them making purchasing decisions based on this either. Plus you have the legal issues - Equifax will fight this tooth and nail.

That said, if data security became an existential issue for credit bureaus, you'd see them taking it seriously.
 
  • Like
Likes   Reactions: stoomart
  • #27
Vanadium 50 said:
There are many things that they could have done, but it was decided that they cost too much money compared to the risks.

And they were right.
I think the lawsuits will have a decent shot.
 
  • #28
We'll see. CNBC is talking $300-$325M in costs, which a) seems remarkably precise - less than +/- 5% uncertainty, wow! - and b) is nowhere near what it takes to bankrupt the company. My fear is that $300M is not enough to teach them a lesson.
 
  • #29
Didn't Equifax encrypt their data?
 

Similar threads

News What is Diebold's history of breaches and corruption in the voting industry?
  • · Replies 32 ·
2
Replies
32
Views
7K
News What do you think about the deal with North Korea?
  • · Replies 6 ·
Replies
6
Views
4K
News The Roots of Terrorism and US Foreign Policy
  • · Replies 31 ·
2
Replies
31
Views
6K
News Downing Street - New memos released
  • · Replies 2 ·
Replies
2
Views
3K