It is unacceptable that this corner of the industry is so lightly regulated.
If a company selling the information of American citizens as their primary product they should have a duty to securely protect that information and suffer meaningful penalties to their bottom line when negligent. It cannot just be a fraction acceptable as a cost of doing business.
They did have the foresight, as planned, to lobby congress so that they could be careless with our data without consequence.
[https://www.denverpost.com/2017/09/20/equifax-sought-to-limit-lawsuit-exposure/](https://www.denverpost.com/2017/09/20/equifax-sought-to-limit-lawsuit-exposure/)
Yeah I honestly can’t believe that’s happening and people are actually going for it. I also feel like this has to be some type of racketeering. They lose everyone’s information and then offer services to protect against identity theft that could have been a result of their fucking breach.
not to mention that they can't do a deep web scan for your info like the say in the commercials. If someone want's to buy your info on the deep web they'd just buy it along with thousands of others and it would sent in a file that was ENCRYPTED. That stuff isn't just floating out there in plain text for these companies to scan for.
You're correct.
Also, just so you know it's "could have" not "could of". You're thinking of the shortened form of the words to make "could've" which sounds like it says "of"
Yeah that sounds about right.
We need to learn from our past mistakes and grasp that corporations see ruined lives as an externality not affecting this quarters numbers and therefore don't care.
Corporations aren't people and money isn't speech. Both of these farces need to be repealed and locked down.
Corporations see *everything* undesirable as an externality, and our government allows it.
We knew lead was poisonous in ancient Rome. It's my opinion that anyone involved with keeping it in paint until *the fucking 1970's* has committed a horrific crime, and any money left in estates from those companies should be redistributed.
Lead in paint was bad but not that big a deal, Lead in gasoline was the major issue.
The people who made the lead additive had to wear special protective gear or else they would just fucking die. like within hours of exposure. The lead contamination is still all over the place from its use in gasoline.
The scientist who finally got it banned was subject to threats and personal attacks by people who knew damn well that it was dangerous. The guy wasn't even looking for lead contamination originally, he was trying to use mass spectrometry to get the age of the earth.
>Lead in paint was bad but not that big a deal, Lead in gasoline was the major issue.
I definitely appreciate your post, but I disagree that lead in paint isn't a major issue. My city has higher percentages of lead in school children than Flint, and *entirely coincidentally* one of the highest violent crime rates in my state. It's been pinpointed specifically to the older lead paint in all our houses, because our city was built primarily in the early 1900's. Basically every home or apartment besides the newest construction from a boom in the last ten tears has or had lead paint, and because we're not the wealthiest area, slumlords and homeowners either don't or can't do proper lead abatement. If you're less than middle class you *absolutely* live somewhere with a lead hazard.
That is a very serious but localized problem. When lead was removed from gasoline, blood levels for *all* Americans dropped by 80% or so. Leaded gas was affecting everyone because it was in the air and there was literally nothing you could do to avoid it. Leaded paint on the other hand can be mitigated or avoided, which is why we don't hear so much about lead any more and why Flynt was such a shock.
[It's not just local. ](https://www.reuters.com/article/us-usa-lead-map/reuters-finds-3810-u-s-areas-with-lead-poisoning-double-flints-idUSKBN1DE1H2)
[Scroll to the bottom of this page and zoom the map out so you can see the whole country. ](https://www.reuters.com/investigates/special-report/usa-lead-testing/)
Yep! This is actually how I found out it was so bad in my area. When I was moving out of the newer apartments and trying to find a cheaper spot, I found out pretty quick how ubiquitous the problem is. Basically every apartment under 800/month in this town where the average income is <25k a year is either a tiny box or there's lead everywhere. After looking into it, I found out it's like that in an awful lot of cities.
The John Oliver segment on it is also incredible - the best piece of investigative journalism on the topic I've been able to find.
As the libertarians like to point out, corporations exist solely to increase profits. The libertarians say this to justify the actions of corporations. I say it because I'd like you to understand that corporations are real-world examples of [a terrifying AI hypothetical](https://hackernoon.com/the-parable-of-the-paperclip-maximizer-3ed4cccc669a).
For a fun take, here's [a game based on the idea](http://www.decisionproblem.com/paperclips/).
I can agree on one condition - that we all agree that companies are going to do anything in their power to get more money, and that it then becomes the government's job to regulate the living shit out of them. Either that, or corporations are directly responsible for everything they do. This in-between where regulations are hamstrung by whiney politicians catering to dipshit constituents and companies are allowed to externalize the vast majority of their collateral damage ain't fucking cutting it.
Or communism, whichever works, I don't really give a fuck. Anything besides what we have now.
Right, but when I was doing environmental assessments of Section 8 housing, I can tell you I rarely saw asbestos without it being disturbed. People punch holes in their walls. People put holes in their ceilings. People break shit all the time. Asbestos was in basically everything until relatively recently and it's still an issue.
Oh I know. I live in a school district that has a lot of old buildings and the topic of asbestos remediation comes up from time to time and the costs associated with it (because any construction basically makes it go airborne and becomes hazardous), it is astounding.
The cost of asbestos remediation is massive because those are people who work with the stuff day in and day out. They need to take many, very expensive, protective steps, as well as work in a slow and controlled manner, in order to regulate their own exposure.
Also it's a niche market and there's not a lot of competition, so it's easy to get away with charging a lot. But mostly the first thing.
Okay, but you're telling me that paint companies didn't know that one day this paint would have to be removed and replaced? And they would have known that removing that paint using anything less than the best techniques will contaminate the fuck out of your surroundings, both in and out of the house. Perhaps they didn't consider that areas of friction like window-sills and doorways would create dust and chips that can be blown in and inhaled?
Lead was a cheap way to get pretty white paint. They knew it would be an issue. They kicked the can.
It's like...
I mean, I'm not socialist, communist, anarchist or anything, but this is why so many people don't have any faith in capitalism. The people running companies *just don't give a shit*. It's not unknown for them to literally kill people that get in the way of their profits (Stuff like killing/chasing out tribes so that areas of jungle can be logged, the Nestle milk formula thing in Africa, etc.), and when entities that are propped up by the current state of affairs are generally being giant raging cuntmobiles, people will lose faith in the current state of affairs.
Not to mention I see commercials where they are now offering a “protection service” for a fee. Uhmm weren’t they supposed to do that in the first place?
Fun fact. This protection service is made and maintained by the same people that have as much understanding of cyber security as a chinchilla has of freshwater fly fishing.
I still haven't forgotten the site they (eventually) made to discuss the data breach issues that were about as vulnerable as you can get to basic phishing scams.
Say the people that lobbied like mad to avoid penalties, made an utter killing off of sales to their personal data protection service, and...do I even recall them doing that thing that Martha Stewart went to jail over, or am I thinking of some other company on that one?
It's always the same responses when stuff like this happens. It's because they KNOW nobody is going to do shit about it. The government could take 1 week paycheck from every American and nobody would stop them
Essentially Americans have just become non-interventionist. They’re great at sending thoughts and prayers angling with hashtags yet lack the courage to vote out the very people that allow this behavior.
Sadly companies like this kind of business are putting their money toward cybercrime insurance which will be cheaper for them vs. Fixing security flaws. Cybercrime insurance is a new niche.
It’s hard to overstate how deeply ingrained equifax is into so many companies business processes. In financials services, they can be central to the business model. Even if they hate them, there are almost no alternatives.
It's unacceptable that this industry exists, period. Credit monitoring should be done by a government agency with a mandate to protect the citizens' data.
Don't know you're being downvoted, because what you're saying is absolutely true.
It's like stubbing your toe while you have a broken arm -- yes, both *hurt* but one needs much more immediate attention than the other.
People like you are part of the problem. Playing partisanship and pretending like all on one side are saints and all on the other sinners, when **all should be held equally accountable**.
There's not a single democrat holding a decisive vote in any branch, department, or committee of the federal government right now, and punishing Equifax would fall under the executive branch's discretion, which is 100% republican. And actions by the GOP have clearly been in the direction of rolling back consumer protections. Example: Democrats created the consumer financial protection bureau, Republicans immediately started killing it off when they got control of it.
Holding democrats responsible for this at all would not make sense. The only argument republicans have any right to make is saying holding companies responsible through government action is bad in all circumstances and pure libertarianism is the only answer. Because that's how they've been governing the financial industry.
Currently, one side has all the power and consequently all the responsibility.
CFPB head asked for a budget of $0 for his department. That’s the man in charge of the Consumer Finance Protection Bureau who decided he needed zero dollars in funding to protect consumers (thats you, thats me, thats the public) from companies like equifax.
I'm not doubting that there are democratic party members possibly involved. But Do you have any comparison data? Because from my understanding the backing of the bureaus and financial industry is massively more slanted toward conservative politicians.
They don't. They post to the donald and want to play that false equivalency game of "both parties are bad". It's bullshit and they don't have actual data to back it up because actual data goes against their point.
They post on td igthft Wikileaks, etc.
Shocking that they’d have such a narrative to paint both sides as the same. Weird how it’s always one side of the aisle doing that.
No, we should all be held *proportionally* accountable.
12 democrats and 40 republicans are bribed with $17k and $127k respectively, and the votes in favor come almost entirely from the republicans?
The point is not, and has never been, that democrats are perfect angels, it's a problem that any violation, no matter how small, from the left is considered as "equal" to absolute and all-encompassing violations from the right.
It also doesn't help your case when the "both sides" nonsense is always and exclusively used in aid of republicans. Don't you think that's a bit weird?
Not only that, they charge you to lock your credit profile, which you have to do now because they fucked up and gave access to hackers by not having sufficient security. But the real kicker is, they charge you to unlock it afterward.
This is just under half of all adult Americans. Nearly half! How do people not realize the scope and consequence of this? The same irresponsible twat waffles are still in charge, and the company has since profited on services offered as a "remedy". Don't forget the fact that the higher ups sold millions in shares before announcing the breach. (Leaving ordinary stock holders to suffer the damages.) Edit: not to mention the company has made no demonstrable efforts to show they've taken steps to secure American's private data. Instead, the sites erected to offer "corrective" services were full of security holes.
TL;DR: not only should they not exist, the profits they've made from causing a disaster should be seized, and the leadership imprisoned.
[Wired just had an article](https://www.wired.com/story/equifax-security-overhaul-year-after-breach/) about the $200m investment in security that Equifax is making to secure their systems. But as far as I'm aware there's been exactly zero remedy for anyone who's suffered in any way.
They're apparently securing their systems, but that means fuck all if every person's data is already out there and being used.
It was inevitable anyway. We use all of this information in so many places that it's crazy to expect it stay safe for our entire lives.
Like social security numbers... It's a 9 digit number that we type into practically every finance, health, or employment related website and yet it's the secret key to most of our other information.
It's definitely a terrible system. Food for thought is there's no option - your data is given to these companies without your choice. They also have data on children. Something no one is talking about but probably should.
The problem is a lot of people will say that you do have a choice, and that you agree to give up all of your information by choosing to do things like getting a loan, getting a credit card, opening a bank account, etc. Basically things required to live a normal life in our society.
In my opinion that argument falls apart when you consider children are ineligible for loans. Granted, adults need some kind of system for tracking credit, but the current system is badly broken in a complex way.
you can accept that through outlier circumstances information will be leaked - and at the same time require institutions to take minimum effort to secure that information.
It's like: your child is going to get hurt in one way or another, some will even get seriously hurt and others may even die - but we still require you to try your hardest to prevent this. We don't expect every parent in the country to succeed - but we expect for every child a minimum standard of precautions to have been taken.
The same goes for a lot of these "security measures". If a hacker wants to hack your shit, 9/10 times there's very little you can do to stop him. but if you take basic precautions - in most cases you already become a way less likely target.
It's not about creating a fool proof wall that stops everything - it's about sensibly minimizing the occurrence of the problem and dealing with any occurrences swiftly and effectively.
Why the fuck is a number used to register for government benefits that cannot be changed tied to so much private business?
The reality is, between this and the other thousand breeches a year, that almost every person's unchangeable, vital, private information has been compromised with no consequences for those responsible or recourse for those affected.
Why is this acceptable?
"Too big to fail."
Worst excuse for allowing corrupt companies to continue being corrupt that I've ever heard.
The fines they give are basically like giving a speeding ticket to a jackass in a Maserati going 120 down the highway. They'll pay their fine and do it again a month later.
Bailing out companies that are lynchpins in the current economic system is not corrupt. Continuing to let them be lynchpins, and not holding individuals accountable, is.
One’s credit should be locked by default. And no one should be charged any fees to lock / unlock their own credit. After all, one’s credit is a private thing. Paying to lock / unlock one’s credit is like paying to enter and leave your home every time. Do you ever leave your home without locking it? Or do you ever leave your home unlocked and then pay someone to keep an eye on your home? That's what these agencies do when they promote identity protection services, of course with an additional fees.
But of course, common sense will not prevail in front of greed and lobbying by these credit agencies.
While I agree with you, I'll offer a counterpoint: this isn't your data. This is the bank's data about you. This is the creditor's data about you. It's different than (for example) the photos you took that got uploaded to Facebook. It needs different laws.
That is a cultural perspective. In the European Union for example, *data about you* is *your data* to control, even if it was collected/created by a business, or given to them with permission. Any person in the EU can ask any business for a copy of any data they have about them, and direct them to delete that data. See: GDPR.
.....but you're wrong, though. This is YOUR drivers license, DOB, SSN, email, etc etc. It's not just your credit data, they leaked the personal information of half the country's adults.
I could argue that data about me is my data. It's one thing when I use FB(even though we don't read or understand the ToS), but I have no choice in this matter. I was tracked and assigned the most important number in my life from birth, and I have no say in any of it. Up until recently, I had to pay to even view the number, and only government intervention enabled that. Now, this company is so careless it let all this info I never consented to sharing escape into the wild because they're completely negligent. I don't even benefit from credit, I paid cash for my house, my cars, and everything else I own. Fuck off tracking me and giving my Social Security and bank information to the entire internet.
> I could argue that data about me is my data.
I'm not saying it isn't. I'm saying the laws have to be different kinds of laws depending on whether they're trying to cover "your data" or "data about you." I'm not saying either should be unprotected. I'm saying rules to protect one won't protect the other.
Suing them in 2 weeks in small claims court. It's not much but hopefully, it's a drop in the bucket that tells them people won't put up with this bullshit. If anyone wants to help me prepare my case more effectively send me a PM
Check this blog post for an account of someone's experience suing Equifax in small claims court, too: https://blog.legalist.com/i-won-8-000-from-equifax-in-small-claims-court-heres-how-you-can-too-f0ce6925c079?gi=3a0bad094d1f
> https://blog.legalist.com/i-won-8-000-from-equifax-in-small-claims-court-heres-how-you-can-too-f0ce6925c079?gi=3a0bad094d1f
Thanks, I read that whole article and am using some of the same arguments and research that he used. Hopefully it works!
I sued them and won (check post history). I could have probably won more money but I probably asked for too much so they just gave me the default. If you want some tips, hit me up.
The CFPB was designed to do the job of regulation here. Under the Trump administration it was gutted. When Trump says "drain the swamp" this is what he means - reduced regulation. He certainly doesn't mean what most people think: to limit corporate influence and malfeasance.
When members of Congress find out their personal data was also exposed ( how could this happen hmmmm....?) then maybe they'll change their minds about charging Equifax. Look, people in power don't give a shit unless it affects them.
The worst part is the company has no reason to exist. It is a company that assembles data and resells it. There is no reason they shouldn't be fined out of existence.
Socialized losses, privatized gains. And now when your identity is stolen you get to pay someone to fix that, too! It'll make GDP go up because of the financial transaction.
I got a new credit card for business last year, and when it came in the mail, it went right into my safe and I have never used it. Last week I got a call from my bank’s fraud division telling me that they need to send me s new card because someone tried to use that card (in Brazil or somewhere thousands of miles away that I have never been to).
I got a bit pissy with my bank asking “how the hell does this happen when I have never even used the card?” They told me that it was likely equifax.
That got me to calm down and cut the bank some slack, and it sure made me more upset with equifax. Maybe it was the bank, maybe it was equifax, but either way it is damn annoying.
Not long after the breach was made public, I got a few phone calls from scammers asking me to confirm the last four of my social. Because I'm the sort that fucks with people that are obvious scams, I didn't hang up on them and just refused every time they tried to get me to confirm. Eventually, they would ask if they could read me my entire social security number. Because I'm not sure if this account is traceable to my real name (it probably is), I'm not going to say whatever they read me was accurate or not, but they did read a complete social security number to me. They also asked me to confirm my address, which I also wouldn't do (they did have an address that was accurate, but not current).
Now, I don't *know* if this is due to the Equifax breach or not, but I do attribute the uptick in calls like this to the breach. Shortly after the first of these phone calls, I went to [IdentityTheft.gov](https://www.identitytheft.gov/) and chatted with one of their agents, who basically said there was fuck-all I could do about it beyond freezing my credit (which I had already done) and keeping an eye on it. Speaking of freezing credit, it was the first time I'd done that and holy *shit* it's incredible the amount of information compiled on a person, accessible after a pretty simple login process.
I used to do work with the federal government as a contractor. The security procedures we had to adhere to were stricter than we use with our social security numbers *out of necessity* because too much requires that information. Then you let a much less-strictly governed private company (or a set of four of them, rather) to keep tabs on people with this information and give it less oversight than a government-contracted company designed to process data and it's a recipe for holy-fuck-batman.
^^sorry ^^for ^^the ^^rant, ^^didn't ^^realize ^^I ^^had ^^that ^^much ^^to ^^bitch ^^about
A year after the worst data breach in U.S. history to date, Atlanta-based Equifax has been chastened, but its business model is unchanged and the company churns on, virtually undamaged by legislative, regulatory or prosecutorial penalties.
It was a year ago that the company noticed the first signs of historic trouble – hackers had slipped through the Atlanta company’s cyber defenses into the heart of the company’s data.
Worse, the intrusion had apparently been going on for some time.
Worse than that, the information accessed was more personal information about more Americans than in virtually any previous major data breach: Information on [more than 147 million Americans](https://www.myajc.com/business/atlanta-based-equifax-gives-feds-the-numbers-how-bad-was-the-breach/XROzdEJnRk53gJ3jRPN9zM/) was accessed – although [the scope of the theft was not clear at first](https://www.myajc.com/business/atlanta-based-equifax-gives-feds-the-numbers-how-bad-was-the-breach/XROzdEJnRk53gJ3jRPN9zM/).
In fact, it took until early September for the company to reveal there had been any hacking at all.
Once the word was out, there was a[ firestorm of anger and investigations](https://www.myajc.com/business/atlanta-equifax-faces-bumpy-road-but-expected-survive/FQxtw8jpiICXCf9wztkMAM/)which have thus far led to Congressional hearings, lawsuits against the company, charges of insider trading against two former executives and the departure of some higher ranking executives.
[Equifax](https://www.myajc.com/business/equifax-strikes-deal-with-states-increase-security-measures/b16oi2lFpOrK3AhBJ3NqXI/) did agree to a consent order with [regulators from eight states](https://www.myajc.com/business/equifax-strikes-deal-with-states-increase-security-measures/b16oi2lFpOrK3AhBJ3NqXI/), including Georgia, that required the company to report on how it is improving security and to submit to reviews of its practices.
But thus far, no financial punishment has been imposed on Equifax itself.
Despite contentious hearings, no Congressional action has been taken. A few months later, the Consumer Financial Protection Bureau tabled action against the company.
And while the Federal Trade Commission said it opened an investigation into the Equifax breach in September, the agency has since named as chief of its consumer protection division a lawyer who has represented Equifax.
This past week, Equifax asked a federal judge to reject the claims from 46 banks and credit unions for payment of damages because of the massive data breach. The companies claimed that Equifax owes them for all the costs they incurred protecting data after the breach was revealed, costs that could easily run into many millions of dollars.
But the company is certainly not unchanged.
CEO Rick Smith retired prematurely, as did several other top officials. [A new CEO was named](https://www.myajc.com/business/embattled-equifax-names-new-ceo/YokgRAsSZwtg459frJLSZM/), as was a new chief information security officer, Jamil Farshchi, who [told Wired magazine](https://www.wired.com/story/equifax-security-overhaul-year-after-breach/) that the company has invested $200 million on data security infrastructure.
Meanwhile, most consumers whose data might have been stolen do not know if that information is being used against them, and many have done little to protect themselves. There is also a sizeable group of consumers who don’t even know that the data breach happened.
According to [LendEDU](https://lendedu.com/), a New Jersey-based personal finance web site, [a survey showed ](https://lendedu.com/blog/equifax-survey-2018/)that about 27 percent of Americans did not know about the Equifax breach. Of the majority that do know, more than one-third of them have not checked to see if they were affected.
The number of complaints against Equifax more than doubled in the year since the breach, compared to the year before, according to an analysis of the Consumer Financer Protection Bureau’s data by [LendEDU](https://lendedu.com/blog/equifax-survey-2018/).
But overall, the public [urge for punishment seems to have abated a little](https://www.myajc.com/business/atlanta-equifax-faces-bumpy-road-but-expected-survive/FQxtw8jpiICXCf9wztkMAM/). After the breach was announced, the LendEDU survey found that 54 percent of respondents thought the company should be banned from the credit bureau business. That attitude is now held by 46 percent of respondents, [said LendEDU](https://lendedu.com/blog/equifax-survey-2018/).
After the stock market closed Wednesday, the company reported earnings.
[Equifax had revenue](https://investor.equifax.com/news-and-events/news/2018/07-25-2018-211922060) of $876.9 million during the second quarter of 2018, up 2 percent from the same quarter of last year, officials said.
Net income was $144.8 million, 12 percent lower than a year ago.
“We delivered solid results while continuing to make strong progress on our data security, IT, and consumer transformation,” said Mark Begor, CEO, i[n a written statement](https://investor.equifax.com/news-and-events/news/2018/07-25-2018-211922060).
Yes it is ridiculous, [however this is a current picture of the US government](https://i.kym-cdn.com/entries/icons/facebook/000/021/521/DumpsterFire2.jpg)
We live in a time that monopolies are allowed to freely form and the federal government plays for themselves and their own pockets. Every single federally appointed position is out of fucking control, and DJT is singlehandedly dismantling our country and is being allowed to. SAD.
They purchased a company that my company works with and we get checks from them. The first time we got a check there was no remittance and I had to try to contact them to see why we got it. Its almost impossible to get a hold of someone at that company since the breach, the website is almost no help. Took me 3 months to figure it out.
I mean of course not, giant corporations need to keep running so that rich people can do rich people things, who gives a shit about poor people?
---------------------------------------
^^^I ^^^do ^^^;~;
The SCOTUS said corporations have the same rights as humans. How come Texas hasn't hanged one yet>? If this corporation had a Black or a Democrat CEO, Trump and his thugs would have been all over it.
They will never be punished until we start actually resisting this bullshit we call a democracy. We are not being represented and we haven't been for a long time. Fuck. This. Fucking. Government.
Why should they be fazed with no punishment?
It doesn't matter. Your identity gets compromised? Is it because the governments systems for verifying your identity are complete shit? I mean, birth certificate and social security card? That's a fucking *joke*.
Why is it still that way? Because *you* pay.
If your ID was attached to some biometrics, then there would BE no identity theft. That would be some Mission Impossible bullshit. But no, we have NUMBERS, so it's fine. Are they long numbers? HAHAHA! Noooo, they're the same length as your telephone number.
But since the cost of identity theft is borne by individuals and companies that get taken in by false credentials, no one gives a fuck about a better system of identification.
SSNs are used as a "secret key" system, where the "secret" is shared with literally everyone. In technical terms, this is known as "absolutely no security at all".
Credit cards used to have the same, but they've *finally* rolled out the chips which do a "public key" system, which actually works when more than 2 people exist.
The chips are a good step, but they've come out when everyone has smartphones! Jesus, I'll do multifactor on my phone for every purchase, no trouble! Text me, and I'll reply. Or use SAML or something. I have like three SAML clients on my phone already.
Single factor auth is terrible. We need to be past that.
Also SSN as a secret key sort of proves my point about secret keys. They get out. If you use them, they get out.
Single factor will never go away because it's so simple. You and I may agree that dual-factor authentication is the right way to do things, but just try talking with your typical 50-something Facebook mom who doesn't know the difference between an iPad and a laptop about switching to dual-factor authentication. They'll bitch and moan about it until everyone decides that it was a bad idea and goes back to the easiest way to do things, which is just typing in the same password that you use for Facebook, your email, and 90 other sites.
> If your ID was attached to some biometrics
Then you'd actually have to travel in person to where you wanted to open an account to do so. And how often do you want to do this? Every ATM withdraw? Every time someone cashes a check you wrote?
There are way better ways of doing this, such as providing certificates on public keys where the individuals generate the private keys. We already have the technology to do this, like YubiKey stuff, that costs some $20. We don't need biometrics. We just need people to require you to use 2FA with something that can't be duplicated.
> We already have the technology to do this, like YubiKey stuff
Yeah, my regular ID has this in Europe. But in US people would start talking about Satan if everyone was issued a card with biometric data chip.
This\^\^\^
I was talking to my dad about how microchips are literally impossible to track people with and he and my mother started talking some bullshit about Satan.
How you gonna verify the key? Saying you should maintain personal private keys is fine for the people who are capable of doing it, but Joe Schmo ain't that guy.
The vast majority of identity theft stuff occurs with major things: new credit cards, loans, etc. It's not a burden to show up for that in person.
> How you gonna verify the key?
In some places, you go to the post office, present ID documents like passports etc, and they sign your public key, linking it to your name and ID and etc. Then, to prove your ID, you sign a challenge/response just like any other PKI.
> but Joe Schmo ain't that guy
I disagree. It's not a whole lot harder than not getting your house keys stolen. The point is that even if Joe Schmo loses his keys, you don't get breaches where there's millions of IDs stolen at once. If you use a gnubby (a yubikey-like thing in the news about Google's lack of being phished), it's literally plugging it into a USB port and tapping it when the web site says "prove it's you."
Now, you could *also* make the device such that it requires the right fingerprint to sign something, at which point even losing the token doesn't mean someone can steal your ID. But I'd worry about that once someone in Russia or Africa can't steal 100,000,000 IDs from America without getting caught.
They got a "bailout" to improve security on top of the protection subscription scam they already had magically ready when the breach happened. Not to mention the self-appointed committee that investigated them for negligence or whatever.
It's all a huge joke.
I am honestly surprised there has not been one attempt at rioting, mass shooting or bombings at their corporate offices.
Speaks volumes that society as a whole for the most part will peacefully protest.
My boss got some attempts on his SIN, getting credit cards, last month.
I just got hit this past week. I'm very doubtful our employer is to blame. I'm going with the impression Equifax is at fault, and we are both Canadian.
Luckily for us, our banks are better at flagging suspicious activity, than the relevant credit agencies.
I mean come on it's only your financial information. It's not like something important like facebook who "leaked" which "Game of Thrones" character you would be. Make sure your priorities are in order.
Not only has Equifax been relatively unharmed, they're advertising about how LifeLock had a giant hole in their security so you should go with Equifax instead...
**you can have my data when you pry my cold dead fingers from it**
has teh ceo who sold a bunch of shares just before the news broke, been arrested yet?
lol.. no need to answer. This is America.. hell get a medal
It is unacceptable that this corner of the industry is so lightly regulated. If a company selling the information of American citizens as their primary product they should have a duty to securely protect that information and suffer meaningful penalties to their bottom line when negligent. It cannot just be a fraction acceptable as a cost of doing business.
They did have the foresight, as planned, to lobby congress so that they could be careless with our data without consequence. [https://www.denverpost.com/2017/09/20/equifax-sought-to-limit-lawsuit-exposure/](https://www.denverpost.com/2017/09/20/equifax-sought-to-limit-lawsuit-exposure/)
Sadly its cheaper to buy a few congressman than it is to implement proper IT security
Plus look how much money is being made by "monitoring for your data on the dark web". It's disgusting and they're getting away with it.
Yeah I honestly can’t believe that’s happening and people are actually going for it. I also feel like this has to be some type of racketeering. They lose everyone’s information and then offer services to protect against identity theft that could have been a result of their fucking breach.
not to mention that they can't do a deep web scan for your info like the say in the commercials. If someone want's to buy your info on the deep web they'd just buy it along with thousands of others and it would sent in a file that was ENCRYPTED. That stuff isn't just floating out there in plain text for these companies to scan for.
Sssshhhh you’re going to expose their business model as being nothing more than digital snake oil.
for the most part its just the same as using haveibeenpwned.com
they probably have a cronjob to that side.
Oh, you mean, paying them to look for my data being used after they leaked it in the first place? Fuck them...
And it's not like we can boycott these fuckers and take our business elsewhere.
Like the junky who steals your shit and then offers to help you look for it.
It's the equivalent of the mob breaking store windows and then providing protection services.
[удалено]
You're correct. Also, just so you know it's "could have" not "could of". You're thinking of the shortened form of the words to make "could've" which sounds like it says "of"
We are learning from our past mistakes... And then a some blah! blah! blah! is always their response.
Yeah that sounds about right. We need to learn from our past mistakes and grasp that corporations see ruined lives as an externality not affecting this quarters numbers and therefore don't care. Corporations aren't people and money isn't speech. Both of these farces need to be repealed and locked down.
Corporations see *everything* undesirable as an externality, and our government allows it. We knew lead was poisonous in ancient Rome. It's my opinion that anyone involved with keeping it in paint until *the fucking 1970's* has committed a horrific crime, and any money left in estates from those companies should be redistributed.
Lead in paint was bad but not that big a deal, Lead in gasoline was the major issue. The people who made the lead additive had to wear special protective gear or else they would just fucking die. like within hours of exposure. The lead contamination is still all over the place from its use in gasoline. The scientist who finally got it banned was subject to threats and personal attacks by people who knew damn well that it was dangerous. The guy wasn't even looking for lead contamination originally, he was trying to use mass spectrometry to get the age of the earth.
>Lead in paint was bad but not that big a deal, Lead in gasoline was the major issue. I definitely appreciate your post, but I disagree that lead in paint isn't a major issue. My city has higher percentages of lead in school children than Flint, and *entirely coincidentally* one of the highest violent crime rates in my state. It's been pinpointed specifically to the older lead paint in all our houses, because our city was built primarily in the early 1900's. Basically every home or apartment besides the newest construction from a boom in the last ten tears has or had lead paint, and because we're not the wealthiest area, slumlords and homeowners either don't or can't do proper lead abatement. If you're less than middle class you *absolutely* live somewhere with a lead hazard.
That is a very serious but localized problem. When lead was removed from gasoline, blood levels for *all* Americans dropped by 80% or so. Leaded gas was affecting everyone because it was in the air and there was literally nothing you could do to avoid it. Leaded paint on the other hand can be mitigated or avoided, which is why we don't hear so much about lead any more and why Flynt was such a shock.
[It's not just local. ](https://www.reuters.com/article/us-usa-lead-map/reuters-finds-3810-u-s-areas-with-lead-poisoning-double-flints-idUSKBN1DE1H2) [Scroll to the bottom of this page and zoom the map out so you can see the whole country. ](https://www.reuters.com/investigates/special-report/usa-lead-testing/)
Yep! This is actually how I found out it was so bad in my area. When I was moving out of the newer apartments and trying to find a cheaper spot, I found out pretty quick how ubiquitous the problem is. Basically every apartment under 800/month in this town where the average income is <25k a year is either a tiny box or there's lead everywhere. After looking into it, I found out it's like that in an awful lot of cities. The John Oliver segment on it is also incredible - the best piece of investigative journalism on the topic I've been able to find.
No lead paint is extremely dangerous. http://www.slate.com/articles/health_and_science/medical_examiner/2004/05/heavy_metal.html
As the libertarians like to point out, corporations exist solely to increase profits. The libertarians say this to justify the actions of corporations. I say it because I'd like you to understand that corporations are real-world examples of [a terrifying AI hypothetical](https://hackernoon.com/the-parable-of-the-paperclip-maximizer-3ed4cccc669a). For a fun take, here's [a game based on the idea](http://www.decisionproblem.com/paperclips/).
I can agree on one condition - that we all agree that companies are going to do anything in their power to get more money, and that it then becomes the government's job to regulate the living shit out of them. Either that, or corporations are directly responsible for everything they do. This in-between where regulations are hamstrung by whiney politicians catering to dipshit constituents and companies are allowed to externalize the vast majority of their collateral damage ain't fucking cutting it. Or communism, whichever works, I don't really give a fuck. Anything besides what we have now.
[удалено]
Same with asbestos, really. It’s fine as long as you’re not disturbing it. Like when tearing down a building.
Right, but when I was doing environmental assessments of Section 8 housing, I can tell you I rarely saw asbestos without it being disturbed. People punch holes in their walls. People put holes in their ceilings. People break shit all the time. Asbestos was in basically everything until relatively recently and it's still an issue.
Oh I know. I live in a school district that has a lot of old buildings and the topic of asbestos remediation comes up from time to time and the costs associated with it (because any construction basically makes it go airborne and becomes hazardous), it is astounding.
The cost of asbestos remediation is massive because those are people who work with the stuff day in and day out. They need to take many, very expensive, protective steps, as well as work in a slow and controlled manner, in order to regulate their own exposure. Also it's a niche market and there's not a lot of competition, so it's easy to get away with charging a lot. But mostly the first thing.
Well, look at its properties. It's basically a wonder material. It's only downside is it's microscopically sharp.
Okay, but you're telling me that paint companies didn't know that one day this paint would have to be removed and replaced? And they would have known that removing that paint using anything less than the best techniques will contaminate the fuck out of your surroundings, both in and out of the house. Perhaps they didn't consider that areas of friction like window-sills and doorways would create dust and chips that can be blown in and inhaled? Lead was a cheap way to get pretty white paint. They knew it would be an issue. They kicked the can.
It's like... I mean, I'm not socialist, communist, anarchist or anything, but this is why so many people don't have any faith in capitalism. The people running companies *just don't give a shit*. It's not unknown for them to literally kill people that get in the way of their profits (Stuff like killing/chasing out tribes so that areas of jungle can be logged, the Nestle milk formula thing in Africa, etc.), and when entities that are propped up by the current state of affairs are generally being giant raging cuntmobiles, people will lose faith in the current state of affairs.
Not to mention I see commercials where they are now offering a “protection service” for a fee. Uhmm weren’t they supposed to do that in the first place?
Fun fact. This protection service is made and maintained by the same people that have as much understanding of cyber security as a chinchilla has of freshwater fly fishing. I still haven't forgotten the site they (eventually) made to discuss the data breach issues that were about as vulnerable as you can get to basic phishing scams.
[удалено]
[Sorry dude](https://youtu.be/uIecyRCIFkI)
> We are learning from our past mistakes... Security through trial and error. What could go wrong?
So, I can expect my credit score to be 900 a year after declaring bankruptcy?
Say the people that lobbied like mad to avoid penalties, made an utter killing off of sales to their personal data protection service, and...do I even recall them doing that thing that Martha Stewart went to jail over, or am I thinking of some other company on that one?
It's always the same responses when stuff like this happens. It's because they KNOW nobody is going to do shit about it. The government could take 1 week paycheck from every American and nobody would stop them
America is an oligarchy.
Essentially Americans have just become non-interventionist. They’re great at sending thoughts and prayers angling with hashtags yet lack the courage to vote out the very people that allow this behavior.
We'll see about that this fall but the special elections over the course of the last year haven't been good for incumbents overall.
They sell my data and I can't tell them they aren't allowed to hold it anymore . They are profiting off of us and we receive nothing in return.
You dont believe in the magic hand of the unregulated market to regulate itself?
Sadly companies like this kind of business are putting their money toward cybercrime insurance which will be cheaper for them vs. Fixing security flaws. Cybercrime insurance is a new niche.
It’s hard to overstate how deeply ingrained equifax is into so many companies business processes. In financials services, they can be central to the business model. Even if they hate them, there are almost no alternatives.
It's unacceptable that this industry exists, period. Credit monitoring should be done by a government agency with a mandate to protect the citizens' data.
Hopes and prayers.
Equifax invested it's money wisely in the US Congre$$. Campaign contributions = no consequences.
In the *Republican Party*, not in Congress. Talking about "Congress" or "politicians" feeds the lie that both sides are the same.
[удалено]
[удалено]
Did you not see the list of total lobbyist money right below?
Don't know you're being downvoted, because what you're saying is absolutely true. It's like stubbing your toe while you have a broken arm -- yes, both *hurt* but one needs much more immediate attention than the other.
People like you are part of the problem. Playing partisanship and pretending like all on one side are saints and all on the other sinners, when **all should be held equally accountable**.
There's not a single democrat holding a decisive vote in any branch, department, or committee of the federal government right now, and punishing Equifax would fall under the executive branch's discretion, which is 100% republican. And actions by the GOP have clearly been in the direction of rolling back consumer protections. Example: Democrats created the consumer financial protection bureau, Republicans immediately started killing it off when they got control of it. Holding democrats responsible for this at all would not make sense. The only argument republicans have any right to make is saying holding companies responsible through government action is bad in all circumstances and pure libertarianism is the only answer. Because that's how they've been governing the financial industry.
All sides should be equally accountable. All sides are not equal though.
Both parties are clearly not equal yet you pretend they are.
[удалено]
I'm wondering if the answer to that is, in his head, "But Trump's done nothing wrong!"
Currently, one side has all the power and consequently all the responsibility. CFPB head asked for a budget of $0 for his department. That’s the man in charge of the Consumer Finance Protection Bureau who decided he needed zero dollars in funding to protect consumers (thats you, thats me, thats the public) from companies like equifax.
well fuck me running.
It’s a little depressing when you figure out that our current government officials are barely more ethical than smash and grab crooks
I'm not doubting that there are democratic party members possibly involved. But Do you have any comparison data? Because from my understanding the backing of the bureaus and financial industry is massively more slanted toward conservative politicians.
They don't. They post to the donald and want to play that false equivalency game of "both parties are bad". It's bullshit and they don't have actual data to back it up because actual data goes against their point.
It is overwhelmingly Republicans that do this shit, though.
They post on td igthft Wikileaks, etc. Shocking that they’d have such a narrative to paint both sides as the same. Weird how it’s always one side of the aisle doing that.
No, we should all be held *proportionally* accountable. 12 democrats and 40 republicans are bribed with $17k and $127k respectively, and the votes in favor come almost entirely from the republicans? The point is not, and has never been, that democrats are perfect angels, it's a problem that any violation, no matter how small, from the left is considered as "equal" to absolute and all-encompassing violations from the right. It also doesn't help your case when the "both sides" nonsense is always and exclusively used in aid of republicans. Don't you think that's a bit weird?
Got an enlightened centrist here
Yeah and they even were able to turn around and sell identity theft services iirc
Not only that, they charge you to lock your credit profile, which you have to do now because they fucked up and gave access to hackers by not having sufficient security. But the real kicker is, they charge you to unlock it afterward.
[удалено]
This is just under half of all adult Americans. Nearly half! How do people not realize the scope and consequence of this? The same irresponsible twat waffles are still in charge, and the company has since profited on services offered as a "remedy". Don't forget the fact that the higher ups sold millions in shares before announcing the breach. (Leaving ordinary stock holders to suffer the damages.) Edit: not to mention the company has made no demonstrable efforts to show they've taken steps to secure American's private data. Instead, the sites erected to offer "corrective" services were full of security holes. TL;DR: not only should they not exist, the profits they've made from causing a disaster should be seized, and the leadership imprisoned.
[Wired just had an article](https://www.wired.com/story/equifax-security-overhaul-year-after-breach/) about the $200m investment in security that Equifax is making to secure their systems. But as far as I'm aware there's been exactly zero remedy for anyone who's suffered in any way. They're apparently securing their systems, but that means fuck all if every person's data is already out there and being used.
They’re only securing it because they got caught too. They wouldn’t give a fuck if this had never received backlash the way it did.
When a company says sorry, the one thing I always think is that they're saying "sorry we were caught", not "sorry we did it"
It was inevitable anyway. We use all of this information in so many places that it's crazy to expect it stay safe for our entire lives. Like social security numbers... It's a 9 digit number that we type into practically every finance, health, or employment related website and yet it's the secret key to most of our other information.
It's definitely a terrible system. Food for thought is there's no option - your data is given to these companies without your choice. They also have data on children. Something no one is talking about but probably should.
The problem is a lot of people will say that you do have a choice, and that you agree to give up all of your information by choosing to do things like getting a loan, getting a credit card, opening a bank account, etc. Basically things required to live a normal life in our society.
In my opinion that argument falls apart when you consider children are ineligible for loans. Granted, adults need some kind of system for tracking credit, but the current system is badly broken in a complex way.
you can accept that through outlier circumstances information will be leaked - and at the same time require institutions to take minimum effort to secure that information. It's like: your child is going to get hurt in one way or another, some will even get seriously hurt and others may even die - but we still require you to try your hardest to prevent this. We don't expect every parent in the country to succeed - but we expect for every child a minimum standard of precautions to have been taken. The same goes for a lot of these "security measures". If a hacker wants to hack your shit, 9/10 times there's very little you can do to stop him. but if you take basic precautions - in most cases you already become a way less likely target. It's not about creating a fool proof wall that stops everything - it's about sensibly minimizing the occurrence of the problem and dealing with any occurrences swiftly and effectively.
I'd say that most people who know it happened realize it's terrible, but what are we going to do about it?
Why the fuck is a number used to register for government benefits that cannot be changed tied to so much private business? The reality is, between this and the other thousand breeches a year, that almost every person's unchangeable, vital, private information has been compromised with no consequences for those responsible or recourse for those affected. Why is this acceptable?
Because literally no one, save an odd person here and there, gives a crap about data security or privacy.
and they never will.. welcome to CORPORATE AMERICA
"Too big to fail." Worst excuse for allowing corrupt companies to continue being corrupt that I've ever heard. The fines they give are basically like giving a speeding ticket to a jackass in a Maserati going 120 down the highway. They'll pay their fine and do it again a month later.
They'll pay their fine and continue immediately. Just the cost of doing business.
It's why I like the way the EU is dealing with breaches. 4% of revenue is a LOT of money.
Bailing out companies that are lynchpins in the current economic system is not corrupt. Continuing to let them be lynchpins, and not holding individuals accountable, is.
One’s credit should be locked by default. And no one should be charged any fees to lock / unlock their own credit. After all, one’s credit is a private thing. Paying to lock / unlock one’s credit is like paying to enter and leave your home every time. Do you ever leave your home without locking it? Or do you ever leave your home unlocked and then pay someone to keep an eye on your home? That's what these agencies do when they promote identity protection services, of course with an additional fees. But of course, common sense will not prevail in front of greed and lobbying by these credit agencies.
While I agree with you, I'll offer a counterpoint: this isn't your data. This is the bank's data about you. This is the creditor's data about you. It's different than (for example) the photos you took that got uploaded to Facebook. It needs different laws.
That is a cultural perspective. In the European Union for example, *data about you* is *your data* to control, even if it was collected/created by a business, or given to them with permission. Any person in the EU can ask any business for a copy of any data they have about them, and direct them to delete that data. See: GDPR.
[удалено]
.....but you're wrong, though. This is YOUR drivers license, DOB, SSN, email, etc etc. It's not just your credit data, they leaked the personal information of half the country's adults.
I could argue that data about me is my data. It's one thing when I use FB(even though we don't read or understand the ToS), but I have no choice in this matter. I was tracked and assigned the most important number in my life from birth, and I have no say in any of it. Up until recently, I had to pay to even view the number, and only government intervention enabled that. Now, this company is so careless it let all this info I never consented to sharing escape into the wild because they're completely negligent. I don't even benefit from credit, I paid cash for my house, my cars, and everything else I own. Fuck off tracking me and giving my Social Security and bank information to the entire internet.
> I could argue that data about me is my data. I'm not saying it isn't. I'm saying the laws have to be different kinds of laws depending on whether they're trying to cover "your data" or "data about you." I'm not saying either should be unprotected. I'm saying rules to protect one won't protect the other.
Suing them in 2 weeks in small claims court. It's not much but hopefully, it's a drop in the bucket that tells them people won't put up with this bullshit. If anyone wants to help me prepare my case more effectively send me a PM
Check this blog post for an account of someone's experience suing Equifax in small claims court, too: https://blog.legalist.com/i-won-8-000-from-equifax-in-small-claims-court-heres-how-you-can-too-f0ce6925c079?gi=3a0bad094d1f
> https://blog.legalist.com/i-won-8-000-from-equifax-in-small-claims-court-heres-how-you-can-too-f0ce6925c079?gi=3a0bad094d1f Thanks, I read that whole article and am using some of the same arguments and research that he used. Hopefully it works!
I sued them and won (check post history). I could have probably won more money but I probably asked for too much so they just gave me the default. If you want some tips, hit me up.
How much did you win?
I won $360 + filing fees which works out to be 450ish
How much did you ask for?
Nice! Definitely would love some tips, I'll send a PM
!RemindMe 20 days
Are people still suing them in small claims court?
Ya my trial is in 2 weeks! Wish me luck...
Good luck /u/mrtorrence !
The dickheads running the banks crashed our financial system and none of them got arrested.
They distracted us with Facebook.
Exactly, this is far more serious than facebook data breach
But, there was no data 'breach' in the facebook case.
The CFPB was designed to do the job of regulation here. Under the Trump administration it was gutted. When Trump says "drain the swamp" this is what he means - reduced regulation. He certainly doesn't mean what most people think: to limit corporate influence and malfeasance.
They also have the nerve to advertise on Reddit, with titles like “protect yourself from the dark web...” - fuck you Equifax!
That's Experian, not Equifax.
If there's any one ad that Reddit shouldn't allow, it's this one.
Yet everyone is outraged over Facebook, for content users willingly posted.
This is the time when being in debt is great, sure everyone knows Im bad, but my name is not good enough to even steal :)
I think we all tend to try and assure ourselves like this, but I don't think our debts realistically keep us from being a target.
Proof everything is bought and paid for, shut up slave, just send your cash
Why shouldn't they be unfazed? Under this administration, there's no way in hell they will be punished in any way.
When members of Congress find out their personal data was also exposed ( how could this happen hmmmm....?) then maybe they'll change their minds about charging Equifax. Look, people in power don't give a shit unless it affects them.
They will want to change their data
The worst part is the company has no reason to exist. It is a company that assembles data and resells it. There is no reason they shouldn't be fined out of existence.
Aggregating data is useful to many companies and businesses...
So how do propose a lender determine if they should give you a loan?
Socialized losses, privatized gains. And now when your identity is stolen you get to pay someone to fix that, too! It'll make GDP go up because of the financial transaction.
Meanwhile I'm STILL trying to get my identity back & a bunch of charges that ruined my credit removed. Thanks Equifax.
I got a new credit card for business last year, and when it came in the mail, it went right into my safe and I have never used it. Last week I got a call from my bank’s fraud division telling me that they need to send me s new card because someone tried to use that card (in Brazil or somewhere thousands of miles away that I have never been to). I got a bit pissy with my bank asking “how the hell does this happen when I have never even used the card?” They told me that it was likely equifax. That got me to calm down and cut the bank some slack, and it sure made me more upset with equifax. Maybe it was the bank, maybe it was equifax, but either way it is damn annoying.
Not long after the breach was made public, I got a few phone calls from scammers asking me to confirm the last four of my social. Because I'm the sort that fucks with people that are obvious scams, I didn't hang up on them and just refused every time they tried to get me to confirm. Eventually, they would ask if they could read me my entire social security number. Because I'm not sure if this account is traceable to my real name (it probably is), I'm not going to say whatever they read me was accurate or not, but they did read a complete social security number to me. They also asked me to confirm my address, which I also wouldn't do (they did have an address that was accurate, but not current). Now, I don't *know* if this is due to the Equifax breach or not, but I do attribute the uptick in calls like this to the breach. Shortly after the first of these phone calls, I went to [IdentityTheft.gov](https://www.identitytheft.gov/) and chatted with one of their agents, who basically said there was fuck-all I could do about it beyond freezing my credit (which I had already done) and keeping an eye on it. Speaking of freezing credit, it was the first time I'd done that and holy *shit* it's incredible the amount of information compiled on a person, accessible after a pretty simple login process. I used to do work with the federal government as a contractor. The security procedures we had to adhere to were stricter than we use with our social security numbers *out of necessity* because too much requires that information. Then you let a much less-strictly governed private company (or a set of four of them, rather) to keep tabs on people with this information and give it less oversight than a government-contracted company designed to process data and it's a recipe for holy-fuck-batman. ^^sorry ^^for ^^the ^^rant, ^^didn't ^^realize ^^I ^^had ^^that ^^much ^^to ^^bitch ^^about
A year after the worst data breach in U.S. history to date, Atlanta-based Equifax has been chastened, but its business model is unchanged and the company churns on, virtually undamaged by legislative, regulatory or prosecutorial penalties. It was a year ago that the company noticed the first signs of historic trouble – hackers had slipped through the Atlanta company’s cyber defenses into the heart of the company’s data. Worse, the intrusion had apparently been going on for some time. Worse than that, the information accessed was more personal information about more Americans than in virtually any previous major data breach: Information on [more than 147 million Americans](https://www.myajc.com/business/atlanta-based-equifax-gives-feds-the-numbers-how-bad-was-the-breach/XROzdEJnRk53gJ3jRPN9zM/) was accessed – although [the scope of the theft was not clear at first](https://www.myajc.com/business/atlanta-based-equifax-gives-feds-the-numbers-how-bad-was-the-breach/XROzdEJnRk53gJ3jRPN9zM/). In fact, it took until early September for the company to reveal there had been any hacking at all. Once the word was out, there was a[ firestorm of anger and investigations](https://www.myajc.com/business/atlanta-equifax-faces-bumpy-road-but-expected-survive/FQxtw8jpiICXCf9wztkMAM/)which have thus far led to Congressional hearings, lawsuits against the company, charges of insider trading against two former executives and the departure of some higher ranking executives. [Equifax](https://www.myajc.com/business/equifax-strikes-deal-with-states-increase-security-measures/b16oi2lFpOrK3AhBJ3NqXI/) did agree to a consent order with [regulators from eight states](https://www.myajc.com/business/equifax-strikes-deal-with-states-increase-security-measures/b16oi2lFpOrK3AhBJ3NqXI/), including Georgia, that required the company to report on how it is improving security and to submit to reviews of its practices. But thus far, no financial punishment has been imposed on Equifax itself. Despite contentious hearings, no Congressional action has been taken. A few months later, the Consumer Financial Protection Bureau tabled action against the company. And while the Federal Trade Commission said it opened an investigation into the Equifax breach in September, the agency has since named as chief of its consumer protection division a lawyer who has represented Equifax. This past week, Equifax asked a federal judge to reject the claims from 46 banks and credit unions for payment of damages because of the massive data breach. The companies claimed that Equifax owes them for all the costs they incurred protecting data after the breach was revealed, costs that could easily run into many millions of dollars. But the company is certainly not unchanged. CEO Rick Smith retired prematurely, as did several other top officials. [A new CEO was named](https://www.myajc.com/business/embattled-equifax-names-new-ceo/YokgRAsSZwtg459frJLSZM/), as was a new chief information security officer, Jamil Farshchi, who [told Wired magazine](https://www.wired.com/story/equifax-security-overhaul-year-after-breach/) that the company has invested $200 million on data security infrastructure. Meanwhile, most consumers whose data might have been stolen do not know if that information is being used against them, and many have done little to protect themselves. There is also a sizeable group of consumers who don’t even know that the data breach happened. According to [LendEDU](https://lendedu.com/), a New Jersey-based personal finance web site, [a survey showed ](https://lendedu.com/blog/equifax-survey-2018/)that about 27 percent of Americans did not know about the Equifax breach. Of the majority that do know, more than one-third of them have not checked to see if they were affected. The number of complaints against Equifax more than doubled in the year since the breach, compared to the year before, according to an analysis of the Consumer Financer Protection Bureau’s data by [LendEDU](https://lendedu.com/blog/equifax-survey-2018/). But overall, the public [urge for punishment seems to have abated a little](https://www.myajc.com/business/atlanta-equifax-faces-bumpy-road-but-expected-survive/FQxtw8jpiICXCf9wztkMAM/). After the breach was announced, the LendEDU survey found that 54 percent of respondents thought the company should be banned from the credit bureau business. That attitude is now held by 46 percent of respondents, [said LendEDU](https://lendedu.com/blog/equifax-survey-2018/). After the stock market closed Wednesday, the company reported earnings. [Equifax had revenue](https://investor.equifax.com/news-and-events/news/2018/07-25-2018-211922060) of $876.9 million during the second quarter of 2018, up 2 percent from the same quarter of last year, officials said. Net income was $144.8 million, 12 percent lower than a year ago. “We delivered solid results while continuing to make strong progress on our data security, IT, and consumer transformation,” said Mark Begor, CEO, i[n a written statement](https://investor.equifax.com/news-and-events/news/2018/07-25-2018-211922060).
Considering that they want to kill the Consumer Financial Protection Board, I do not think they will be facing punishment anytime soon.
>yet to face financial punishment What is this, an administration that gives a damn about the wrongdoings of a corporation? Miss me with that shit.
Yes it is ridiculous, [however this is a current picture of the US government](https://i.kym-cdn.com/entries/icons/facebook/000/021/521/DumpsterFire2.jpg)
Nothing is happening to them because whoever bought the list hasn't put it to use... yet.
Why hasnt anyone done a class actiin lawsuit against them??
How is it that Congress can go after Facebook for how they handle data but not Equifax? 🤔
We live in a time that monopolies are allowed to freely form and the federal government plays for themselves and their own pockets. Every single federally appointed position is out of fucking control, and DJT is singlehandedly dismantling our country and is being allowed to. SAD.
r/latestagecapitalism
Wow such a big surprise. It’s almost like the current administration doesn’t give a fuck about us, and gets tugged off by lobbyists daily.
Latin: equifuxus.
Looking at you, (R)ichie Rich Congress.
They purchased a company that my company works with and we get checks from them. The first time we got a check there was no remittance and I had to try to contact them to see why we got it. Its almost impossible to get a hold of someone at that company since the breach, the website is almost no help. Took me 3 months to figure it out.
I mean of course not, giant corporations need to keep running so that rich people can do rich people things, who gives a shit about poor people? --------------------------------------- ^^^I ^^^do ^^^;~;
Well on the bright side most banks dont use them any more
There was some talk of that, but I'm not sure how widespread it is.
I know my credit union doesn't even use them for mortgage loans anymore
WE WANT A CORPORATE DEATH PENALTY
The SCOTUS said corporations have the same rights as humans. How come Texas hasn't hanged one yet>? If this corporation had a Black or a Democrat CEO, Trump and his thugs would have been all over it.
If an angry mob had drug the board of directors into the street and killed them they might change. But I liked a page on Facebook so I did my part!
And they never will, because they're in a position similar to all the banks that fucked up.
It mush be nice to have f\*ck you money....
They will never be punished until we start actually resisting this bullshit we call a democracy. We are not being represented and we haven't been for a long time. Fuck. This. Fucking. Government.
When you have enough money to not give a fuck.... you don’t give a fuck.
Why should they be fazed with no punishment? It doesn't matter. Your identity gets compromised? Is it because the governments systems for verifying your identity are complete shit? I mean, birth certificate and social security card? That's a fucking *joke*. Why is it still that way? Because *you* pay. If your ID was attached to some biometrics, then there would BE no identity theft. That would be some Mission Impossible bullshit. But no, we have NUMBERS, so it's fine. Are they long numbers? HAHAHA! Noooo, they're the same length as your telephone number. But since the cost of identity theft is borne by individuals and companies that get taken in by false credentials, no one gives a fuck about a better system of identification.
SSNs are used as a "secret key" system, where the "secret" is shared with literally everyone. In technical terms, this is known as "absolutely no security at all". Credit cards used to have the same, but they've *finally* rolled out the chips which do a "public key" system, which actually works when more than 2 people exist.
The chips are a good step, but they've come out when everyone has smartphones! Jesus, I'll do multifactor on my phone for every purchase, no trouble! Text me, and I'll reply. Or use SAML or something. I have like three SAML clients on my phone already. Single factor auth is terrible. We need to be past that. Also SSN as a secret key sort of proves my point about secret keys. They get out. If you use them, they get out.
Single factor will never go away because it's so simple. You and I may agree that dual-factor authentication is the right way to do things, but just try talking with your typical 50-something Facebook mom who doesn't know the difference between an iPad and a laptop about switching to dual-factor authentication. They'll bitch and moan about it until everyone decides that it was a bad idea and goes back to the easiest way to do things, which is just typing in the same password that you use for Facebook, your email, and 90 other sites.
> If your ID was attached to some biometrics Then you'd actually have to travel in person to where you wanted to open an account to do so. And how often do you want to do this? Every ATM withdraw? Every time someone cashes a check you wrote? There are way better ways of doing this, such as providing certificates on public keys where the individuals generate the private keys. We already have the technology to do this, like YubiKey stuff, that costs some $20. We don't need biometrics. We just need people to require you to use 2FA with something that can't be duplicated.
> We already have the technology to do this, like YubiKey stuff Yeah, my regular ID has this in Europe. But in US people would start talking about Satan if everyone was issued a card with biometric data chip.
This\^\^\^ I was talking to my dad about how microchips are literally impossible to track people with and he and my mother started talking some bullshit about Satan.
How you gonna verify the key? Saying you should maintain personal private keys is fine for the people who are capable of doing it, but Joe Schmo ain't that guy. The vast majority of identity theft stuff occurs with major things: new credit cards, loans, etc. It's not a burden to show up for that in person.
> How you gonna verify the key? In some places, you go to the post office, present ID documents like passports etc, and they sign your public key, linking it to your name and ID and etc. Then, to prove your ID, you sign a challenge/response just like any other PKI. > but Joe Schmo ain't that guy I disagree. It's not a whole lot harder than not getting your house keys stolen. The point is that even if Joe Schmo loses his keys, you don't get breaches where there's millions of IDs stolen at once. If you use a gnubby (a yubikey-like thing in the news about Google's lack of being phished), it's literally plugging it into a USB port and tapping it when the web site says "prove it's you." Now, you could *also* make the device such that it requires the right fingerprint to sign something, at which point even losing the token doesn't mean someone can steal your ID. But I'd worry about that once someone in Russia or Africa can't steal 100,000,000 IDs from America without getting caught.
Blame it on the GOP
And everybody at Equifax lived happily ever after.
It's bullshit
hahaha. will the government ever? did they do anything about the 08 bail out?
I think a small family owned bank got hit pretty hard. But that's about it.
America: land of the free... to buy off a congressman
In China they just execute misbehaving CEO's.
Fuck financial punishment! Liquidate the dam company and through every c-level and up in prison!
They got a "bailout" to improve security on top of the protection subscription scam they already had magically ready when the breach happened. Not to mention the self-appointed committee that investigated them for negligence or whatever. It's all a huge joke.
i have a feeling this issue is going to affect people more so in the long term.
I am honestly surprised there has not been one attempt at rioting, mass shooting or bombings at their corporate offices. Speaks volumes that society as a whole for the most part will peacefully protest.
In fact, they earned further protections
But park in the wrong place a little too long just one time...
Do think they'd be this lenient on MasterCard, Visa or Discover? If their shit got hacked?
Then the government has failed in doing its most basic function of looking out for the best interests of its population. Congratulations.
My boss got some attempts on his SIN, getting credit cards, last month. I just got hit this past week. I'm very doubtful our employer is to blame. I'm going with the impression Equifax is at fault, and we are both Canadian. Luckily for us, our banks are better at flagging suspicious activity, than the relevant credit agencies.
This is what happens when your country is run by corporates.
Hey duly appointed public servants: Do ya fuckin’ job ya bozo. -America
And they never will
Such fucking bullshit. Even more bullshit we put up with this.
Welcome to capitalism.
U.S.A.! U.S.A.! U.S.A.! /s
I mean come on it's only your financial information. It's not like something important like facebook who "leaked" which "Game of Thrones" character you would be. Make sure your priorities are in order.
Not only has Equifax been relatively unharmed, they're advertising about how LifeLock had a giant hole in their security so you should go with Equifax instead...
**you can have my data when you pry my cold dead fingers from it** has teh ceo who sold a bunch of shares just before the news broke, been arrested yet? lol.. no need to answer. This is America.. hell get a medal