If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Hill)   Equifax feeling the heat after their cyber security breach. Congress might even send them a harshly worded letter and everything   ( thehill.com) divider line
    More: Asinine, Fair Credit Reporting Act, Credit score, Equifax breach, Equifax executives, Credit card, Credit, data breach, Credit history  
•       •       •

928 clicks; posted to Business » on 13 Sep 2017 at 8:50 AM (36 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



58 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest


Oldest | « | 1 | 2 | » | Newest | Show all

 
2017-09-13 04:39:58 AM  
I'll be VERY surprised if anything bad happens to Equifax.  sure they broke tons of laws, and several of their execs should probably be fired and/or maybe arrested....but lets be honest.  these people have money.  LOTS of money.  which means they are above the laws the rest of us peons have to obey.
 
2017-09-13 05:40:44 AM  
Equifax feeling the heat after their cyber security breach. Congress might even send them a harshly worded letter and everything

They should send a harshly lettered word. May I suggest:
img.fark.netView Full Size
 
2017-09-13 07:21:07 AM  

Weaver95: I'll be VERY surprised if anything bad happens to Equifax.  sure they broke tons of laws, and several of their execs should probably be fired and/or maybe arrested....but lets be honest.  these people have money.  LOTS of money.  which means they are above the laws the rest of us peons have to obey.


Don't forget. They are also white.
And men.
 
2017-09-13 08:08:11 AM  
Steven Munchin called the hack "unfortunate."  Not inexcusable.  Not unprecedented.  Not outrageous.  Unfortunate.

fark this administration.
 
2017-09-13 08:53:21 AM  
img.fark.netView Full Size

... and then I said: "Your data is safe with us"...
 
2017-09-13 08:55:12 AM  
Lawmakers want to know how the breach happened and what the company is doing to limit the damage.

Someone found a USB stick in the parking lot and got curious?
Someone Clicked The Link (tm) hoping to win a free trip (or thought it was an important invoice/scanned document)?

I mean, I'm just spitballing here...
 
2017-09-13 08:58:21 AM  

Weaver95: sure they broke tons of laws


A data breach, in and of itself, isn't an automatic "broke tons of laws."  They'll have to prove they exercised due diligence and due care.  Yes, though, that's where the tons of $$$ comes into play; and probably where they'll get off scot-free.

Actually, I'm trying to think of which specific law is applicable for an organization like Equifax.  SARBOX maybe?  I know a health facility, if they have a breach, are potentially liable under HIPAA and HITECH.  And the fines per record (apparently) are crazy:  $60k per record, max, IIRC.  Donno about financial data or other forms of PII...
 
2017-09-13 08:59:20 AM  

Weaver95: I'll be VERY surprised if anything bad happens to Equifax.  sure they broke tons of laws, and several of their execs should probably be fired and/or maybe arrested....but lets be honest.  these people have money.  LOTS of money.  which means they are above the laws the rest of us peons have to obey.


Out of curiosity, what laws did they violate?  It's not like there's a HIPAA equivalent for people's financial information.
 
2017-09-13 08:59:37 AM  

Weaver95: sure they broke tons of laws


and I continued reading the article.  Yeah, they could've broken tons of laws if they sold off their stock before revealing the breach.

christ.  *headdesk*
 
2017-09-13 09:02:24 AM  
xanadian:

Actually, I'm trying to think of which specific law is applicable for an organization like Equifax.  SARBOX maybe?  I know a health facility, if they have a breach, are potentially liable under HIPAA and HITECH.  And the fines per record (apparently) are crazy:  $60k per record, max, IIRC.  Donno about financial data or other forms of PII...

My understanding is that for credit reporting bureaus there is no law akin to Sarbanes-Oxley or HIPAA.  That's part of the problem.
 
2017-09-13 09:02:45 AM  
And I continued reading more.  SQL injection, maybe...or unpatched software.
 
2017-09-13 09:05:03 AM  
Why can't hackers do something constructive. Like wipe out all personal debt?

Or is that too hard for them? Yeah. They're too weak. There's no way they could pull that off.
 
2017-09-13 09:06:58 AM  

vudukungfu: Weaver95: I'll be VERY surprised if anything bad happens to Equifax.  sure they broke tons of laws, and several of their execs should probably be fired and/or maybe arrested....but lets be honest.  these people have money.  LOTS of money.  which means they are above the laws the rest of us peons have to obey.

Don't forget. They are also white.
And men.


Tell me again how being a vigilanty (sp?) is a bad thing?
 
2017-09-13 09:07:37 AM  
If Equifax isn't pulled apart, all of its datastores securely wiped and the remaining assets auctioned off for pennies on the dollar to help cover the life sentences being served be every executive in the company, any response that actually occurs didn't go far enough.

In a civilized society, these massive identity theft organizations wouldn't even be allowed to exist.
 
2017-09-13 09:07:38 AM  

Destructor: Why can't hackers do something constructive. Like wipe out all personal debt?

Or is that too hard for them? Yeah. They're too weak. There's no way they could pull that off.


Because "hackers" aren't out there fighting the man.  They are working for him.  Because frankly, the world isn't worth saving and there's money to be made.
 
2017-09-13 09:09:15 AM  

Robo Beat: xanadian:

Actually, I'm trying to think of which specific law is applicable for an organization like Equifax.  SARBOX maybe?  I know a health facility, if they have a breach, are potentially liable under HIPAA and HITECH.  And the fines per record (apparently) are crazy:  $60k per record, max, IIRC.  Donno about financial data or other forms of PII...

My understanding is that for credit reporting bureaus there is no law akin to Sarbanes-Oxley or HIPAA.  That's part of the problem.


Insider trading.  A few executives sold stock after the breach was discovered, but before it was made public.
 
2017-09-13 09:10:06 AM  

vudukungfu: Weaver95: I'll be VERY surprised if anything bad happens to Equifax.  sure they broke tons of laws, and several of their execs should probably be fired and/or maybe arrested....but lets be honest.  these people have money.  LOTS of money.  which means they are above the laws the rest of us peons have to obey.

Don't forget. They are also white.
And men.


And everything they're guilty of, our government actively participates in.  Insider trading?  So what? Doing everything in your power to get viruses?  Trump does that every time he rage tweets from the toilet.
 
2017-09-13 09:12:22 AM  

Robo Beat: xanadian:

Actually, I'm trying to think of which specific law is applicable for an organization like Equifax.  SARBOX maybe?  I know a health facility, if they have a breach, are potentially liable under HIPAA and HITECH.  And the fines per record (apparently) are crazy:  $60k per record, max, IIRC.  Donno about financial data or other forms of PII...

My understanding is that for credit reporting bureaus there is no law akin to Sarbanes-Oxley or HIPAA.  That's part of the problem.


They are public traded company so they would be subject to Sarbanes-Oxley, but that may not matter as much. They may have a small PCI scope for transactions and the like, but that would just be fines.
 
2017-09-13 09:13:01 AM  
Don't worry, they'll make their money by telling your creditors that you were hacked and are unworthy of credit.  That way everybody wins.
 
2017-09-13 09:24:28 AM  

beantowndog: Don't worry, they'll make their money by telling your creditors that you were hacked and are unworthy of credit.  That way everybody wins.


They're going to keep making their money the same way they always do because they have almost no legal obligations to help clean up the mess they made, or even to have prevented it in the first place.

They literally took everything that makes you a person in our society, made money reselling it, and then lost it to criminals.

And they have NO obligation to fix the mess they've made.

Hundreds, if not thousands, of innocent people are likely to be charged with crimes committed by someone who used data from this breach to steal an identity. Some will probably even serve prison time because of it.

Millions will likely suffer economic harm, possibly life altering. People who have never missed a bill payment will have their credit ruined by identity thieves costing them homes, cars and even jobs. Billions of dollars in excess interest will be paid by victims.

And what will Equifax's executives do?

Laugh allll the way to the bank because there's not a damn thing they have to do about it and proving a lawsuit against them will be nigh impossible in this age of constant breaches.
 
2017-09-13 09:27:28 AM  
Do they have any idea who might have done the hacking? State sponsored? Russia again? China? Eastern European? The mafia?
 
2017-09-13 09:28:41 AM  
Well I know Iwon't be doing business with equifax in the future.

Wait...
You mean nobody actually got to choose to do business with them and nearly half the American population was their customer without ever having signed a contract with them?

Oh... Well then all that "value" they lost on monday was probably just equifax board members panic selling before they dropped the news.
 
2017-09-13 09:29:16 AM  

RandomInternetComment: Do they have any idea who might have done the hacking? State sponsored? Russia again? China? Eastern European? The mafia?


A joint effort between TransUnion and Experian.
 
2017-09-13 09:36:24 AM  

BeesNuts: Well I know Iwon't be doing business with equifax in the future.

Wait...
You mean nobody actually got to choose to do business with them and nearly half the American population was their customer without ever having signed a contract with them?

Oh... Well then all that "value" they lost on monday was probably just equifax board members panic selling before they dropped the news.


You're not their customer, you're their product. They have compiled your economic fingerprint that makes you a person in our society, and they sell that to OTHER businesses.

You're basically just a pack of gum on the shelf that got lifted.
 
2017-09-13 09:36:34 AM  
I can't believe that they weren't raided. You have the info that the managers sold off their stock and have probably done some insider traiding doing so and you do nothing and expect the company to honestly tell you when the managers were informed?

/this time isn't used to get rid of compromising information, no sir
//because that would also be against the law
///are the bonuses safe?
 
2017-09-13 09:37:24 AM  

Vacation Bible School: RandomInternetComment: Do they have any idea who might have done the hacking? State sponsored? Russia again? China? Eastern European? The mafia?

A joint effort between TransUnion and Experian.


We had a discussion not too long ago about companies bringing in hackers, much like we have state-sponsored hacking.  So, it's possible.
 
2017-09-13 09:37:45 AM  

Weaver95: I'll be VERY surprised if anything bad happens to Equifax.  sure they broke tons of laws, and several of their execs should probably be fired and/or maybe arrested....but lets be honest.  these people have money.  LOTS of money.  which means they are above the laws the rest of us peons have to obey.


While I'm sure what you said will come to pass, I wonder exactly how much farking-over the proles will take until the pitchforks come out?
 
2017-09-13 09:39:52 AM  

xanadian: Vacation Bible School: RandomInternetComment: Do they have any idea who might have done the hacking? State sponsored? Russia again? China? Eastern European? The mafia?

A joint effort between TransUnion and Experian.

We had a discussion not too long ago about companies bringing in hackers, much like we have state-sponsored hacking.  So, it's possible.


Wouldn't the other two companies already have most of this same data already?
 
2017-09-13 09:40:27 AM  
Back in the day, if a mine collapsed the owners could have it be judged an "Act of God" and no one would be found guilty.
I'm sure that's what will happen here.
No one found at fault and everyone goes on with their lives.
 
2017-09-13 09:44:02 AM  

RandomInternetComment: xanadian: Vacation Bible School: RandomInternetComment: Do they have any idea who might have done the hacking? State sponsored? Russia again? China? Eastern European? The mafia?

A joint effort between TransUnion and Experian.

We had a discussion not too long ago about companies bringing in hackers, much like we have state-sponsored hacking.  So, it's possible.

Wouldn't the other two companies already have most of this same data already?


IF this were happening, I'd guess that TU and Experian wouldn't care that they already have the same data. It would be an effort to make Equifax poison and remove them from the market.
And then there were two.
Now all we need is all the C-levels from the other two to battle to the death in an arena in the middle of the south pacific...
 
2017-09-13 09:50:00 AM  

Weaver95: I'll be VERY surprised if anything bad happens to Equifax.  sure they broke tons of laws, and several of their execs should probably be fired and/or maybe arrested....but lets be honest.  these people have money.  LOTS of money.  which means they are above the laws the rest of us peons have to obey.


Yes, but included in the 143 million people they screwed are people with far, far more money. And lawyers. Far, far better lawyers. Not to mention law makers and their families, donors, and handlers.
 
2017-09-13 09:55:44 AM  

Smoking GNU


Tell me again how being a vigilanty (sp?) is a bad thing?


vigilante
 
2017-09-13 10:08:57 AM  
Recent studies have estimated the cost of a data breach to be around $150 per record stolen, up to around $450 per record if it involves HIPAA  protected data. While this sounds like a lot, it's low enough that a lot of companies have decided to say "fark it" and just accept data breaches as the cost of doing business. The business managers at these companies point out that the current cost of data breaches is still relatively low compared to regular and expected business costs like shrinkage (employee theft, broken product), so they've got little incentive to focus their attention on data security.

The problem here is that the marginal harm to the company is not commensurate with the massive harm done to consumers when their privacy is breached. A breached company will in all likelihood pay out for a year of credit monitoring and a minor amount of punitive damages. The consumer whose identity is stolen will face years of hassle, many hours of time lost, and potentially thousands of dollars of expense due to a damaged credit score when the affected individual needs credit to purchase a car or home. Due to the nature of identity theft and the difficulty of establishing a causal link to any one data breach, it will be impossible for that consumer to pursue these damages with a negligent company.

What this means is that the situation is ripe for us as individuals to demand special legal protections for our data. We need laws that give us visibility and control into how our data is gathered, stored, and used. We need mandatory reporting laws that require immediate public disclosure of data breaches. We need to authorize special and punitive monetary damages to affected individuals to recognize the fact that data breaches do cause serious harm to those affected.
 
2017-09-13 10:10:17 AM  
To be fair, selling the dataset back to Equifax after downloading it and purging it from their systems would be a masterstroke of making money on all sides.
 
2017-09-13 10:18:58 AM  

xanadian: Vacation Bible School: RandomInternetComment: Do they have any idea who might have done the hacking? State sponsored? Russia again? China? Eastern European? The mafia?

A joint effort between TransUnion and Experian.

We had a discussion not too long ago about companies bringing in hackers, much like we have state-sponsored hacking.  So, it's possible.


Hell that was how you got an IT job in the late 90s, you hacked their website and then they paid you to fix it. That only worked because the internet wasn't a big part of their balance sheet.

Nowadays, if you hack their website the company could very well go out of business, so you extort them instead of looking for a job.
 
2017-09-13 10:19:15 AM  
Until it's less expensive for companies to properly secure their data than it is to issue a lame milquetoast apology after the fact, this kind of shiat will keep on happening.
 
2017-09-13 10:24:42 AM  

Destructor: Why can't hackers do something constructive. Like wipe out all personal debt?

Or is that too hard for them? Yeah. They're too weak. There's no way they could pull that off.


I had choices for this one.

img.fark.netView Full Size


or...

img.fark.netView Full Size
 
2017-09-13 10:30:23 AM  
I'm feeling the concern
 
2017-09-13 10:33:42 AM  

skozlaw: beantowndog: Don't worry, they'll make their money by telling your creditors that you were hacked and are unworthy of credit.  That way everybody wins.

They're going to keep making their money the same way they always do because they have almost no legal obligations to help clean up the mess they made, or even to have prevented it in the first place.

They literally took everything that makes you a person in our society, made money reselling it, and then lost it to criminals.

And they have NO obligation to fix the mess they've made.

Hundreds, if not thousands, of innocent people are likely to be charged with crimes committed by someone who used data from this breach to steal an identity. Some will probably even serve prison time because of it.

Millions will likely suffer economic harm, possibly life altering. People who have never missed a bill payment will have their credit ruined by identity thieves costing them homes, cars and even jobs. Billions of dollars in excess interest will be paid by victims.

And what will Equifax's executives do?

Laugh allll the way to the bank because there's not a damn thing they have to do about it and proving a lawsuit against them will be nigh impossible in this age of constant breaches.


Those executives have families. They have addresses. When the people have nothing left to lose, they will act as such. And no farking tears will be shed for the poor little executives. They asked for it as far as I'm concerned.
 
2017-09-13 10:39:53 AM  
Someone in another post about this mentioned that they are going to (paraphrasing, as I don't know how this really works) buy stock in Equifax now. Because we all know that there will be no consequences or repercussions from this.
They will get away with this.
Equifax will be around for a long time.
 
2017-09-13 10:47:08 AM  

Hack Patooey: While I'm sure what you said will come to pass, I wonder exactly how much farking-over the proles will take until the pitchforks come out?


No amount of farking-over.
The answer is "none"

/actually does wants this to happen
 
2017-09-13 10:49:46 AM  

BeesNuts: Destructor: Why can't hackers do something constructive. Like wipe out all personal debt?

Or is that too hard for them? Yeah. They're too weak. There's no way they could pull that off.

Because "hackers" aren't out there fighting the man.  They are working for him.  Because frankly, the world isn't worth saving and there's money to be made.


Sure. Like I wrote: They're too weak. If they were strong they would save it. But no. "Let's just cause mischief and misery like little biatch punks. Tee hee hee." Which, of course, is why they should be put to death when caught. Tough but fair.
 
2017-09-13 10:53:04 AM  

EsqueletoAtheist: Someone in another post about this mentioned that they are going to (paraphrasing, as I don't know how this really works) buy stock in Equifax now. Because we all know that there will be no consequences or repercussions from this.
They will get away with this.
Equifax will be around for a long time.


It just that the executives working there don't seem to have the confidence that you do.
 
2017-09-13 10:57:55 AM  

Destructor: BeesNuts: Destructor: Why can't hackers do something constructive. Like wipe out all personal debt?

Or is that too hard for them? Yeah. They're too weak. There's no way they could pull that off.

Because "hackers" aren't out there fighting the man.  They are working for him.  Because frankly, the world isn't worth saving and there's money to be made.

Sure. Like I wrote: They're too weak. If they were strong they would save it. But no. "Let's just cause mischief and misery like little biatch punks. Tee hee hee." Which, of course, is why they should be put to death when caught. Tough but fair.


Killing people is wrong.

Don't kill people.
 
2017-09-13 11:02:09 AM  

BeesNuts: Killing people is wrong.

Don't kill people.


Okay. I'm certain we can reach some sort of compromise.

How about forced experimentation for the purposes of finding cures for horrible diseases? We'll even make it as painless as possible. Come on, you can't say no to that! :-)
 
2017-09-13 11:18:10 AM  

Destructor: BeesNuts: Killing people is wrong.

Don't kill people.

Okay. I'm certain we can reach some sort of compromise.

How about forced experimentation for the purposes of finding cures for horrible diseases? We'll even make it as painless as possible. Come on, you can't say no to that! :-)


People are still people despite the evil they do.  And doing evil to them doesn't make us good.
 
2017-09-13 11:24:10 AM  

BeesNuts: People are still people despite the evil they do. And doing evil to them doesn't make us good.


You're a tough customer, BeesNuts.

/Also there is a strong streak of good in you...
//No one is perfect...
///...Well... Almost no one.
 
2017-09-13 11:35:38 AM  

Destructor: BeesNuts: People are still people despite the evil they do. And doing evil to them doesn't make us good.

You're a tough customer, BeesNuts.

/Also there is a strong streak of good in you...
//No one is perfect...
///...Well... Almost no one.


I have a short list of non negotiable positions.
1.  Never torture people
2.  Never kill people
3.  Never support or defend people who violate 1 or 2

Unfortunately, I have been made party to 1 AND 2 by our government and our bloodthirsty population.  I find this kind of unforgivable.  Slightly more unforgivable than joking about state sanctioned murder/revenge fantasies.
 
2017-09-13 11:56:30 AM  

xanadian: Weaver95: sure they broke tons of laws

A data breach, in and of itself, isn't an automatic "broke tons of laws."  They'll have to prove they exercised due diligence and due care.  Yes, though, that's where the tons of $$$ comes into play; and probably where they'll get off scot-free.

Actually, I'm trying to think of which specific law is applicable for an organization like Equifax.  SARBOX maybe?  I know a health facility, if they have a breach, are potentially liable under HIPAA and HITECH.  And the fines per record (apparently) are crazy:  $60k per record, max, IIRC.  Donno about financial data or other forms of PII...


They didn't tell the public about the breach and execs were dumping stocks before they did. That's the law that they broke.
 
2017-09-13 12:27:11 PM  

xanadian: Lawmakers want to know how the breach happened and what the company is doing to limit the damage.

Someone found a USB stick in the parking lot and got curious?
Someone Clicked The Link (tm) hoping to win a free trip (or thought it was an important invoice/scanned document)?

I mean, I'm just spitballing here...


Apache struts exploit.  A month before it was announced and fixed.

https://blogs.apache.org/foundation/entry/apache-struts-statement-on-​e​quifax
 
Displayed 50 of 58 comments


Oldest | « | 1 | 2 | » | Newest | Show all


View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking

On Twitter





Top Commented
Javascript is required to view headlines in widget.
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report