Looks like Equifax was breached

travelover said:
And recall that these companies have the power to crush your credit rating if they get wrong information and have historically been deaf to efforts to get that same wrong information corrected. They have a lot of power and very little accountability.
Click to expand...

Yep - the situation really is outrageous.

Fortunately those in power are as much victims are the rest of us, so I'm hoping for some good roasting over the coals. And maybe we can even get some improvements!
 
Per this Bloomberg article, the hack may have been State sponsored. The article also includes a good summary of the events.

"The handoff to more sophisticated hackers is among the evidence that led some investigators inside Equifax to suspect a nation-state was behind the hack. Many of the tools used were Chinese, and these people say the Equifax breach has the hallmarks of similar intrusions in recent years at giant health insurer Anthem Inc. and the U.S. Office of Personnel Management; both were ultimately attributed to hackers working for Chinese intelligence."

FN
 
But Equifax still failed to patch a widely-known vulnerability.
 
flintnational said:
Per this Bloomberg article, the hack may have been State sponsored. The article also includes a good summary of the events.

"The handoff to more sophisticated hackers is among the evidence that led some investigators inside Equifax to suspect a nation-state was behind the hack. Many of the tools used were Chinese, and these people say the Equifax breach has the hallmarks of similar intrusions in recent years at giant health insurer Anthem Inc. and the U.S. Office of Personnel Management; both were ultimately attributed to hackers working for Chinese intelligence."

FN
Click to expand...

If someone was looking to recruit some spies in the US, it would be very handy to have a list of people with access to sensitive information (thanks, OPM) and then bump it up against a very current list of people who are having money trouble (thanks, Equifax!).
 
explanade said:
But Equifax still failed to patch a widely-known vulnerability.
Click to expand...

Yep, that was covered in the article. My post and the article were simply adding the new information about who might have committed the hack.

"Nike Zheng, a Chinese cybersecurity researcher from a bustling industrial center near Shanghai, probably knew little about Equifax or the value of the data pulsing through its servers when he exposed a flaw in popular backend software for web applications called Apache Struts. Information he provided to Apache, which published it along with a fix on March 6, showed how the flaw could be used to steal data from any company using the software."

FN
 
OK - IRS in hot water for renewing a contract with Equifax for identification purposes.

But get this - they had already decided to go with another vendor, but Equifax challenged it! Which means the IRS can do nothing until the GAO reviews it. In the meantime they are stuck.
In the House hearing, Deputy Commissioner Tribiano described the 29 September contract as a stopgap measure to prevent the interruption of critical IRS functions. Equifax had been supplying identify verification services to the IRS for some time when officials decided earlier this year to go with a different provider, Tribiano said. However, Equifax challenged the switch, which meant it would have to be reviewed by the Government Accountability Office (GAO) before any new contract could take effect:

We had to either, one, stop the service, which means millions of taxpayers would not be able to get their transcripts, including those that are in need of it — like in the hurricane disaster areas, they use those tools to get their transcripts — or do a bridge contract with Equifax until GAO decides on the protest, and we move forward.
Click to expand...
Click to expand...

Boy, Equifax has no shame. Hopefully there is a workaround here.

http://www.snopes.com/2017/10/05/equifax-contract-irs/
 
audreyh1 said:
OK - IRS in hot water for renewing a contract with Equifax for identification purposes.

But get this - they had already decided to go with another vendor, but Equifax challenged it! Which means the IRS can do nothing until the GAO reviews it. In the meantime they are stuck.


Boy, Equifax has no shame. Hopefully there is a workaround here.

Equifax Awarded $7.2 Million IRS Contract Despite Security Breach
Click to expand...

I can think of a work around, charge the Equifax Senior management with criminal negligence, endangering the public, whatever else some smart Federal prosecutors can think of.

It's probably illegal for the government to do business with criminal groups ?
 
Sunset said:
I can think of a work around, charge the Equifax Senior management with criminal negligence, endangering the public, whatever else some smart Federal prosecutors can think of.

It's probably illegal for the government to do business with criminal groups ?
Click to expand...

Exactly!
 
I got all my credit freezes done - took a couple of attempts at TransUnion - accepted by phone, and three attempts at Equifax, but got all four. Innovus didn't charge. Equifax as expected didn't charge.

I waited a bit for the internet and phone traffic to settle down, plus I started a new monitoring service beforehand.
 
audreyh1 said:
OK - IRS in hot water for renewing a contract with Equifax for identification purposes.

But get this - they had already decided to go with another vendor, but Equifax challenged it! Which means the IRS can do nothing until the GAO reviews it. In the meantime they are stuck.


Boy, Equifax has no shame. Hopefully there is a workaround here.

http://www.snopes.com/2017/10/05/equifax-contract-irs/
Click to expand...

Well the IRS had to suspend this contract anyway when they discovered Equifax had fraudulent Adobe flash update links on their site.

https://arstechnica.com/information...n-this-time-to-redirect-to-fake-flash-update/
 
Last edited:
I wonder if I am getting one of the first fraud attempts from this Equifax breach?

The past couple of days I have gotten two letters in the mail from Equifax saying they need more identification to process my credit request because the information I provided does not match their records.

:confused:

Our credit has been frozen with Equifax for over a year and I have not made any changes or contacted them about anything.

I think someone is using my info off the 150 million name list to try and unfreeze my credit or do something. There is no phone number on the letter to contact equifax and when you do a search online for a phone number it is not obvious who to call. I am thinking about just sending them back their letter with another letter saying I did not initiate anything.

Perhaps if that band drum major or whoever is running their security reads my letter, they will decide not to unfreeze my credit due to a request from Ivan Lavoskovia in Uzbeckibeckistanstan.

I am not hopeful.
 
You can still put a fraud alert on even if your credit is frozen, I think.

Rumors were that it was a state sponsored hack - like China or something. So who knows what they would do with the data in that case.

But who knows.....
 
Last edited:
You must log in or register to reply here.

Similar threads

cbo111
Equifax Data Breach Settlement (Credit Monitoring Instructions and Activation Code
Replies
14
Views
1K
djsander
D
MichaelB
Equifax data breach settlement
4 5 6
Replies
139
Views
14K
aja8888
aja8888
easysurfer
Have You Freezed/Unfreezed Your Credit Yet?
2 3
Replies
60
Views
11K
easysurfer
easysurfer
Chuckanut
  • Locked
Equifax Hacked - Be extra alert
Replies
1
Views
1K
W2R
W2R
R
Fun with Equifax
Replies
10
Views
2K
bUU
bUU

Latest posts

Back
Top Bottom