Looks like Equifax was breached

More news from Krebs today:

Bloomberg moved a story yesterday indicating that three top executives at Equifax sold millions of dollars worth of stock during the time between when the company says it discovered the breach and when it notified the public and investors.


Shares of Equifax’s stock on the New York Stock Exchange [NSYE:EFX] were down more than 13 percent at time of publication versus yesterday’s price.


The executives reportedly told Bloomberg they didn’t know about the breach when they sold their shares. A law firm in New York has already announced it is investigating potential insider trading claims against Equifax.
Click to expand...

https://www.bloomberg.com/news/arti...utives-sold-stock-before-revealing-cyber-hack

Again, who knows for sure? We must wait and see.
 
Last edited:
Chuckanut said:
They knew about the breach on July 29. So... Your suggestion that they delayed news of it until it might be overwhelmed by other very bad news may have some merit. I don't know for sure.

But, why they waited over a month to release this information to the people needs to be investigated and made clear. Perhaps they were hoping to cover it up? Or maybe Law Enforcement asked them to hold back so they could capture the bad guys? Who knows?
Click to expand...

Cynical answer would be so the executives could sell their stock.

More likely answer is that they had to work out how to respond to the consequences of informing the public. At the very least, they had to take some time to build and sort of test their "are you impacted?" website. They also had to assess and evaluate the damage, involve law enforcement, and possibly patch any vulnerabilities that were found that allowed the problem in the first place. Oh, and their press announcement says that people in the UK and Canada were possibly affected, so they have to work with multiple governments and law enforcement folks.

I actually think that they've done the announcement reasonably fast.

By the way, I'm one of the impacted, and when I checked the website today it said "We think you may be affected, click here to enroll" or some such language. So I think they probably modified their website since the time people earlier in this thread got sent directly to the "you're signed up starting Sept 12" message. If I am correct, then this means that if you saw the Sept 12 message then you are among the impacted group.
 
Last edited:
foxfirev5 said:
You may not want to sign up for their "free" credit monitoring. You may give up your rights to sue later. Check it out. There are already class actions suits in the works.
In addition to the crooks that sold their stock after finding out, I just saw on CNBC their head of security made 2.8 mil last year.
If this all doesn't tick you off nothing will.
Click to expand...

Yes, do not sign up for their crap. I want to be a part of any lawsuit for sure, even if I only end up getting a coupon to Red Lobster for a free desert out of it.

Also, is there a good way we could drive our state to make the credit freeze and thaw free instead of letting them charge a fee? Is the lobby just too strong in most states?
 
How is it that we can find prophecy in the movies?

First- Idiocracy was not supposed to be a documentary.
Second- Fight Club was not supposed to be a blueprint for the future fix of the credit mess.
 
SecondCor521 said:
Cynical answer would be so the executives could sell their stock.

More likely answer is that they had to work out how to respond to the consequences of informing the public. At the very least, they had to take some time to build and sort of test their "are you impacted?" website.
Click to expand...
More likely, they needed time to hire a PR firm to handle this mess.
 
Sunset said:
+1
They should provide free monitoring for life, and free correction of any mis-use for life as well.
Why was this information not encrypted ?
I think the executives should go to prison for 10 years as well, to be sure the other reporting agencies get their act together.
Click to expand...

To answer your question, I believe it is because the information needs to be accessed for perfectly legitimate reasons, probably every second of every business day.

The tricky thing with data security is not preventing it from being accessed by bad actors. The tricky thing is preventing bad actors and allowing good actors, all the time, with 100 percent accuracy. They don't want to mistakenly allow bad actors, nor do they want to mistakenly prevent good actors.

I read a very interesting book once on near-accidents with nuclear weapons (like the event in Arkansas back in the '80's). It's a similar sort of problem: You want the bomb to always go off when you want it to (for example, you don't want to drop a dud on some idiot dictator in SE Asia). But you also want the bomb to never go off when you don't want it to (for example, you don't want the bomb to go off while it's still being built or when it's strapped to the bottom of one of your bomber aircraft). So we have multiple safety systems in place that we have to have ways to disable at the very last seconds.

The data security problem is harder, though, because with a bomb you know when you want it to go off, and you only want it to go off once. Oh, and the bomb isn't actively trying to thwart our safety efforts. The data threat is random and continuous and creatively malevolent.
 
Mo Money said:
Complimentary monitoring for one year. Then they presumably begin to charge you. What a crock.
Click to expand...


WARNING!!!

Just started to read the thread but someone on TV said that IF you look at their site to see if you were hacked you cannot be in any class action lawsuit!!!

Hope not many people have looked...
 
Fermion said:
Yes, do not sign up for their crap. I want to be a part of any lawsuit for sure, even if I only end up getting a coupon to Red Lobster for a free desert out of it.

Also, is there a good way we could drive our state to make the credit freeze and thaw free instead of letting them charge a fee? Is the lobby just too strong in most states?
Click to expand...

My home state won't let a parent signup to freeze their child's accounts. Very poor.
 
Texas Proud said:
WARNING!!!

Just started to read the thread but someone on TV said that IF you look at their site to see if you were hacked you cannot be in any class action lawsuit!!!

Hope not many people have looked...
Click to expand...

If you but don't sign up then you can't be in any class action? If so, then WT#!
 
Anybody considering suing Equifax individually?

Representing oneself and filing in small claims court could mean a payout of a few thousand dollars. Possibly worth it just for fun, although it's possible you could lose if EFX brought decent lawyers to bear.

Can one be forced to join a class action? I don't think so.
 
SecondCor521 said:
Anybody considering suing Equifax individually?

Representing oneself and filing in small claims court could mean a payout of a few thousand dollars. Possibly worth it just for fun, although it's possible you could lose if EFX brought decent lawyers to bear.

Can one be forced to join a class action? I don't think so.
Click to expand...


I will wait for a lawyer, but I think they can consolidate cases together if a class action is filed.... you do have the option of being removed from the class but not sure if they can force you in at the beginning....


The question now is will they remove that arbitration clause they had in their terms and conditions when you signed up to see if you were breached... kinda fishy IMO as you do not know if you can sue unless you know you were breached.... and to find out you have to sign away your rights to sue....
 
Texas Proud said:
WARNING!!!

Just started to read the thread but someone on TV said that IF you look at their site to see if you were hacked you cannot be in any class action lawsuit!!!

Hope not many people have looked...
Click to expand...

How can just looking at a site mean you've waived any rights? I don't see this standing up.

"We won't tell you whether you've been affected unless you agree to arbitration"?

I don't think so!
 
from the Washington Post...:
Equifax, a major consumer credit reporting agency, disclosed Thursday that hackers had obtained sensitive information, including Social Security numbers and dates of birth, for 143 million people. The breach began in May and was discovered by the company on July 29. Shortly afterward, three company executives — Chief Financial Officer John W. Gamble; Joseph M. Loughran III, the president of U.S. information solutions; and Rodolfo O. Ploder, the president of workforce solutions — sold large amounts of their shares of Equifax stock.

Gamble sold nearly $1 million worth of stock on Aug. 1; Loughran disposed of about $700,000. The next day, Ploder sold stock worth $250,000, according to Securities and Exchange Commission filings. The sales were not part of a pre-scheduled transaction, according to the filings.
Click to expand...

Just a coincidence...
 
Krebs reports that the website is unreliable. Different responses depending on phone or computer. Bogus input gets same response as real.
In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones.

Others (myself included) received not a yes or no answer to the question of whether we were impacted, but instead a message that credit monitoring service we were eligible for was not available and to check back later in the month. The site asked users to enter their last name and last six digits of their SSN, but at the prompting of a reader’s comment I confirmed that just entering gibberish names and numbers produced the same result as the one I saw when I entered my real information: Come back on Sept. 13.

Who’s responsible for this debacle? Well, Equifax of course. But most large companies that can afford to do so hire outside public relations or disaster response firms to walk them through the safest ways to notify affected consumers. In this case, Equifax appears to have hired global PR firm Edelman PR.
Click to expand...
https://krebsonsecurity.com/2017/09/equifax-breach-response-turns-dumpster-fire/
 
So Equifax had the biggest hack in history stealing customer information, which is the only thing they deal with, and for weeks , three executives never heard a word about it.
It was never discussed in a meeting.
Never discussed at lunch/water cooler/bathroom/parking lot.
Nobody thought this might have any impact which is why Chief Financial Officer John W. Gamble was not told.
Nobody thought maybe they should fix their computer systems so nobody told Joseph M. Loughran III, the president of U.S. information solutions.
This would not affect any employees so no need to tell Rodolfo O. Ploder, the president of workforce solutions.
Those executives need to go to jail AND need to be fired.

Yes..... I'm mad...
 
Disclosure: I live in the Atlanta area and know folks that work at EFX.

Why would senior executives sell relatively small portions of their holdings just prior to the announcement of the largest security breach in history? (I read earlier today, one sold 14% of his shares and the other two sold less than 10% each). If they knew about the breach, they would have also anticipated the fire storm they would be subjected to and scrutiny from the Feds. Execs selling shares are required to make filings with the Feds. That's how the public found out. They did not hide this. My guess is it is just dumb bad luck. EFX has been trading at multi year highs. It was probably a good time to sell a few shares.

EFX may have made mistakes, but I suspect insider trading is not one of them.

FN
 
flintnational said:
Disclosure: I live in the Atlanta area and know folks that work at EFX.

Why would senior executives sell relatively small portions of their holdings just prior to the announcement of the largest security breach in history? (I read earlier today, one sold 14% of his shares and the other two sold less than 10% each). If they knew about the breach, they would have also anticipated the fire storm they would be subjected to and scrutiny from the Feds. Execs selling shares are required to make filings with the Feds. That's how the public found out. They did not hide this. My guess is it is just dumb bad luck. EFX has been trading at multi year highs. It was probably a good time to sell a few shares.

EFX may have made mistakes, but I suspect insider trading is not one of them.

FN
Click to expand...

In situations like this, the exec's are generally told not to sell shares in the light of this information becoming public. Or, maybe they are all buying new mansions to celebrate the upcoming flood of revenue from their "Credit Protection Services" sales promotion?
 
Cassius King said:
There's also this!

https://twitter.com/x/status/906028906855096320

Sneaky SOB's!
Click to expand...

jazz4cash said:
Thanks for that link. Here is the title of that piece for anyone that did not open the link.

Equifax TrustedID protection (provided to victims) ToS require you to agree to private arbitration; waive ability 4 class action suit
Click to expand...

audreyh1 said:
How can just looking at a site mean you've waived any rights? I don't see this standing up.

"We won't tell you whether you've been affected unless you agree to arbitration"?

I don't think so!
Click to expand...


From what I understand you have to 'sign up' and give info to get if you were involved in the hack... the sign up process has terms and conditions which include arbitration...

I have no idea since I did not sign up... but it has been reported by others...

Who knows if it will stand... I am sure that will be in a lawsuit...


Edit to add.... I heard it on cable news when a congressman mentioned it to the reporter... he is on some kind of cyber committee and has been proposing data protection laws.... I would think he has his info straight...
 
Last edited:
My credit is already frozen at the three agencies so I am not going to sign up for this notification service, free or otherwise.
 
flintnational said:
Disclosure: I live in the Atlanta area and know folks that work at EFX.

Why would senior executives sell relatively small portions of their holdings just prior to the announcement of the largest security breach in history? (I read earlier today, one sold 14% of his shares and the other two sold less than 10% each). If they knew about the breach, they would have also anticipated the fire storm they would be subjected to and scrutiny from the Feds. Execs selling shares are required to make filings with the Feds. That's how the public found out. They did not hide this. My guess is it is just dumb bad luck. EFX has been trading at multi year highs. It was probably a good time to sell a few shares.

EFX may have made mistakes, but I suspect insider trading is not one of them.

FN
Click to expand...

I am willing to give them the benefit of the doubt. Executives are often encouraged to put a trading (10b5-1) plan in place to dispose of their stock and it could be that the transactions occurred automatically because the stock hit a preset price.

I am sure that theses transactions will be scrutinized by the proper authorities.
 
aja8888 said:
In situations like this, the exec's are generally told not to sell shares in the light of this information becoming public. Or, maybe they are all buying new mansions to celebrate the upcoming flood of revenue from their "Credit Protection Services" sales promotion?
Click to expand...

Agreed. IIRC, companies can blackout Execs from selling shares in this type of situation. Apparently EFX did not have a blackout in place when these Execs sold. EFX has also issued a statement indicating the Execs did not know. This stuff is to easy to check. And all will be deposed in various lawsuits. Dollars to donuts, the insider trading goes away.

But, lots of other stuff to complain about. And some of it is not going away. Rage on. :D

FN
 
Another way to pressure the industry to improve is to use less credit. Stop feeding their pig, pay cash for more things.
 
You must log in or register to reply here.

Similar threads

cbo111
Equifax Data Breach Settlement (Credit Monitoring Instructions and Activation Code
Replies
14
Views
1K
djsander
D
MichaelB
Equifax data breach settlement
4 5 6
Replies
139
Views
14K
aja8888
aja8888
easysurfer
Have You Freezed/Unfreezed Your Credit Yet?
2 3
Replies
60
Views
11K
easysurfer
easysurfer
Chuckanut
  • Locked
Equifax Hacked - Be extra alert
Replies
1
Views
1K
W2R
W2R
R
Fun with Equifax
Replies
10
Views
2K
bUU
bUU

Latest posts

Back
Top Bottom