Crime Remember when Equifax lost personal info on 143M Americans? Experts suspect it was state-sponsored

[Arkain2K]

There are currently two leading theories as to what really happened to that enormous stack of personal information on 143 million Americans:

1) Investigators with criminal backgrounds think the terabytes of sensitive information stolen from Equifax is simply "too hot" for the hackers to try to sell.

2) Investigators from the intelligence community think the data disappeared and wouldn't ever see the light of day, because it's stolen by a foreign government.

I'm leaning towards the later, though it's much more likely that the stolen identities could be used by current operatives rather than recruiting new spies.

----

The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme
By Kate Fazzini | Published Wed, Feb 13 2019

Richard Smith, former chairman and CEO of Equifax Inc., testifies before House Energy and Commerce hearing on “Oversight of the Equifax Data Breach: Answers for Consumers” on Capitol Hill in Washington, October 3, 2017.​

On Sept. 7, 2017, the world heard an alarming announcement from credit ratings giant Equifax: In a brazen cyberattack, somebody had stolen sensitive personal information from more than 140 million people, nearly half the population of the U.S.

It was the consumer data security scandal of the decade. The information included Social Security numbers, driver’s license numbers, information from credit disputes and other personal details. CEO Richard Smith stepped down under fire. Lawmakers changed credit freeze laws and instilled new regulatory oversight of credit ratings agencies.

Then, something unusual happened. The data disappeared. Completely.

CNBC talked to eight experts, including data “hunters” who scour the dark web for stolen information, senior cybersecurity managers, top executives at financial institutions, senior intelligence officials who played a part in the investigation and consultants who helped support it. All of them agreed that a breach happened, and personal information from 143 million people was stolen.

But none of them knows where the data is now. It’s never appeared on any hundreds of underground websites selling stolen information. Security experts haven’t seen the data used in any of the ways they’d expect in a theft like this — not for impersonating victims, not for accessing other websites, nothing.

But as the investigations continue, a consensus is starting to emerge to explain why the data has disappeared from sight. Most experts familiar with the case now believe that the thieves were working for a foreign government and are using the information not for financial gain, but to try to identify and recruit spies.


Read the rest at:
https://www.cnbc.com/2019/02/13/equifax-mystery-where-is-the-data.html

 

[hillelslovak87]

I think if there is any due course of action, it's to not care, and shut down any committees that could or would investigate.
#Mulvaney'sThaMan

 

[7437]

Thank god we will never know. Another job well done by the Trump administration.

 

[Arkain2K]

Will Equifax ever pay the price for massive hack?
By Patricia Sabatini | Mar 11, 2019

Eighteen months since news of the colossal data breach at Equifax broke, the company responsible for one of the country’s largest, and likely the most damaging, losses of personal information has yet to face monetary penalties. At the same time, very little has been done in the way of reform.

That could soon change.

According to Equifax’s annual report filed recently with the U.S. Securities and Exchange Commission, two federal agencies are poised to take action.

The Federal Trade Commission and the Consumer Financial Protection Bureau “intend to seek injunctive relief damages and, with respect to the CFPB, civil money penalties against us based on allegations related to the 2017 cybersecurity incident,” Atlanta-based Equifax said in the filing.

For many, such moves are overdue.

“One and a half years later, Equifax has still not paid a price for putting nearly 150 million Americans at risk of identity theft and other types of fraud for the rest of their lives,” said Mike Litt, consumer campaigns director for the Public Interest Research Group known as U.S. PIRG.

He considers the breach the worst in history because of the amount and type of sensitive data exposed, including Social Security numbers, birthdates, addresses and driver’s license numbers.

“Social Security numbers are really the keys to identity theft and other types of fraud,” he said.

Mr. Litt said the biggest way to prevent future large-scale breaches is to create the specter of large, looming fines.

Companies need to know, “if they fail to protect our personal information, there will be stiff penalties,” he said. “We really need an act of Congress to ensure that.”

The breach at Equifax was considered especially egregious in part because it and other credit reporting agencies collect personal information on consumers without their consent, and without consumers choosing to do business with them.

More than a year ago, Sen. Elizabeth Warren, D-Mass., and Sen. Mark Warner, D.Va., introduced a bill to hold large credit bureaus — such as Equifax, Experian and TransUnion — accountable for data breaches by imposing mandatory penalties, 50 percent of which would be paid to affected consumers.

If the bill had been law at the time of the Equifax breach, the company would have been facing a fine of about $1.5 billion, Mr. Litt said.

The bill also would require the FTC to conduct annual inspections to ensure compliance with cybersecurity measures and allow increased penalties for woefully inadequate cybersecurity or if a credit bureau failed to notify the agency of a breach in a timely fashion.

Meanwhile, investigations, class actions and other lawsuits have been piling up against Equifax, including probes by the U.S. Department of Justice, SEC and 48 attorneys general offices, including Pennsylvania.

In its SEC filing, Equifax said it disputed the allegations in complaints against it and intended to defend against the claims.

In June, financial regulators from eight states (not Pennsylvania) reached an agreement with Equifax following an examination of its cybersecurity controls. The agreement required the company’s board of directors to fix deficiencies and unsafe practices that contributed to the breach. The company must report on its progress and be subject to on-site regulatory reviews.

For victims of the Equifax hack, Mr. Litt recommends they monitor their credit reports for suspicious accounts or charges by ordering a copy for free annually from each of the three main credit bureaus at www.annualcreditreport.com or by calling 877-322-8228.

Staggering requests with each bureau every four months is the best way to keep tabs on the reports throughout the year.

Mr. Litt said the best protection against ID theft is to place a freeze on credit reports at the three main bureaus, plus the National Consumer Telecom & Utilities Exchange, a consumer reporting agency that specializes in reports about consumers' telecom and utilities payment history.

"There have been reports of consumers having fraudulent cell phone accounts made in their names even though they had freezes with the big three bureaus," Mr. Litt said.

Some consumer advocates also recommend freezing credit reports at another, lesser known bureau called Innovis.

One positive result of the Equifax breach is that Congress stepped in to eliminate fees that credit bureaus routinely charged people for freezing and unfreezing their accounts. That new law took effect Sept. 21.

People who still haven’t checked the website set up by Equifax to identify victims of the hack should visit www.equifaxsecurity2017.com/ to find out if they’re among the roughly 148 million people affected.

Crooks can do a lot of damage with stolen personal data, such as applying for credit cards or loans, ordering smartphones on payment plans, opening utility accounts, stealing federal tax refunds, and collecting someone else’s Social Security or health care benefits.

ID thieves also may apply for a job, get insurance, lease an apartment or commit crimes in someone else’s name.

https://www.post-gazette.com/busine...ve-hack-breach-CFPB-PIRG/stories/201903100056

 

[Steve-French]

I usually appreciate your point of view TS, but good damn do you have some long winded posts

 

[ElKarlo]

Be smarter about our online business. Also, put human firewalls in. Otherwise putting anything and everything in the cloud is more dangerous than you think.

 

[Fluffernutter]

Who orchestrated the OPM hack?

Are they the same?

 

[Deleted member 159002]

I think if there is any due course of action, it's to not care, and shut down any committees that could or would investigate.
#Mulvaney'sThaMan

It's absurd that a guy who wanted to abolish the Consumer Financial Protection Bureau was appointed to run it. Do Republicans like being victims of financial con artists?

 

[Arkain2K]

I usually appreciate your point of view TS, but good damn do you have some long winded posts

It is? I thought the OP was quite short and simple to understand.

 

[hillelslovak87]

It's absurd that a guy who wanted to abolish the Consumer Financial Protection Bureau was appointed to run it. Do Republicans like being victims of financial con artists?

Republicans are a very rare breed. They trick consumers and voters time and time again, then convince the people they're republicans, and that they agree with the party, despite polling data on issue after issue.

 

[Arkain2K]

Who orchestrated the OPM hack?

Are they the same?

From the way the usual WR bipolar intellectuals are discussing this topic about Equifax's data breach, I'd say it was probably done by Trump and/or the Republicans.

 

[ineverpost]

Why would it take a highly sophisticated government funded scheme? The equifiax security system was a joke. Probably about as secure as your shit posting Sherdog account.

Seeing the actual "repercussions" for their mismanagement leaves no question as to why the security system sucked in the first place. There were virtually no penalties levied at all. Upper management dumped their stocks moments before the hack was revealed to the public, and the CEO left with a massive payout.

Also, you have no proof that there has NOT been fraud as a result of information stolen in this incident. Just because it hasn't happened to you, does not mean it hasn't happened. It's not something that people just go around advertising, and the police won't keep track of it because most departments don't consider crimes that happen out of their jurisidictions their responsibility. People only report the crime because creditors demand a police report before they consider wiping out fraudulent accounts.

There's also the possibility that Equifax paid the thieves off without making it public. When you steal this much information, there is a lot more money to be made by just taking a massive payout in an agreement to keep it under wraps.

 

[ineverpost]

It's absurd that a guy who wanted to abolish the Consumer Financial Protection Bureau was appointed to run it. Do Republicans like being victims of financial con artists?

Extremely wealthy people in America do not ever face consequences for their actions or anyone else's. Their supporters are more concerned with invading lawn care experts and vaccines turning their kids gay or something.

 

[LS1Rx7]

They're using financial history information to find thier next James bond...puh-lese...
I work in the data business and option #1 sounds plausible.

One of the biggest problems in my business is that data in an of its self is only valuable in the eye of the beholder.
If you tried to sell it, buyers wouldn't believe it's the real deal, so they wouldn't pay you well for it.
Now go try to find a buyer big enough to consume and pay top dollar for that type of data that's also into lots of illegal activity. Your pool of buyers gets small pretty quick. Basically enemy of the state foriegn governments, thats it. Try chatting them up, to sell your goods. Bet that's super easy...

 

[Arkain2K]

4 Chinese military hackers charged with massive 2017 Equifax breach

Four Chinese military hackers were charged with hacking into the Equifax credit reporting company in 2017 and stealing the personal information of nearly 150 million Americans, the Department of Justice said Monday.

The nine-count indictment says that the four officers exploited a vulnerability in Equifax's online dispute portal to conduct surveillance on the company’s network and then steal login credentials in what was one of the largest data breaches in history. The hackers managed to spend several weeks inside Equifax's network collecting data, storing it in output files and ultimately downloading it onto computers outside the United States — all while avoiding detection, the indictment says.

The result was the theft of names, birth dates and social security information belonging to approximately 145 million Americans.

"In short, this was an organized and remarkably brazen criminal heist of sensitive information of nearly half of all Americans, as well as the hard work and intellectual property of an American company, by a unit of the Chinese military," Attorney General William Barr said.

The four defendants — Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei — were members of the Chinese People’s Liberation Army’s 54th Research Institute, an arm of the Chinese military, the indictment says.

They each face three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud, among other charges.

"This was a deliberate and sweeping intrusion into the private information of the American people," Barr said.

"Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information," he added.

https://www.nbcnews.com/news/amp/ncna1133946