“It’s a sad reality in 2017 that a data breach affecting 143 million people is dwarfed by other recent hacks—for instance, the ones hitting Yahoo in 2013 and 2014, which exposed personal details for 1 billion and 500 million users respectively; another that revealed account details for 412 million accounts on sex and swinger community site AdultFriendFinder last year; and an eBay hack in 2014 that spilled sensitive data for 145 million users,” Dan Goodin reports for Ars Technica.
“The breach Equifax reported Thursday, however, very possibly is the most severe of all for a simple reason: the breath-taking amount of highly sensitive data it handed over to criminals,” Goodin reports. “By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers, it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be. The theft, by criminals who exploited a security flaw on the Equifax website, opens the troubling prospect the data is now in the hands of hostile governments, criminal gangs, or both and will remain so indefinitely.”
“What’s more, the 143 million US people Equifax said were potentially affected accounts for roughly 44 percent of the population,” Goodin reports. ” When children and people without credit histories are removed, the proportion becomes even bigger. That means well more than half of all US residents who rely the most on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come.”
Read more in the full article here.
MacDailyNews Take: Goodin also notes that the stupidly constructed website which Equifax created to notify people if they’re affected by the breach and DOESN’T EVEN CLEARLY DO SO (Hint, clueless Equifax IT doofuses: Tell the user if they are AFFECTED or NOT AFFECTED, you fscking morons), “is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn’t provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn’t perform proper revocation checks. Worse still, the domain name isn’t registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people’s details. It’s no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.”
Would that the levels of security and privacy that Apple delivers were matched by companies that are in possession of everything needed to steal someone’s identity and basically ruin their lives. All of the information that people like us choose Apple products in order to protect has basically been pissed away in one fell swoop by braindead Equifax. Looks like we could have used some random porous Windows PCs and Android phones for all that privacy and security matters to shit outfits like Equifax.
If there’s any justice in this world, Equifax — who obviously couldn’t even bother to hire qualified IT people who understand how to protect highly sensitive data — will be destroyed over this latest breach by lawsuits, fines, and loss of business due to their blatantly obvious incompetence.
FYI: The U.S. FTC’s “Do You Need a New Social Security Number?” page is here.
Beleaguered Yahoo faces U.S. SEC probe over data breaches – January 23, 2017
Yahoo confirms data breach of at least 500 million user accounts – September 22, 2016
1.16 million more reasons why Apple Pay is the future: Staples’ security breach payment card debacle – December 20, 2014
Judge rules banks can sue Target over credit card breach; Apple Pay value proposition intensifies – December 8, 2014
Massive data breach: Target’s Windows-based PoS terminals were infected with malware – January 13, 2014