143 million compromised Social Security numbers: everything you need to know about the Equifax hack – The Verge

Equifax agrees to settlement of up to $700 million over 2017 data breach

2019-07-22T08:19:55-04:00

Equifax has agreed to a settlement over its 2017 data breach that saw as many as 147 million people's personal information, including names, birth dates, addresses, and social security numbers, exposed by the company. As part of the settlement, the company will pay at least $575 million, but this could rise to as much as $700 million depending on the amount of compensation people claim. The company has agreed to provide free credit monitoring services to anyone affected for up to 10 years, as well as cash payments of up to $20,000 per person to refund any costs incurred as a result of the breach.

"Equifax failed to take basic steps that may …

Read the full story at The Verge.

Former Equifax executive sentenced to prison for insider trading prior to data breach

2019-06-29T15:58:01-04:00

The Justice Department announced this week that former Equifax CIO Jun Ying has been sentenced to four months in prison for insider trading. He pled guilty earlier this year for for selling his stock in the company prior to the announcement that it had been hit with a massive data breach in 2017.

The Security and Exchanges Commission charged Ying with insider trading last year. The Department of Justice says that in August 2017, after learning about the breach, he began researching the impact that a similar breach had on another company's stock price. Later that morning, he promptly exercised and sold all of his stock options, earning nearl …

Read the full story at The Verge.

Former Equifax executive charged with insider trading ahead of massive data breach

2018-03-14T10:54:26-04:00

A former Equifax executive has been charged by the SEC with insider trading after allegedly selling his stock in the company before it announced last year's massive data breach.

Allegedly avoided a $117,000 loss

According to the SEC, Jun Ying, the CIO of an Equifax business unit and next in line to be the global CIO, received confidential information about the company's breach before the news was public. Ying allegedly exercised his stock options and sold his shares, making close to $1 million and avoiding a $117,000 loss when the stock price tanked post-announcement.

The SEC said the US Attorney's Office for the Northern District of Georgi …

Read the full story at The Verge.

Hackers accessed more personal data from Equifax than previously disclosed

2018-02-11T10:55:02-05:00

Last year, credit rating agency Equifax announced that hackers had stolen personal information for 143 million US consumers, including names, Social Security numbers, birthdates, addresses, drivers license numbers, and some credit card numbers. The Wall Street Journal writes that more information was leaked than was previously reported.

The revelation comes from a document submitted to the Senate Banking Committee, which says that hackers accessed additional personal information beyond what was initially reported. This includes tax identification numbers, which are used when someone doesn't have a social security number, as well as e-mail a …

Read the full story at The Verge.

Despite massive hack, Equifax wins IRS contract for fraud-detection

2017-10-03T16:58:14-04:00

Between March and July of this year, the credit rating agency Equifax, was infiltrated by hackers who made off with the sensitive personal information of more than 140 million Americans. That sounds like the kind of thing that might hurt a company's credibility when it comes to security. But Politico is now reporting that the IRS will pay Equifax $7.25 million to "verify taxpayer identities and help prevent fraud."

A synopsis of the contract, published by the Department of the Treasury on September 30, notes that the contract was a "sole source order," meaning the IRS didn't shop around for competitive bids. That's because it's in a contrac …

Read the full story at The Verge.

Former Equifax CEO blames breach on a single person who failed to deploy patch

2017-10-03T13:03:57-04:00

This summer, a breach at the credit bureau Equifax compromised Social Security numbers and other sensitive data on more than 145 million people. Since then, experts have been puzzling over how the company allowed it to happen. The attackers seem to have broken into the system by exploiting a public vulnerability in Apache's Struts software, but by the time the compromise occurred, a patch for that vulnerability had been available for months. So why didn't Equifax deploy the patch?

Speaking to the House Energy and Commerce Committee, former Equifax CEO Richard Smith gave the most detailed answer to that question we've heard so far. According …

Read the full story at The Verge.

Equifax’s CEO is stepping down in the wake of the massive data breach

2017-09-26T09:18:38-04:00

Following the massive cybersecurity breach at the company, the CEO of Equifax is stepping down.

"I have been completely dedicated to making this right."

Earlier this month, the credit reporting agency disclosed that a hack had endangered the personal information of 143 million US-based users, an incident that has led to a swell of criticism toward the company.

In a statement, the now-former CEO Richard Smith called serving in the job an "honor." He had worked in the position since 2005.

"The cybersecurity incident has affected millions of consumers, and I have been completely dedicated to making this right," Smith said in the statement. "A …

Read the full story at The Verge.

Experian allows users to undo a credit freeze just by knowing a handful of breachable facts

2017-09-21T12:40:26-04:00

Experian's online PIN-recovery system could let attackers undo a credit freeze just by figuring a few easy facts. In the weeks following the Equifax breach, consumers have been told to freeze their credit, thereby blocking possible attackers from opening new lines of credit under their names. It makes sense as a defense strategy, but as cybersecurity reporter Brian Krebs reports today, the protections around those freezes are easy to subvert.

Experian makes it easy to undo a credit freeze, resetting a subject's PIN through an easily accessible account recovery page. That page only asks for a person's name, address, date of birth, and Social …

Read the full story at The Verge.

For weeks, Equifax customer service has been directing victims to a fake phishing site

2017-09-20T13:17:43-04:00

Earlier this month, hackers broke into Equifax's servers and stole 143 million people's personal information, including their Social Security numbers. In response to the attack, Equifax set up a website - www.equifaxsecurity2017.com - for possible victims to verify whether they're affected. Because the process involves sharing sensitive information, consumers have to trust they're entering their data in the right place, which can be tricky because the breach-recovery site itself isn't part of equifax.com. If users end up on the wrong site, they could end up leaking the data they're already concerned was stolen.

Today, Equifax ended up creat …

Read the full story at The Verge.

New evidence raises doubts about executives’ handling of the Equifax breach

2017-09-19T09:19:18-04:00

New evidence calls into question Equifax's handling of the breach reported last week, which compromised 143 million user details including Social Security numbers, birthdates, and addresses.

Equifax discovered a breach of its computer systems in March, months earlier than it previously admitted to, reports Bloomberg, citing three people with knowledge of the matter. The relationship between the two breaches is unclear, but one source Bloomberg spoke to said the breaches involve the same intruders. Both hacks appear to have exploited the same vulnerability in Apache software that Equifax didn't fully patch until it was too late.

Two sources …

Read the full story at The Verge.