So much for being responsible with your money

Exactly. Equifax talking about “their customers” is infuriating; I never asked to, or wanted to, share my personal information with them, or wanted to have my credit score dictated by them. I would very much prefer not to, actually.

If there’s any possible upside to this, it’s that it’s a giant painful reminder of how shitty the big three credit agencies are in concept and in their practices, which is easy to forget when they’re just quietly monitoring you.

10 Likes
5 Likes

I hate credit cards and debit cards and think they just another form of upward redistribution of wealth to evil people. But the fact of online shopping coming to dominate has forced me to get a global payment card from my bank. Not exactly the same thing but I’m just one man and our society is determined to kill itself for convenience.

2 Likes

went to the site that was setup. put in my info, I’m compromised! YAY!! Sign up for this service and waive your right to sue us for being incompetent with your data! I said no. I’ll look into freezing my credit (no plans of getting any loans or anything) and wait for the class action suit letter.

4 Likes

I called the number given in the followup email after 1st step enrollment for questions about the credit monitoring service. The arbitration waiver applies to the credit monitoring. Equifax has clarified both on the phone to me and in a media release there is no arbitration waiver for the cybersecurity disaster.

4 Likes

No argument here.

5 Likes

Their lawyers are claiming that they didn’t know about the breach at the time. Considering the sheer “coinky-dink” of three top officers of the company jettisoning their stock on the same day, I’m not sure that passes the plausibility test, even with the most trusting of judges.

8 Likes

Agreed – but that’s also circumstantial evidence.

But they kept the breach from the public for forty days, and sold the stock during that time.

What I find unbelievable is that they didn’t know about the breach. I’ve aided in support with stuff like that (system failures rather than data breaches, but sev1 all the same). I’ve had two C-level executives watching me type over my shoulder while a third one wrangles more people to troubleshoot. I’ve seen people disappear into war rooms for days, and noticed the date-time stamps on their e-mails.

If all this was happening and these executives didn’t know about it, that is a shocking lack of oversight and responsibility.

3 Likes

I doubt that the execs didn’t know about the breach. What would you do if you were the one discovering it? You’d report right away in writing (email or paper memo), and make sure you retained a copy of this and all resulting correspondence off the mail server, right? Even assuming that IT didn’t report immediately (out of fear and wishful thinking), three days is about the time it would take to confirm the breach and its extent, and not reporting at that point becomes suicidal.

If I were a prosecutor charged with investigating this breach, I would get a warrant for the mail servers’ database and the private mail stores of the execs and IT department personnel. I’m pretty sure I’d find a few smoking guns.

Circumstantial evidence isn’t always inadmissible. :wink:

4 Likes

You pretty much have to impeach the crime lab… Not impossible, but not a slam duck either.

As always, I am not an attorney. You may wish to consult with an Attorney before designing your next crime spree.

2 Likes

If a search is carried out in the form I’m suggesting, I suspect the only thing that would be left for indirect inference would be mens rea (and maybe not even). The lawyers’ statement in advance of an investigation is wildly implausible. The evidence in advance of an investigation, however, is circumstantial. Afterwards? I rather doubt it.

2 Likes

And then this happened. TL/DR Equifax had to take a database offline because it was discovered the ID/password was admin/admin.

http://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/

3 Likes

This whole thing has made me think about Shadowrun and the double-edged sword of System Identification Numbers (real citizens (“SINners”) have them and are tracked, everyone else (“SINless”) is criminal by default but oddly freer).

5 Likes

I am becoming increasingly convinced that this is a coincidental data screwup as I just got a slew of emails stating that the cardholder’s chequing account is linked and payments were made.

Poor Samefirstname Differentlastname. I know her Bank, the transit number and account number. Either this scam is incredibly elaborate, or she’s lucky that I am a responsible, honest person.

This – companies – is why sending verification codes prior to completing the creation of an online financial services account is so important. Because I have Samefirstname Differentlastname’s financial statements and she may have no idea that she’s not getting the emails.

3 Likes