Category Archives: Equifax

Do credit monitoring and ID protection services do much for breach victims?

Posted on by

It has become a staple for companies that are hit by big data breaches: extending free crediting monitoring and identity protection services to customers whose sensitive personal information is at risk. There’s nothing wrong with companies doing that, say consumer advocates — but those advocacy groups also say breached companies can do much, much better. The latest company to get hit by hackers and then offer credit monitoring or identity protection services, Geico, last week outlined a package that’s a little improved above the usual versions, one advocate said. These existing services seem to offer help, yet in some cases that benefit is limited and in others it’s difficult to measure their effectiveness. But overall, there’s little incentive for companies to offer improved redress, consumer advocacy groups contend. “Most breached entities go with credit monitoring because it’s a relatively inexpensive thing for someone to contract with to provide,” said Susan […]

The post Do credit monitoring and ID protection services do much for breach victims? appeared first on CyberScoop.

Continue reading Do credit monitoring and ID protection services do much for breach victims?

Experian’s Credit Freeze Security is Still a Joke

Posted on by

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.  Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space. Continue reading Experian’s Credit Freeze Security is Still a Joke

SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage?

Posted on by

Every massive breach comes with a trail of lawsuits and regulatory ramifications that can last for years. Home Depot, for instance, only last month settled with a group of state attorneys general over its 2014 breach. The SolarWinds security incident that U.S. officials have pinned on state-sponsored Russian hackers is unlike anything that came before, legal experts say, meaning the legal liability could take even longer to resolve in court. As Congress, federal government departments and corporations reckon with the vast sweep of the SolarWinds breach, there are still many more questions than answers. Fewer pieces of it are less certain than how it might play out in court, where companies and individuals alike stand to gain or lose. Many millions of dollars, corporate blame and years of finger-pointing are on the line. That’s because the targets — government agencies, and some major companies — aren’t the usual kind of […]

The post SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage? appeared first on CyberScoop.

Continue reading SolarWinds hack spotlights a thorny legal problem: Who to blame for espionage?

As FireEye grapples with breach investigation, questions remain

Posted on by

FireEye’s announcement this week that hackers breached its systems has sent shockwaves through the cybersecurity community, raising new questions about how one of the most influential security firms in the U.S. grappled with an apparently state-sponsored attack. It also has triggered policy discussions about whether the U.S. government should do more to protect cyber industry titans like FireEye, one of the top cybersecurity firms in the world with customers that counts Fortune 500 companies among its clients. The hack adds FireEye to the list of cybersecurity companies that have experienced their own breaches, a roster stretching back to at least the beginning of the last decade. “This news has rocked the cybersecurity industry to our core, unlike anything since the RSA hack” from 2011, said Tom Bossert, president of Trinity Cyber and the former homeland security adviser to President Donald Trump. “It’s a pretty big deal.” FireEye revealed on Tuesday […]

The post As FireEye grapples with breach investigation, questions remain appeared first on CyberScoop.

Continue reading As FireEye grapples with breach investigation, questions remain

Why & Where You Should You Plant Your Flag

Posted on by

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. Continue reading Why & Where You Should You Plant Your Flag

Equifax settles with Massachusetts, Indiana for nearly $40 million

Posted on by

Nearly three years after one of the largest data breaches in history, state attorneys general still are making Equifax pay. Massachusetts Attorney General Maura Healy announced Friday the credit processing company has agreed to pay $18.2 million and update its cybersecurity protocols. The settlement will end claims filed in connection with the company’s failure to stop a 2017 data breach that affected roughly 145 million Americans, including roughly 3 million Massachusetts residents. The announcement comes one day after Indiana Attorney General Curtis Hill said his office has agreed to resolve a class action suit against Equifax for $19.5 million. Both settlements come after Equifax agreed in January to pay $380.5 million as part of yet another settlement with U.S. regulators. Equifax also will be required to spend at least $1 billion on improving its data protection capabilities, and may be required to cover an additional $125 million to cover out-of-pocket […]

The post Equifax settles with Massachusetts, Indiana for nearly $40 million appeared first on CyberScoop.

Continue reading Equifax settles with Massachusetts, Indiana for nearly $40 million

Bryson Koehler, Equifax CTO, Discusses the Road Ahead in Data Security Infrastructure

Posted on by

Byson Koehler, the Equifax CTO and CISO, delivered the keynote at DevSecOps Days during the 2020 RSAC. Equifax contributed to multiple sessions and panels during the conference. The message was consistent: “Yes, we had a major problem. Here’s what… Continue reading Bryson Koehler, Equifax CTO, Discusses the Road Ahead in Data Security Infrastructure

Equifax indictment shows Chinese hackers can’t hide, DOJ official says

Posted on by

Chinese hackers took pains to cover their fingerprints in allegedly hacking credit monitoring agency Equifax in 2017, but a senior Department of Justice official says an indictment unsealed earlier this month shows the smokescreen didn’t work. “They’re always going to try to make our job harder,” John Demers, the assistant attorney general for national security, said Monday at San Francisco CyberTalks presented by CyberScoop. “And they’re also going to try to give themselves a basis to deny what it is I think that we’re proving in these cases.” The charges against four officials in China’s People’s Liberation Army for allegedly stealing data on some 145 million Americans from Equifax show just how determined the hackers were in infiltrating a U.S. company (China’s foreign ministry rejected the allegations). The hackers routed their internet traffic through servers in nearly 20 countries, wiping the computer logs along the way in a bid to […]

The post Equifax indictment shows Chinese hackers can’t hide, DOJ official says appeared first on CyberScoop.

Continue reading Equifax indictment shows Chinese hackers can’t hide, DOJ official says

Chinese Hackers, Coronavirus Phishing Attacks, How to Stay (Almost) Anonymous Online

Posted on by

In episode 97 of our monthly show we discuss how Chinese hackers caused the Equifax data breach, new coronavirus phishing attacks to be aware of, and how to stay (almost) anonymous online. ** Show notes and links mentioned on the show ** U.S. Charges 4… Continue reading Chinese Hackers, Coronavirus Phishing Attacks, How to Stay (Almost) Anonymous Online