Massive personal data hack - and you may be affected - Equifax | GTAMotorcycle.com

Massive personal data hack - and you may be affected - Equifax

kwtoxman

kwtoxman

Well-known member
UFB.

If you have a credit report (26 million Canadians do), your personal data may have been recently hacked and taken. Literally, and potentially including SINs.

Equifax says the breach leaked highly sensitive information, too, including “names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.”
Click to expand...

143 million people affected, and an unknown amount of Canadians.

It's a gong show right now without a lot of information, and at this point Equifax is not even going to notify affected people (not beyond the <0.5% who had their CC info exposed as well). And there isn't a lot of info for Canadians yet.

Time to do some research.

http://globalnews.ca/news/3727677/equifax-data-hack-canada/
https://www.pcworld.com/article/3223142/security/equifax-hack-how-to-know-affected-data-breach.html
http://globalnews.ca/news/3727677/equifax-data-hack-canada/
https://www.digitaltrends.com/web/equifax-hack-how-to-find-out-if-you-were-hacked/
http://www.moneysense.ca/news/5-things-to-know-about-the-equifax-hack/
https://beta.theglobeandmail.com/ne...36202933/?ref=http://www.theglobeandmail.com&
http://www.cbc.ca/news/business/equifax-breach-1.4280682
https://www.thestar.com/business/20...each-may-affect-143-million-people-in-us.html
https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/

Edit: I'll add other links and info below to try to keep this first post updated.

https://en.wikipedia.org/wiki/Equifax
https://www.thestar.com/news/world/...ld-create-lifelong-identity-theft-threat.html
http://www.cbc.ca/news/business/equifax-hack-canadians-1.4287904
http://fortune.com/2017/09/09/equifax-hack-crisis/
 
Last edited:
The real question is, how are you supposed to protect yourself from something like this?
 
According to Bloomberg, three Equifax executives, including the chief financial officer John Gamble, sold shares a few days before the hack was announced.
Click to expand...

Equifax's stock dropped 13 per cent to $124.10 (U.S.) in extended trading after its announcement of the breach... Three Equifax executives insulated themselves from that downturn by selling shares worth a combined $1.8-million just a few days after the company discovered it had been hacked, according to documents filed with securities regulators.

The sales, executed on Aug. 1 and 2, were made by: John Gamble, Equifax's chief financial officer; Rodolfo Ploder, Equifax's president of work-force solutions; and Joseph Loughran, Equifax's president of U.S. information solutions. Bloomberg News first reported the divestitures.
Click to expand...
Wow.

Equifax Canada spokesperson Tom Carroll said the company is not providing any further information on the impact of the hack in Canada. Carroll said updates on the breach will be posted on www.equifaxsecurity2017.com .
Click to expand...
If true, that's crazy.

Mina said:
The real question is, how are you supposed to protect yourself from something like this?
Click to expand...
As I understand, it's impossible to do anything. They by default collect credit information on everyone in North America, whether anyone wants them to or not. It's an involuntary inclusion of everyone's personal and valuable information.
 
Last edited:
I heard that when you input your info to check if you were affected, that you give up your rights to sue... check the fine print.
 
The next biggest business in the world will be insurance policies for scams like this
 
Mina said:
The real question is, how are you supposed to protect yourself from something like this?
Click to expand...
Don't forget to change your name, date of birth, home address and social security number regularly.
raginduck said:
I heard that when you input your info to check if you were affected, that you give up your rights to sue... check the fine print.
Click to expand...
Yup, there's no option yet for Canadians to check anything, but in the US those who check must agree to hold Equifax harmless.
 
raginduck said:
I heard that when you input your info to check if you were affected, that you give up your rights to sue... check the fine print.
Click to expand...

Looks like they have changed that...

[FONT=&quot]2). NO WAIVER OF RIGHTS FOR THIS CYBER SECURITY INCIDENT[/FONT]
[FONT=&quot]In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident.[/FONT]
 
Mina said:
The real question is, how are you supposed to protect yourself from something like this?
Click to expand...

You can put an alert on your file. The alert can indicate to contact you at a specific number before issuing any credit or granting any loans/mortgages etc. As a extra step to prevent true name fraud.

Folks that live in major metro areas should put an alert. Montreal, Toronto, Edmonton/Calgary, Vancouver.


Sent from my iPhone using Tapatalk
 
nakkers said:
You can put an alert on your file. The alert can indicate to contact you at a specific number before issuing any credit or granting any loans/mortgages etc. As a extra step to prevent true name fraud.

Folks that live in major metro areas should put an alert. Montreal, Toronto, Edmonton/Calgary, Vancouver.


Sent from my iPhone using Tapatalk
Click to expand...

Note that it costs something like $7/3 months, I had to do it once when I thought I may be under the threat of identity theft.
 
Really not that shocking or surprising to me, on both fronts .... the fact that it did happen and the upfront arrogance of the company and their highest representatives. That's just the way it is in today's world, unfortunately.
 
gptt916 said:
Note that it costs something like $7/3 months, I had to do it once when I thought I may be under the threat of identity theft.
Click to expand...

Well the only upside of this colossal screwup is that maybe they will provide the service for free. It's the least they could do considering they literally gave away everything required to impersonate half the people in north america.

The second possible upside is we may stop relying on a number given to us at birth at proof of identity. I don't know what the replacement is (maybe Line xxx of last years tax return? CRA has an app that returns yes/no and limits the number of attempts? at least this way, a one time data breach only exposes you for a year).
 
Nah, the price will go up, like in all insurance events where claims are up ... LOL
 
For the last couple of weeks, there have been warnings about security holes in Apache Struts and REST. A couple of days ago, Equifax suggested that the Struts vulnerability led to the hack
 
You have have the alert placed on your bureau for free up to a year if you could be a potential victim of fraud.

Since they won't say who, you can assume it's possible.

I think it's worth contacting them to make the request at no charge.


Sent from my iPhone using Tapatalk
 
CruisnGrrl said:
Even worse, it wasn't even a skilled hack. The user name and password combo was "admin/admin".

That is correct, they GAVE AWAY YOUR INFO.
Click to expand...

Seriously? I don't think I own anything with default authentication. How can they not be found guilty of negligence if this is true?
 
Just watch their lawyers spin out and throw the actual admin under the bus ....
 
GreyGhost said:
Seriously? I don't think I own anything with default authentication. How can they not be found guilty of negligence if this is true?
Click to expand...

Nah it wasn't that simple, the vulnerability in Strut allowed for hackers to execute malicious code which then in turn enabled them to gain access to information. It wasn't as simple as you or me trying the username/password admin/admin and stealing all the information.
 
gptt916 said:
Nah it wasn't that simple, the vulnerability in Strut allowed for hackers to execute malicious code which then in turn enabled them to gain access to information. It wasn't as simple as you or me trying the username/password admin/admin and stealing all the information.
Click to expand...

OK, that makes a lot more sense. I am still amazed that so many organizations are setup to allow remote access to so much data (and with no alarms if upload rates suddenly spike).

In smaller IT systems I've been responsible for, you need to get through two layers of passwords before you can access a computer and most important data was not accessible remotely. Normally all remote access and servers such as ftp were manually disabled until required. If someone wanted something, it would be manually copied to the accessible area. Using vulnerabilities, I am sure you could get to the data, but the companies didn't have a target on them so I doubted anyone would spend that much time/effort. When the ftp server was up it was constantly hammered by password guesses from China (all terrible like admin/admin).
 
You must log in or register to reply here.

Back
Top Bottom