Equifax Blog Terms - Attivo Networks

Equifax

Business Former Equifax executive charged with illegally trading before massive data breach was made public

Federal prosecutors on Wednesday charged a former Equifax executive with insider trading, alleging that he profited from confidential information about the massive data breach at the company that compromised sensitive data of 148 million people.

Jun Ying, former chief information officer of a U.S. business unit of Equifax, faces both civil and criminal charges from the Securities and Exchange Commission and U.S. Attorney’s Office for the Northern District of Georgia.

”Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” Richard R. Best, Director of the SEC’s Atlanta Regional Office, said in a statement.

SC-Magazine

Equifax breach worse than thought, consumers affected now total 147.9M

Equifax has once again bumped up the estimated number of U.S. consumers affected by its massive breach – now saying that data on 147.9 million was somehow exposed.

The company’s interim CEO Paulino do Rego Barros, Jr. said the revelation “is not about newly discovered stolen data” but rather is “about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.”

Barros said the company was taking “broad measures to identify, inform, and protect consumers” impacted by the attack and was “committed to regaining the trust of consumers, improving transparency, and enhancing security” across the Equifax network.

Equifax under pressure after data breach update

Equifax is facing a fresh demand to disclose the full extent of last year’s data breach, following a report that it was bigger than previously disclosed.

The Wall Street Journal (WSJ) reported on Friday that cyber-thieves had accessed US citizens’ email addresses, tax ID numbers and more driver licence information than acknowledged earlier.

US Senator Elizabeth Warren is now demanding details of any other data the firm believes may have been stolen.

She wants a reply by the week’s end.

“As your company continues to issue incomplete, confusing, and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?” the Democratic senator from Massachusetts wrote in a letter to the credit rating agency.

The WSJ said it was unclear how many of the 145.5 million Americans that the firm had previously said were affected by the breach, had had the additional information about them exposed.

The Atlanta, Georgia-based company, one of the biggest companies of its kind, had previously confirmed that social security numbers, birth dates and addresses had been compromised.

“We have complied with applicable notification requirements in the disclosure process,” the firm told the WSJ.

It added that it believed that the additional driver licence data exposed – which is reported to have involved issue dates and the states that granted them – was “extremely minimal”.

Elizabeth Warren warns Equifax could “wiggle off the hook” for users’ credit data getting hacked

Days after a report emerged that the Consumer Financial Protection Bureau might be pulling back its probe into the Equifax data breach under acting head Mick Mulvaney, Sen. Elizabeth Warren (D-MA) is releasing a new report on the incident that left the personal information of more than 145 million Americans exposed.

In September 2017, the consumer credit reporting agency revealed that millions of its US users had had their personal information, including Social Security numbers, birthdates, and addresses, compromised from mid-May through July 2017. It took about six weeks for Equifax to publicly announcing the breach, during which time three executives sold nearly $2 million worth of the company’s shares.

Warren’s report paints a damning portrait of Equifax’s handling of the data breach before, during, and after the incident. It highlights a number of findings already uncovered in various reports on and inquiries into the Equifax data breach as well as a handful of new details.

Among the findings: The data breach included the passport numbers of an unidentified number of Equifax customers. The company failed to follow its own internal procedures during the data breach, and it hedged in its language around the hack, telling consumers data was “accessed” and not openly saying it was “exfiltrated” — stolen. And Equifax took advantage of a federal contracting loophole, the report alleges, to get a $7 million contractwith the IRS after the breach was revealed. The contract was eventually reversed.

Senators want ‘massive’ fines for data breaches at Equifax and other credit reporting firms

Two senators on Wednesday proposed “massive and mandatory” fines for data breaches at Equifax Inc. and other credit reporting companies, starting at $100 for each consumer whose sensitive information is compromised.

The bill from Sens. Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) would add a $50 fine for each additional piece of compromised personally identifiable information for each consumer. The penalties would double in cases where the credit reporting firm did not comply with federal data security standards or failed to notify officials of the breach in a timely manner.

If the legislation had been in place when Equifax had a data breach last year that exposed the Social Security numbers and birth dates of as many as 145.5 million Americans, Equifax would have faced a fine of at least $1.5 billion, the senators said.

The bill, called the Data Breach and Compensation Act, would direct the Federal Trade Commission to funnel half of any fine to compensate affected consumers. The agency could levy fines of as much as 75% of the credit reporting company’s gross revenue from the prior year.

“Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax — and provides robust compensation for affected consumers — which will put money back into people’s pockets and help stop these kinds of breaches from happening again,” Warren said.

The Equifax data breach, made public in September, sparked bipartisan outrage, partly because the hack took place after the company failed for several months to fix a software flaw that federal officials had warned about in March.

Equifax also bungled the aftermath of the breach, waiting nearly six weeks to notify the public after learning of the hack and then initially making people give up their right to sue if they wanted free credit monitoring and identity theft protection. Equifax later backtracked on that requirement.

Data Breach Update: Equifax Fraud Alert Expiring – Now What?

Where does the time go? It’s already 2018 but we can’t just forget about all the things that happened in 2017. Like a massive data breach. You remember, the Equifax one that exposed the Social Security numbers, address and credit information for over 145 million people.

That means, more than half the country’s adult population had their personal information stolen. It’s been three months since we learned of the hack and you might be one of the many Americans who opted for the company’s fraud alert protection. Well, that protection is expiring and you need to figure out your next steps.

What happened?

In September, Equifax admitted a major hack to their system. Many people, in an effort to protect their information, placed fraud alert on their TransUnion, Equifax and Experian credit reports. The alert requires lenders to contact you to determine if any new credit application is valid.

It’s a good protection but, here’s the catch. The fraud alert expires every 90 days. So, if you got it in September when the breach first happened, you need to do it again in late December or early January. And, then you would need to do it again, and again.

So, there’s two other options. A credit freeze or a credit lock.

After Equifax breach, anger but no action in Congress

The massive Equifax data breach, which compromised the identities of more than 145 million Americans, prompted a telling response from Congress: It did nothing.

Some industry leaders and lawmakers thought September’s revelation of the massive intrusion — which took place months after the credit reporting agency failed to act on a warning from the Homeland Security Department — might be the long-envisioned incident that prompted Congress to finally fix the country’s confusing and ineffectual data security laws.

Instead, the aftermath of the breach played out like a familiar script: white-hot, bipartisan outrage, followed by hearings and a flurry of proposals that went nowhere. As is often the case, Congress gradually shifted to other priorities — this time the most sweeping tax code overhaul in a generation, and another mad scramble to fund the federal government.

“It’s very frustrating,” said Rep. Jan Schakowsky of Illinois, the top Democrat on the House Energy and Commerce consumer protection subcommittee, who introduced legislation in the wake of the Equifax incident.

“Every time another shoe falls, I think, ‘Ah, this is it. This will get us galvanized and pull together and march in the same direction.’ Hasn’t happened yet,” said Sen. Tom Carper (D-Del.), a member of a broader Senate working group that has tinkered for years to come up with data breach legislation.

Cuomo announces new regulations to tighten consumer protection after Equifax data breach

Gov. Cuomo on Tuesday ordered additional state oversight of consumer credit monitoring agencies following last summer’s data breach at Equifax.

Cuomo directed the Department of State to enact new regulations that would, among other steps, require credit reporting agencies to respond within 10 days to any inquiry made by the state’s Division of Consumer Protection on behalf of consumers.

Credit reporting agencies would also be required to disclose to the state all fees associated with their identity theft protection products.

“The current status quo of allowing consumers to be penalized for having their data breached is unacceptable, and with the addition of these new protections, this administration will hold agencies accountable and help protect New Yorkers and their financial future,” Cuomo said.

Equifax warns data breach will hurt future sales

Equifax Inc on Friday warned that this year’s massive data breach will harm the credit reporting company’s future sales, saying it will reduce revenue and weigh on profit in the fourth quarter.

Businesses and governments delayed signing new contracts in the third quarter and that trend will continue in the current quarter, company executives said in an analyst conference call.

“We’re hoping to win back their trust and then be able to regain the business that we’ve indicated has been deferred,” Chief Financial Officer John Gamble said in the call. “We’re still working through that process.”

Executives discussed the impact of the breach after releasing third-quarter results late on Thursday. Equifax reported lower quarterly profit, and revenue that fell short of analyst estimates.

The company also said on Friday that it had halted a share buyback program.

“We just don’t think it’s appropriate for the company to be purchasing shares” in the midst of investigations into the breach, Gamble said.

Equifax shares were down 2.3 percent in morning trading. They have dropped around 25 percent since the company disclosed on Sept. 7 that cyber criminals had breached its systems and accessed sensitive information on 145.5 million consumers.

180K petition signatures delivered to Equifax after massive data breach

Consumers Union gathered outside the corporate headquarters of Equifax to deliver 180,000 petition signatures, calling on the company to step up its efforts to help people impacted by its massive data breach.

Eight weeks after Equifax officials announced that hackers had gained access to the personal information of more than 140 million U.S. consumers, Consumers Union said the company is not doing nearly enough to help consumers protect their data.

In its petition to Equifax, Consumers Union is requesting the company take seven specific steps:

– Pay for credit freezes beyond 30 days
– Extend credit monitoring for affected consumers
– Provide more detailed information about what happened
– Remove all mandatory arbitration clauses
– Hire and train staff who can review and process customer disputes promptly
– Set aside a fund to compensate consumers whose data was exposed
– Investigate allegations of insider trading

Scroll to Top