TwitterACicon86x90vert facebookACicon86x90vert
TV/Radio XFINITY | WOW! | WBBM | WXRT | B96 + Dance | US99 | K-HITS CHICAGO

   *** SCORES: BEARS | BLACKHAWKS | BULLS | CUBS | FIRE | WHITE SOX ***
YoutubeTwitterFacebookArlingtoncardinalYahoo! Google Bing Aol.ArlingtoncardinalTMZ Rotten Tomatoes ET Online Box Office MojoArlingtoncardinal Channel 9 WGN Channel 7 Chicago ABC Channel 5 Chicago NBC Channel 2 Chicago CBS Daily HeraldChicago Tribune Breaking NewsArlingtoncardinal Chicago Gas PricesFloridaCardinal.comGLOBALCONFLICTMAPS.COM Arlingtoncards.com THE GUIDE

How to Check If You’re at Risk from Equifax Cybersecurity Breach

Wed September 13 2017 12:19 pm  http://www.arlingtoncardinal.com/?p=84799
 Share The Cardinal -- Arlingtoncardinal.com Articles (E-Mail, Facebook, Twitter & More) 

CHICAGO BEARS RADIO -- WBBM Newsradio 780 "Traffic on the 8's"

CBS 2’s Irika Sargent reports on the Equifax security breach.

On Friday September 8, 2017, Equifax announced a cybersecurity hacking incident potentially affecting about 143 million U.S. consumers. Some British and Canadian citizens were also compromised. According to census.gov, the US population is over 325,860,000 people on September 13, 2017.

Information accessed by the hacker (or hackers) in the breach includes first and last names, Social Security numbers, birth dates, addresses and driver’s license numbers. Credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were also accessed.

Following Equifax’s announcement of the May-July 2017 breach, Equifax’s actions received widespread criticism over the delay from discovery to disclosure, and because Equifax did not immediately reveal whether PINs and other sensitive information items were actually compromised.

Equifax responded that the delay was due to the time needed to determine the scope of the intrusion and the large amount of personal data involved in the breach.

Although the breach was reported to have begun in mid-May 2017 and was not discovered until July 29, 2017, several media companies advised consumers to request a credit freeze to reduce the impact of the breach.

Equifax offered a website (equifaxsecurity2017.com) with an on-page tool for consumers to learn whether they were victims of the breach. Analysts reported the tool returned random results even for fictional names and fictional social security numbers. The tool is accessed using the barely noticeable “click here” link in the following sentence at the top of the page: “To enroll in complimentary identity theft protection and credit file monitoring, click here.” The on-page tool requires users to enter their last names and the last six digits of their social security numbers. Critics of the fictional persons test say Equifax does not have a complete list of all people and their social security numbers, so Equifax was basically correct in its action to throw bogus information back at the fictional tests. Otherwise, if the tool replied by saying a particular last name and social security didn’t exist, then the information of positive or negative hits could be added to information inventory for the criminal intention of finding individuals’ social security numbers.

Additionally, the website had security flaws of its own: Initially equifaxsecurity2017.com was not registered to Equifax (now it is), and the website had a flawed TLS implementation (a cryptographic protocol for secure communications). The website was also using a configuration of the ubiquitous, free and open source WordPress software deemed unsuitable for high-security applications. The security flaws with the website were so glaring that Cisco-owned Open DNS blocked it, suspecting that the website was a phishing site.

Equifax blamed a popular open-source software called Apache Struts for providing a security hole, which has not been verified or proven. Hackers would have had to immediately exploited a security hole after discovering the hole on their own, or the hackers exploited an industry-known weakness on an Equifax server that was not properly patched. The explanation was provided by ZDNet, regarding a statement by The Apache Struts Project Management Committee.

Equifax corrected the Internet webiste registration issue, taking control of the website, and also created a prominent link to equifaxsecurity2017.com at the top of the official website (equifax.com).

Regardless of whether a consumer’s information may have been impacted, Equifax is providing consumers the option to enroll in “TrustedID Premier” identity theft protection and credit file monitoring service.

Initially Equifax’s identity protection program, Trusted ID, was (and still is) being offered to anyone who wants to enroll. The program is designed to help prevent identity theft and tampering with consumers’ credit, but the checker that lets consumers know whether they were hacked might be broken. Enrolling in the program initially — via a waiver — prevented consumers from participating in a class-action lawsuit against Trusted ID. Later Equifax made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this 2017 cybersecurity incident.

According to Equifax, investigators have found no evidence of “unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.” Equifax has engaged with an independent cybersecurity firm to conduct a forensic review of the intrusion, and law enforcement officials are also investigating.

According to Bloomberg News, three Equifax executives were permitted to sell more than $1.8 million worth of stock in the days following the July 29, 2017 discovery of the breach. The company said on Thursday September 7, 2017 that CFO John Gamble, President of U.S. Information Joseph Loughran, and President of Workforce Solutions Rodolfo Ploder were not informed about the security breach before the shares were sold.

Equifax is the oldest of the three largest United States credit agencies — Equifax, Experian, and TransUnion.

See also …
Bloomberg Three Equifax Managers Sold Stock Before Cyber Hack Revealed

ZDNet Equifax blames open-source software for its record-breaking security breach: Report




Get updates from The Cardinal ALL NEWS FEEDS on Facebook. Just ‘LIKE’ the ‘Arlington Cardinal Page (become a fan of our page). The updates cover all posts and sub-category posts from The Cardinal — Arlingtoncardinal.com. You can also limit feeds to specific categories. See all of The Cardinal Facebook fan pages at Arlingtoncardinal.com/about/facebook …


Help fund The Cardinal Arlingtoncardinal.com/sponsor

Sen. Mark Warner (D-Virginia) discusses the massive data breach at Equifax and whether the credit reporting firm should be held liable by the U.S. government — calls it a “Category 4 or Category 5 Cyber hack.” The waiver of liability that was established for people that used a free tool to see if users were at risk has been disallowed and discontinued.

Equifax said on Thursday September 7, 2017 that it suffered a major cybersecurity incident that might affect 143 million consumers in U.S.

CLEAR SKIES?  Weather Data for Wednesday, September 13th, 2017

Tags: , , , , , , , , , , , , , , ,    

IMPORTANT NOTE: All persons referred to as subjects, defendants, offenders or suspects, etc. are presumed to be innocent unless and until proven guilty beyond a reasonable doubt in a court of law.


Try a more powerful search in the box below ... SEARCH BOX PRODUCES RESULTS FOR The Cardinal -- Arlingtoncardinal.com ...
(POWERFUL SEARCH for The Cardinal, which can be expanded on the results page.)

Where background Wikipedia info/photos are used, original work is modified and released under CC-BY-SA.

! MORE NEWS FAST!!! MOST RECENT: CRIMEBLOG | MOST RECENT: FIREBLOG | SUBMIT NEWS TIPS
::: Health, wellness and fitness gifts! CoolFitnessGifts.com ::: Cubs, Sox caps at ChicagoFanfare.com :::

ARLINGTON HEIGHTS BREAKING NEWS --The Cardinal -- Arlingtoncardinal.com is a breaking news blog with Arlington Heights & Chicagoland emphasis. Early breaking reports may prove to be inaccurate after follow-up investigation, which may or may not be updated in The Cardinal -- Arlingtoncardinal.com. For in-depth coverage, please also check the following links for network television, cable news networks and Chicago local media coverage ...

Daily Herald | Daily Herald -- Arlington Heights | YouTube.com/DailyHeraldClips
Today's headline videos: FOXNews Video | YouTube.com/FoxNews | Associated Press | The Cardinal
Chicago Area Newspapers
CNN Arlington Heights  FOXNEWS  BREITBART.COM  cbs2chicago  NBC 5 Chicago  abc7chicago   WGNTV      WGNRADIO720  NEWSRADIO 78  CHICAGO BREAKING NEW  Daily Herald Arlington Heights  Chicago Tribune   Seed Newsvine
 
Video LOGO youtube Twitter Arlingtoncards facebook battery status Cardinal Calendar Search Batteries Plus RSS Help ...
All Headlines
crimeblog | fireblog
« EARLIER | SEARCH ARTICLES BY DATE -- Arlingtoncardinal.com/searchdate | LATER »

Comments for Arlingtoncardinal.com
COMMENTS are now available via one or more of our official Facebook pages. Comments no longer appear on the Arlingtoncardinal.com article per se. Please comment on Facebook.com/ArlingtonCardinal or check the other popular Arlington Cardinal Facebook pages at Arlingtoncardinal.com/about/facebook ...

SUBMIT CRIME TIPS ...
Anyone having information about serious crime in Arlington Heights should register on CitizenObserver.com and look for the anonymous TIP411 feature, or call Arlington Heights Crime Stoppers at 847-590-STOP (847-590-7867). Callers are guaranteed anonymity and may qualify for a cash reward of up to $1,000. Not a resident of Arlington Heights? Check CitizenObserver.com for availability for your community.

   Arlingtoncardinal.com/traffic | Traffic on Twitter

CHICAGOLAND RADAR


Weather radar map is provided by DarkSky.net
Arl Hts Weather | NEXRAD | FULL SCREEN RADAR

RSS Cardinal Weather Center

US & WORLD NEWS

Top News Video …

CHICAGOFIREMAP.NET TWITTER

digital-lifestyle.com

TMZ Plus …

RSS OBITUARIES