We Warn Congress: After Equifax, Firms Will Step Up Trojan Horse Efforts to Eliminate State Privacy Laws

Like clockwork, after any big data breach is disclosed, powerful special interests seek to turn the problem into a bigger problem for consumers by using it as an opportunity to enact some sort of narrow federal legislation that broadly eliminates state data breach notification, state data security and other privacy protections.  I testified yesterday in the House Financial Services Committee (link to full hearing archive and video transcript) warning of their efforts. I warned in particular of their Trojan Horse efforts to hide their broader plans. They don’t simply want to create a “uniform national breach law.” Inside that Trojan […] Read more

Equifax Reopens Salary Lookup Service — Krebs on Security

Equifax has re-opened a Web site that lets anyone look up the salary history of a large portion of the American workforce using little more than a person’s Social Security number and their date of birth. The big-three credit bureau took the site down just hours after I wrote about it on Oct. 8, and began restoring the site eight days later saying it had added unspecified “security enhancements.”

The Work Number, Equifax’s salary and employment history portal.

At issue is a service provided by Equifax’s TALX division called The Work Number. The service is designed to provide automated employment and income verification for […] Read more

Pa. Credit Union Association joins suit against Equifax

(Photo / Thinkstock)

A trade group representing Pennsylvania credit unions has joined a class-action lawsuit against Equifax, saying financial institutions will incur years of fraud-related expenses because of the recent data breach at the company.

The Pennsylvania Credit Union Association is one of eight state and regional trade groups to join the suit since the Credit Union National Association filed it Oct. 4.

The complaint alleges that credit unions will be on the hook for costs like canceling and reissuing compromised credit cards, reimbursing members for fraudulent charges, increasing fraudulent activity monitoring and notifying members of fraud on their […] Read more

The vulnerability management process after Equifax

Managing software vulnerabilities is a universal problem.

While unknown flaws in code or system design are part of the vulnerability management process, responsible disclosure policies and bug bounties have greatly reduced the prevalence of zero-day attacks. Unknown security holes that attackers exploit are usually at high-value targets, such as Fortune 500 companies, government agencies and critical infrastructures.

NotPetya, WannaCry, Conficker and other well-publicized attacks took advantage of vulnerabilities that were publicly known and had available software patches. The use of known vulnerabilities is especially troubling for security professionals because these attacks can be prevented.

Companies haven’t embraced the ever-changing software environments that have […] Read more

Number of Leagues Joining CUNA’s Equifax Suit Rises Again

At least eight credit union leagues from all over the country are now plaintiffs in CUNA’s recent lawsuit against Equifax over the credit bureau’s huge data breach that exposed personal financial information for millions of people. 

The Pennsylvania Credit Union Association, Mountain West Credit Union Association and the Nebraska Credit Union League are among the latest to join the growing class-action suit over Equifax’s enormous data breach announced September 7.

The three leagues had harsh words about Equifax in their announcements. 

“We have not seen a data breach of this magnitude before and the potential […] Read more

Got an Equifax letter saying you were hacked? The helpline’s struggling

Almost 700,000 British victims of the Equifax hack are receiving letters offering a free fraud protection service. But you’ll need to hand over personal details to get it – and many say the helpline the letter directs you to isn’t working properly.

The credit report heavyweight is writing to UK consumers to warn them their personal details have been compromised, after it announced in September its US parent company had been the victim of a cyberattack five months […] Read more

House Committee Plans Hearings in Response to Equifax Breach – U.S. News & World Report

DeathRattleSports.com

House Committee Plans Hearings in Response to Equifax BreachU.S. News & World ReportThe state House Committee on Commerce and Economic Development says it will hold four hearings this month around the state. The Times Argus reports the hearings are directly connected to the data breach reported by the credit reporting agency Equifax, …Punctual as ever, Equifax starts snail-mailing affected Brits about mega-breachDeathRattleSports.comEquifax data breach: The impact and lessons learnedKhaleej Times

all 4 news articles »

[…] Read more

PA Credit Union Association to join Equifax Litigation

DAUPHIN COUNTY, Pa.– After Equifax was hacked,  more than 145 million Americans’ identities and credit histories were compromised and the Credit Union National Association (CUNA) filed a class-action lawsuit against the company on October 4. The Pennsylvania Credit Union Association (PCUA) has joined the litigation as plaintiffs.

The PCUA Board of Directors’ decision to join the lawsuit came after management conducted a thorough due diligence that determined credit unions and other financial institutions will likely bear long-term costs as a result of the breach. These costs include canceling and reissuing an untold number of compromised cards, reimbursing consumers […] Read more