New details on Equifax hack

Email addresses and tax ID, phone numbers also exposed, firm says

The Equifax data breach exposed more of consumers' personal information than the company first disclosed last year, according to documents given to lawmakers.

The credit reporting company announced in September that the personal information of 145.5 million consumers had been compromised in a data breach.  It originally said that the information accessed included names, Social Security numbers, birth dates, addresses and - in some cases - driver's license and credit card numbers.  It also said the personal information from thousands of dispute documents was exposed.

However, Atlanta-based Equifax Inc. recently disclosed in a document submitted to the Senate Banking Committee, which was shared with The Associated Press, that a forensic investigation found criminals accessed other information from company records.  That included tax identification numbers, email addresses and phone numbers. Finer details, such as the expiration dates for cr3edit cards or issuing states for driver's licenses, were also in the list.

The additional insight into the massive breach was first reported by TheWall Street Journal. 

Equifax's disclosure, which it has not made directly to consumers, underscores the depth of detail the company keeps on individuals that it may have put at risk.  And it adds to the string of missteps the company has made in recovering from the security debacle.

Equifax spokeswoman Meredith Griffanti said that "in no way did we intend to mislead consumers."  The company last year disclosed only the information that affected the greatest number of consumers and wanted to "act with the greatest clarity" in terms of the information provided the committee, she said.

Griffanti also said that while the list provided to the committee includes all the potential data points that may have been accessed by criminals, those elements affected a minimal portion of consumers.  And some data - like passport numbers - was not stolen.  The company said the number of consumers affected was unchanged.

"When you are making that kind of announcement, where do you draw the line?  If you saw the list we provided the banking finance committee, it was pretty exhaustive," Griffanti said.  "We wanted to show them that no stone was unturned."

The company continues to deal with multiple regulatory investigations into the matter, as well as hundreds consumer lawsuits.  Sen. Elizabeth Warren, D-Mass., released a report on the hack Wednesday that described it as "one of the largest and most significant data security lapses in history."

Comments

Post a Comment

Popular posts from this blog

Cybersecurity - Equifax sued over massive data breach

Cybersecurity Equifax sued over massive data breach Second case brought against company for way it handled personal info ATLANTA  - A team of lawyers has filed a class-action lawsuit against Equifax over that data breach that has compromised the personal information of more than 140 million US consumers. The lawsuit filed in US District Court in Atlanta faults Equifax for "gargantuan failures to secure and safeguard consumers' personally identifiable information -- and for failing to provide timely, accurate and adequate notice" to consumers that such sensitive material had been stolen. The lawsuit said plaintiffs Brian Spector of Florida and James McGonnigal of Maryland are each victims of the breach.  McGonnigal alleges he has "recently had four credit accounts opened in his name without his authorization."   The lawsuit joins another filed this past week in Oregon on behalf of a couple there, and others are expected.  A US House committee has
Read more

IP 23 Feedback

IP 23 Chaperone/Feedback Feedback by closing the loop between the output or product of a process and the controlling or influencing inputs. Introduce feedback. Enhance or change existing feedback. Monitor and control inputs rather than simply inspect outputs. Continuous coursework and assessment rather than end of the year exams. Many processes, typically continuous flow production, electronics or service processes, are part of larger systems. Such systems are best controlled using closed loop feedback, where the state of one or more critical outputs is used to influence one or more critical inputs. Making feedback work well is a challenging subject, as over control is just as problematic as under control. However the aim must be to ensure effective feedback loops are in place within processes where they will clearly help. Feedback is essential as part of system's control mechanisms. Six Sigma encourages the concept and use of the formula Y=f(x), where we control the inputs to a
Read more

TWO MINDSETS

Two different mindsets are doing battle in today's world. Old Power Values Formal (representative) governance, managerialism, institutionalism Competition, exclusivity, resource consolidation Confidentiality, discretion, separation between private and pubic spheres Expertise, professionalism, specialization Long-term affiliation and loyalty, less overall participation New Power Values Informal (networked) governance, opt-in decision-making, self-organization Collaboration, crowd wisdom, sharing, open-sourcing Radical transparency Maker culture, "do-it ourselves" ethic Short-term conditional affiliation, more overall participation
Read more