Massive Equifax hack reportedly started 4 months before it was detected

Hackers behind the massive Equifax data breach began their attack no later than early March, more than four months before company officials discovered the intrusion, according to a report published Wednesday by the Wall Street Journal.

The first evidence of the hackers’ “interaction” with the Equifax network occurred on March 10, according to the report, which cited a confidential note that security firm FireEye sent to some Equifax customers. By then, a critical vulnerability in the Apache Struts Web application framework was already under active exploit on the Internet. Equifax officials have said the Struts flaw was the opening that gave attackers an initial hold in the targeted network.

Equifax has said that the breach that exposed sensitive data for as many as 143 million US consumers started on May 13 and lasted until July 30. The company didn’t disclose the breach until September 7.

Read 3 remaining paragraphs | Comments

Equifax sends breach victims to fake notification site

The official Equifax Twitter account encouraged people to visit a knock-off website that mocks the company’s security practices instead of the site the company created to warn of a massive data breach. That recent breach exposed personal details for as many as 143 million US consumers.

In a tweet on Tuesday afternoon, an Equifax representative using the name Tim wrote: “Hi! For more information about the product and enrollment, please visit: securityequifax2017.com.” The message came in response to a question about free credit monitoring Equifax is offering victims. The site is a knock-off of the official Equifax breach notification site, equifaxsecurity2017.com. A security researcher created the imposter site to demonstrate how easy it is to confuse a legitimate name with a bogus one. The Equifax tweet suggests that even company representatives can be easily fooled. The tweet was deleted late Wednesday morning, more than 18 hours after it went live.

It turns out Equifax has linked to the same fake domain since at least September 9, as evidenced by tweets here, here, and here. Unlike Tuesday’s tweet, the September 9 tweets remained live when this post was going live, but were taken down shortly after that.

Read 6 remaining paragraphs | Comments

Crunch Report | Slack Raises $250 Million

Slack raises a pretty big chunk of change from SoftBank, the DOJ is investigating an Equifax stock dump and Google debuts payments app Tez in India. All this on Crunch Report. Read More

Equifax was reportedly hacked almost five months before its first disclosed date

 Equifax learned about a major breach in its systems in March, well before it disclosed a massive breach earlier this month that included sensitive information for 143 million consumers, according to a new report from Bloomberg. Bloomberg is also reporting that both breaches may have involved the same intruders, which is not a good look for the company that is reeling from the massive breach… Read More

U.S. Justice Department investigating Equifax execs who dumped shares before announcing breach

 The U.S. Justice Department is said to be investigating the questionable sale of stock by Equifax executives in advance of the company’s public announcement of its massive data breach. The investigation is said to include U.S. prosecutors in Atlanta, the FBI and the Securities and Exchange Commission, according to a report this morning from Bloomberg.
Three executives, Chief Financial… Read More

Equifax CIO, CSO “retire” in wake of huge security breach

On Friday, Equifax announced that two top executives would be retiring in the aftermath of the company’s massive security breach that affected 143 million Americans.

According to a press release, the company said that its Chief Information Officer, David Webb, and Chief Security Officer, Susan Mauldin, would be leaving the company immediately and were being replaced by internal staff. Mark Rohrwasser, who has lead Equifax’s international IT operations, is the company’s new interim CIO. Russ Ayres, who had been a vice president for IT at Equifax, has been named as the company’s new interim CSO.

The notorious breach was accomplished by exploiting a Web application vulnerability that had been patched in early March 2017.

Read 3 remaining paragraphs | Comments

10,000 CAA Customers Could Be Equifax Hack Victims

The information of 10,000 CAA members could have been compromised as a result of the Equifax hack, which was one of the largest in history.

TORONTO — The Canadian Automobile Association says it is informing about 10,000 of its members that they may have had sensitive data compromised by the massive Equifax cybersecurity breach.

The CAA said Thursday Equifax was its partner on the auto organization’s identity protection program, which began in March 2015 and was terminated on July 1, weeks before Equifax discovered the hack on July. 29.

The program required members to register their personal information such as credit cards, banking information and email address, with the option of providing a social insurance number.

The organization says it has been trying since the first reports of the Equifax breach surfaced to determine if it affects any of the approximately 10,000 CAA members who signed up for the program.

It says Equifax has not provided any answers so far. Equifax Canada did not respond to requests from The Canadian Press.

We are informing the affected members that the data they shared with Equifax may have been compromised.CAA spokesperson

“We value our members’ privacy. Our contract with Equifax explicitly said customer data would be governed by Canada’s privacy law, PIPEDA, and we chose them as a partner because of their then high reputation. CAA did not handle or retain any of the information provided to Equifax,” said Ian Jack, CAA managing director of communications and government relations.

“We are informing the affected members that the data they shared with Equifax may have been compromised, and are writing Canada’s Office of the Privacy Commissioner to express our concern about this breach and to ask that they push Equifax to provide more information to Canadians.”

Meanwhile, Canadians who are worried they might be victims of the Equifax Inc. hack say they are being treated as an afterthought in the wake of one of the largest online data breaches in history.

EQUIFAX-CYBER/

The company has provided consumers in the U.S. with a website that shows whether they are at risk of identity theft and is allowing them to monitor their files for free for one year.

But the online database does not provide Canadians with accurate information because it is based on U.S. social security numbers. The Equifax Canada website says it costs $19.95 per month for the same monitoring service.

Toronto lawyer Frances Macklin said she is frustrated that Canadians are being treated worse than their U.S. counterparts and questioned why there isn’t a dedicated portal for consumers north of the border.

Canadians left in the lurch: Lawyer

“We’re equally affected. Just because I don’t have a social security number, I don’t get access to information,” said the partner at Gowlings law firm. “I’m completely bewildered by that.”

Equifax Inc. said last Thursday that a security breach occurred over the summer that compromised the private information of up to 143 million Americans, along with an undisclosed number of Canadians.

But the company has not provided further details, including how many Canadians may have been exposed. Equifax Canada did not immediately respond to requests for comment.

EQUIFAX-CYBER/

However, Equifax Canada’s customer service agents have told callers that only Canadians who have had dealings in the United States are likely to have had their information compromised in the data breach.

The credit monitoring company’s call centre staff said that Canadians who have Equifax accounts in the U.S. could be at risk of having their data compromised, such as those who have lived, worked or applied for credit south of the border.

Equifax Canada’s website says that “only a limited number of Canadians may have been affected” and it is working to find out how many.

Equifax Canada: “Only a limited number… may have been affected”

It adds that personal information that may have been breached includes names, address and Social Insurance Number and “the breach is contained.”

Robert Johnson, lead plaintiff in a proposed class action lawsuit against Equifax Canada filed in Saskatchewan, said he is upset that Canadians have only been told that a limited number have been compromised.

The Regina business analyst said he trusted them with his personal information and does not understand why it is taking so long to provide more information about the hack.

Unacceptable that Canadians don’t know if they’ve been targets: Expert

Communications expert Warren Weeks believes Equifax could not have handled this issue in a worse way.

“We’re talking about the gateway to all of your financial information in your life,” said Weeks, who is the principal of communication firm Weeks Media Group.

“And Canadians, in specific, don’t know if they’ve been targeted or not or they’ve been impacted or not? I think in 2017, that’s unacceptable.”

Equifax hackers stole data for 200k credit cards from transaction history

It wasn’t just credit record data that someone made off with when they breached Equifax’s website starting in May of this year. The attacker also managed to grab credit card data from transactions involving more than 200,000 credit cards, and some of those transactions dated back as far as November of 2016.

Brian Krebs reports that the credit bureau revealed all this credit card data was taken as the result of a single attack that took advantage of a months-old exploit of the Apache Foundation’s Struts framework for Java-based Web applications. Visa and MasterCard both published confidential alerts to banks in their networks this week about the card exposure. Both explicitly blamed Equifax, and Visa linked to Equifax’s press release on the breach. The transactions that may have been exposed took place in a period spanning November 10, 2016 to July 6, 2017, according to the Visa notification.

According to Equifax, the breach began in mid-May and was detected on July 29. “The attacker accessed a storage table that contained historical credit card transaction related information,” an Equifax spokesperson told Krebs. The company did not respond to questions from Krebs about how the data was being stored.

Read 2 remaining paragraphs | Comments