Thursday, September 14, 2017

Notations From the Grid (Special Thursday Edition): On the #Equifax Breach

The #Equifax Breach continues to be challenging.   The Washington Post released this primer which we are pleased to share for this edition of our Notations From the Grid (with this update Just received from US-CERT:

U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:

09/14/2017 11:07 AM EDT

Original release date: September 14, 2017
The Federal Trade Commission (FTC) has released an alert on scams related to the Equifax data breach. FTC warns consumers to be wary of calls or emails purporting to be from Equifax agents. Legitimate Equifax representatives will not contact consumers to ask for verification of their information.
US-CERT encourages consumers to report fraudulent calls and emails to the FTC Complaint Assistant and to refer to the FTC Alert and US-CERT Tips on Avoiding Social Engineering and Phishing Attacks and Preventing and Responding to Identity Theft for more information.

What did Equifax executives know and when did they know it?


Equifax on the floor of the New York Stock Exchange. (Justin Lane/EPA-EFE)
Right now the focus should be on helping people protect themselves from possible identity theft in the aftermath of a major data breach at Equifax.
But I do want to know if any of the credit bureau executives profited off knowing before we did that the breach had occurred.
Three Equifax executives sold nearly $2 million worth of company stock within days of the data breach. The public didn’t know about the hack until a month later.
Let’s see. Equifax said it discovered the breach July 29.
Bloomberg’s Anders Melin reported, “Regulatory filings show that on Aug. 1, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans.”
Put another way, “Gamble sold more than 13 percent of his stake in Equifax. Loughran sold 9 percent of his holdings and Ploder disposed of 4 percent.”
The executives “had no knowledge that an intrusion had occurred at the time they sold their shares,” according to a statement from Equifax.
What do you think?
The timing of the stock sales look questionable to me — and to others.
Don’t expect consumer friendly help from Equifax
When you’ve been harmed by a business, you expect to be a priority in the effort to make things right.
But what happens when that business isn’t really in the business of serving consumers?
This is the case with the credit bureaus. They are depository for our financial information. The lenders and companies we do business with upload our credit information to the credit reporting agencies – Equifax, Experian, TransUnion and the lesser known bureau Innovis. But it’s these businesses who are the bureaus big-time customers. The bureaus make most of their money selling our information. So we aren’t their main customers.
Then comes this major hack at Equifax. An astounding 143 million consumers’ personal data was stolen. Hackers got key information — Social Security numbers, driver’s licenses, credit card numbers and addresses.
Naturally consumers want answers. They want help to protect themselves. But since the credit bureaus aren’t really set up to perfect the interface with consumers, people are frustrated.
Equifax directed folks to visit a new site it set up — www.equifaxsecurity2017.com.
“But when consumers went to the page, some suspicion and confusion ensued,” reported The Post’s Hamza Shaban, who covers tech news. “Consumers who signed up at the website encountered a multistep process that never led to a definitive answer as to whether their personal data had been accessed by hackers.”
I visited the site and punched in my information.
This is the note I received: “Based on the information provided, we believe that your personal information may have been impacted by this incident. Click the button below to continue your enrollment in TrustedID Premier.”
I clicked and signed up for the free credit monitoring service.
Here’s the note I received after proving my identity by answering several questions: “You will receive an email with a link to finalize your enrollment and activate your product. Please be patient. Due to the high volume of requests, emails may be delayed. If you have not received your email within a few days, please check your spam and junk folders. Thank you again; we appreciate your patience!”
Guess I just have to wait. And while I wait how much more am I exposed?
If you’re waiting like me to get confirmation of enrollment in the credit monitoring service Equifax is offering, read all you can about what’s happening and how to further protect yourself.
I recommend the following:

No comments:

Post a Comment