Credit reporting firm Equifax says cybersecurity incident potentially affects 143 million US consume

WoW that's allot: http://money.cnn.com/2017/09/07/technology/business/equifax-data-breach/index.html

I went to the Equifax Website and found that Equifax is offering a "Complimentary Identity Theft Protection and Credit File Monitoring" for one year. All you have to do is sign up.
 
Am I going to sign up for this with the company that just got hacked, Yeah right, dream on.
 
I'm sure glad I'm in a habit of checking all my financial accounts at least 2 to 3 times a day. Looking at this I may have to up it to 4 or 5.
 
Heads should roll on this screw up, but the way things go in this now world they will probably get a promotion and a pay raise.

8th September, 2017   By Maria Varmazis
 
People have been banging the drum for years, but perhaps now the massive Equifax breach will force the issue to the forefront: it’s way, way past time to dump social security numbers (SSNs) as a national ID in the United States, as SSNs are a terrible way to identify or authenticate yourself. Here’s why.

You can’t change them if they are compromised

This tweet by@SarahJamieLewis sums up the issue quite nicely:
 
Don't forget to change your name, date of birth, home address and social security number regularly.
 
When your identity is stolen, the onus is on you, the victim, to spend hours tracking down fraudulent activity against your social security number and to remain vigilant to flag anything else that might appear. Full Article.

See Also - Apache Struts Vulnerability Exploited in the Wild
 
By Eduard Kovacs on September 11, 2017 A vulnerability affecting the Apache Struts 2 open-source development framework was reportedly used to breach U.S. credit reporting agency Equifax and gain access to customer data.
 
Equifax revealed last week that hackers had access to its systems between mid-May and late July. The incident affects roughly 143 million U.S. consumers, along with some individuals in the U.K. and Canada.
 
Full Article.

September 11th, 2017
 
It remains unclear whether those responsible for stealing Social Security numbers and other data on as many as 143 million Americans from big-three credit bureau Equifax intend to sell this data to identity thieves. But if ever there was a reminder that you — the consumer — are ultimately responsible for protecting your financial future, this is it. Here’s what you need to know and what you should do in response to this unprecedented breach.
 
Some of the Q&As below were originally published in a 2015 story, How I Learned to Stop Worrying and Embrace the Security Freeze. It has been updated to include new information specific to the Equifax intrusion.
 
Full Article.

Together with the username and password along with the vulnerabilty the consumer stood no chance at all.
 
By Eduard Kovacs on September 14, 2017
 
U.S. credit reporting agency Equifax confirmed on Wednesday that an Apache Struts vulnerability exploited in the wild since March was used to breach its systems.
 
Equifax informed customers last week that hackers had access to its systems between mid-May and late July. The breach, which affects roughly 143 million U.S. consumers, involved names, social security numbers, dates of birth, addresses and, in some cases, driver’s license numbers.
 
Full Article.
 
 

"The following article is a update on Equifax breach
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
By
Catalin CimpanuIn a press release published late Friday night, credit rating and reporting firm Equifax revealed new details about the security breach that exposed the personal details of over 143 million users, and also announced the immediate retirement of two high-ranking executives.
Equifax says that breach came to light on July 29 when its security team observed suspicious traffic from its US online dispute portal. Its security team blocked the traffic, but the next day, July 30, more suspicious activity was discovered.
Following an internal review, the company realized that attackers breached the server via a vulnerability in the Apache Struts Java framework that it was powering the underlying US online dispute portal. After patching the application, Equifax brought the web portal back online.
Equifax says that three days later they brought in cyber-security firm Mandiant — part of FireEye — the go-to company when it comes to investigating cyber-security incidents.
It was with Mandiant's help that Equifax discovered the breach. According to new revelations, Equifax says investigators found evidence suggesting that attackers had access to its network from May 13 through July 30, 2017.
On Friday, Equifax also announced the immediate retirement of two high-ranking executives.
Chief Information Officer David Webb will be replaced by Mark Rohrwasser, the company's current lead over International IT operations.
Chief Security Officer Susan Mauldin will be replaced by Russ Ayres, who previously served as Vice President in the IT organization.
 
full article here:

There has been a huge amount of stories about an earlier breach of Equifax this year which articles seem to be putting across as being unknown about as in a new story, I am glad Brian Krebs has put the story straight.
 
September 21, 2017
 
Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and has been a matter of public record for months. Furthermore, it was first reported on this Web site in May 2017.
 

 
In my initial Sept. 7 story about the Equifax breach affecting more than 140 million Americans, I noted that this was hardly the first time Equifax or another major credit bureau has experienced a breach impacting a significant number of Americans.
 
On May 17, KrebsOnSecurity reported that fraudsters exploited lax security at Equifax’s TALX payroll division, which provides online payroll, HR and tax services.
 
That story was about how Equifax’s TALX division let customers who use the firm’s payroll management services authenticate to the service with little more than a 4-digit personal identification number (PIN).
 
Full Article.

 

10th October 2017
 
Equifax Inc. said today an investigation into information stolen in the epic data breach the company disclosed on Sept. 7 revealed that intruders took a file containing 15.2 million UK records. The company says it is now working to inform 693,665 U.K. consumers whose data was stolen in the attack.
 

 
Previously, Equifax said the breach impacted approximately 400,000 U.K. residents. But in a statement released Tuesday, Equifax said it would notify 693,665 U.K. consumers by mail that their personal information was jeopardized in the breach. This includes:
 
-12,086 consumers who had an email address associated with their Equifax.co.uk account in 2014 accessed.

-14,961 consumers who had portions of their Equifax.co.uk membership details — such as username, password, secret questions and answers, as well as partial credit card details — accessed

-29,188 consumers who had their drivers license numbers accessed

-637,430 consumers who had their phone numbers accessed
 
Full Article.