equifax

Equifax settles with FTC, CFPB, states, and consumer class actions for $700m

Equifax doxed virtually every adult in America as well as millions of people in other countries like the UK and Canada. The breach was caused by an acquisition spree in which the company bought smaller competitors faster than it could absorb them, followed by negligence in both monitoring and responses to early warnings. Execs who learned of the breach used it as an opportunity to engage in insider trading, while failing to take action to alert the public. Equifax nonconsensually gathers dossiers on everyone it can, seeking the most sensitive and potentially damaging information to record. The company was founded as part of a corporate spy-ring employed to root out and identify political dissidents and sexual minorities. Read the rest

Vast majority of porn sites use Google Analytics and Facebook embeds that track you, even in incognito mode

If you only look at porn with your browser in incognito mode, your browser will not record your porn-viewing history; but the porn sites themselves overwhelmingly embed tracking scripts from Google and Facebook in every page: 93% of 22,484 porn sites analyzed in a New Media & Society paper had some kind of third-party tracker, with Google in the lead, but also including trackers from some of the worst privacy offenders in Silicon Valley, like Oracle. Read the rest

DoNotPay's latest service will auto-cancel your free trials before the billing period starts

DoNotPay (previously) is a collection of consumer-advocacy tools automated the process of fighting traffic tickets, help homeless people claim benefits, sue Equifax for leaking all your financial data, navigating the airlines' deliberately confusing process for getting refunds on plane tickets whose prices drop after you buy them, and filing small-claims suits against crooked corporations. Read the rest

FTC asks Congress to create national privacy law to regulate big tech's use of personal data

Members of the United States Federal Trade Commission (FCC) on Wednesday asked Congress to create a national privacy law that would regulate how technology giants like Facebook and Google gather, store, and share the personal data of users. Read the rest

Elizabeth Warren proposes holding execs criminally liable for scams and data breaches

A new bill from Senator Elizabeth Warren proposes personal, criminal liability for top executives of companies turning over more than $1B/year when those companies experience data breaches and scams due to negligence (many of the recent high-profile breaches would qualify, including the Equifax giga-breach, as well as many of Wells Fargo's string of scams and scandals). Read the rest

AOC grills Equifax CEO: the Congressional record now contains the obvious, infuriating truth that everyone else already knew

Virtually everyone who's ever had the credit-rating system explained to them immediately understood that this was a complete scam: these companies that most of us have never heard of nonconsensually ingest gigantic mountains of data about you and your life and produce a numeric score that is nearly impossible to explain and extremely frustrating to alter, and that number is used to determine your access to work, rental accommodations, loans, mortgages and more. Read the rest

Experts think Equifax was hacked by Russia or China to recruit spies

In 2017 the private credit information of 143 millions Americans was stolen from Equifax. But the records have never been offered for sale on the black market, which is highly unusual. (The only person who has so far profited from the breach seems to be Equifax CEO Richard F. Smith, who resigned with an $80 million retirement package.)

So, who stole the records of 1/2 the US population, and why? CNBC interviewed "experts, intelligence officials, dark web data 'hunters' and Equifax" and the consensus seems to be China or Russia did it as a way to recruit spies.

One former senior intelligence official with direct knowledge of the Equifax investigation summarized the prevailing expert opinion on how the foreign intelligence agency is using the data. (This person asked to speak on the condition of anonymity because he isn't authorized in his current role to speak to media.)

First, he said, the foreign government is probably combining this information with other stolen data, then analyzing it using artificial intelligence or machine learning to figure out who's likely to be — or to become — a spy for the U.S. government. He pointed to other data breaches that focused on information that could be useful for identifying spies, such as a 2015 breach of the Office of Personnel Management, which processes the lengthy security clearance applications for U.S. government officials.

Second, credit reporting data provides compromising information that can be used to turn valuable people into agents of a foreign government, influencers or, for lower-level employees, data thieves or informants.

Read the rest

Was that huge 2017 Equifax data breach part of a nation-state spy scheme?

That massive Equifax data breach on September 7, 2017, shocked everyone, but a year and a half later, where the data of all those 143 million Equifax users ended up is still a mystery. Read the rest

Survey of the 2019 security landscape reveals some surprising bright spots

Chrome security engineer and EFF alumna Chris Palmer's State of Software Security 2019 is less depressing than you might think: Palmer calls out the spread of encryption of data in transit and better signaling to users when they're using insecure connections (largely attributable to the Let's Encrypt project); and security design, better programming languages and bug-hunting are making great strides. Read the rest

Congressional Republicans say Equifax breach was "entirely preventable," blames "aggressive growth strategy" but reject measures to prevent future breaches

Equifax doxed 145 million Americans, dumping their most sensitive financial data into the world forever, with repercussions that will be felt for decades to come. Read the rest

Top FTC official is so such a corporate shill that he has conflicts of interest for 100 companies, including Equifax and Facebook

Andrew Smith is Trump's chief of the FTC Consumer Protection Bureau, in charge of investigating companies that abuse Americans -- but he can't, because he has previously provided services for over 100 of America's largest companies, including Facebook, a whack of payday lenders, Amazon, American Airlines, Amex, BoA, Capital One, Citigroup, John Deere, Equifax, Expedia, Experian, Glaxosmithkline, Goldman Sachs, Jpmorgan, Linkedin, Microsoft, Paypal, Redbubble, Twitter, Sotheby's, Transunion, Uber, Verizon, Visa, Disney and Wells Fargo. Read the rest

Incredibly detailed technical guide to camgirling is a mix of advanced retail psychology and advice on performing emotional labor

Aella was a top-earning, top-ranked camgirl who performed sex shows over the internet for money, using the popular Myfreecams platform; she quit a year ago, and has written an incredibly detailed, soup-to-nuts primer on getting started camgirling, though she warns that some of her advice is out of date. Read the rest

DHS plans to use credit-scores to judge who may become a citizen

The US Department of Homeland Security has published a new proposed rule that would make people ineligible for US citizenship if their credit-scores were poor. Read the rest

Companies keep losing your data because it doesn't cost them anything

Data breaches keep happening, they keep getting worse, and yet companies keep collecting our data in ever-more-invasive ways, subjecting it to ever-longer retention, and systematically underinvesting in security. Read the rest

Senator Wyden proposes 20 prison sentences for CEOs who lie about data collection and protection

Senator Ron Wyden [D-OR] (previously) has introduced the Consumer Data Protection Act, which extends personal criminal liability to the CEOs of companies worth more than $1B or who hold data on more than 50,000,000 people who knowingly mislead the FTC in a newly mandated system of annual reports on the steps the company has taken to secure the data. Read the rest

Equifax engineer gets 8 months house arrest for $75,000 insider trading spree

An internet engineer at Equifax who coded parts of a breach portal for the credit agency has been sentenced to 8 months of house arrest for insider trading. He was convicted of using insider information about the Equifax breach to make more than $75,000. Read the rest

No identity theft protection for latest Facebook hack victims

Facebook will not provide fraud protection for victims of its latest data breach, details of which were announced in a Friday news dump. It set up a page where you can check if your Facebook account was breached.

One analyst told the BBC the decision was "unconscionable" ... For the most severely impacted users - a group of around 14 million, Facebook said - the stolen data included "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches".

Typically, companies affected by large data breaches - such as Target, in 2013 - provide access to credit protection agencies and other methods to lower the risk of identity theft. Other hacked companies, such as on the Playstation Network, and credit monitoring agency Equifax, offered similar solutions.

A Facebook spokeswoman told the BBC it would not be taking this step "at this time". Users would instead be directed to the website's help section.

They're done caring. If you're still using Facebook, you're done caring too. Read the rest

Next page

:)