A leaked set of disclosures made by Equifax to the US Senate have revealed that the breach of 145.5 million Americans' sensitive financial data was even worse than suspected to date: in addition to data like full legal names, dates of birth, Social Security Numbers, and home addresses, it appears that Equifax also breached drivers' license numbers and issue-dates. Read the rest

Wired's new Guide to Digital Security is an excellent addition to the genre of simple-to-follow how-tos for reducing the likelihood that you'll be victimized by computer-assisted crime and harassment, and that if you are, the harms will be mitigated. Read the rest

A group of NYU and University of Illinois at Chicago computer scientists have presented a paper at the 2017 ACM Internet Measurement Conference in London presenting their findings in a large-scale study of online doxings, with statistics on who gets doxed (the largest cohort being Americann, male, gamers, and in their early 20s), why they get doxed ("revenge" and "justice") and whether software can detect doxing automatically, so that human moderators can take down doxing posts quickly. Read the rest

An anonymous security researcher has shown Motherboard evidence that they warned Equifax in December 2016, six months before its catastrophic breach, disclosing numerous elementary deficiencies in Equifax security that left all of its data vulnerable to being stolen. Read the rest

Equifax division TALX has a product called The Work Number, where prospective employers can verify job applicants' work history and previous salaries (it's also used by mortgage lenders and others): you can create an account on this system in anyone's name, provided you have their date of birth and Social Security Number. The former is a matter of public record, the latter is often available thanks to the many breaches that have dumped millions of SSNs (the latest being Equifax's catastrophic breach of 145,000,000 Americans' data). Read the rest

On September 29, weeks after Equifax admitted to having lost the most sensitive financial and personal information of 143,000,000 Americans (but a week before Equifax admitted that the total was actually 145,500,000) (and counting), the IRS awarded the company a no-bid contract for $7,250,000 to verify taxpayer identities and curtail fraud. Read the rest

Turns out that the total number of people whose lives Equifax ruined by doxing them and then dumping all their most sensitive personal and financial data is 145,500,000, not 143,000,000. The company's new CEO apologized for the misunderstanding, and persisted in calling the people his company destroyed "customers" despite the fact that the vast majority of them were not Equifax customers, just random people whom Equifax compiled massive dossiers on, and then lost control over. Read the rest

Donald Trump is running a national-scale voter-suppression effort, billed as a "Voter Fraud Commission," whose first act was to illegally demand that state election officials dox every registered voter by sending their lifelong voter records to the White House. Read the rest

In the wake of CNN threatening to out a critic if he does not limit his speech in the future, former federal prosecutor and First Amendment champion Ken White has published an eminently sensible post about the incoherence of the present moment's views on free speech, and on the way that partisanship causes us to apply a double standard that excuses "our bunch" and damns the "other side." Read the rest

A Utah State House of Representatives bill would outlaw doxing—publishing someone's private info with the intent to facilitate harassment—but the EFF says the planned law's language is so broad it would target free speech.

At fault, Sam Machkovech reports, is the fact that the law doesn't clearly define its terms.

[Lead sponsor State Representative David E.] Lifferth's suggested amendment, on the other hand, offers no such specific, harassment-minded qualifiers in regard to "personal identifying information." The legislation as written would punish citizens for posting a laundry list of information about anyone if a court determined there was intent to annoy, alarm, or offend them, including names, birthdays, phone numbers, place of employment, photographs, or other realistic likenesses. The penalty for first-time offenders would be a class B misdemeanor, punishable by up to six months in jail and a maximum $1,000 fine.

Among other things, such legislation might limit citizens' ability to hold public officials and other influential members of society accountable for their actions.

Lifferth has promised to fix the bill's language. Read the rest