It is currently Sun Dec 17, 2017 10:12 pm

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 47 posts ]  Go to page Previous  1, 2
Author Message
PostPosted: Thu Jun 04, 2015 5:13 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
Speaking of a .gov data breach...first the IRS now the Office of Personnel Management says its data was compromised.

I guess maybe using a password like Passw0rd is not that a good idea. :wink:


Quote:

APNewsBreak: Massive breach of federal personnel data
Associated Press By KEN DILANIAN and RICARDO ALONSO-ZALDIVAR

WASHINGTON (AP) — Hackers broke into the computer networks of the U.S. government personnel office and stole identifying information of at least 4 million federal workers, officials said Thursday.

The Department of Homeland Security said in a statement that data from the Office of Personnel Management and the Interior Department had been compromised.

"The FBI is conducting an investigation to identify how and why this occurred," the statement said.

A U.S. official who declined to be identified said the data breach could potentially affect every federal agency. One key question is whether intelligence agency employee information was stolen.

Ken Ammon, chief strategy officer of Xceedium, a government security contractor, said the attack fit the pattern of those conducted by "nation states." In the world of data-stealing cyberattacks, that phrase typically refers to either Russia or China.

"This is an attack against the nation," Ammon said, because the information could be used to impersonate or blackmail federal employees with access to sensitive information.

The Office of Personnel Management is the human resources department for the federal government, and it conducts background checks for security clearances. The OPM conducts more than 90 percent of federal background investigations, according to its website.

In November, a former DHS contractor disclosed another cyberbreach that compromised the private files of more than 25,000 DHS workers and thousands of other federal employees.

DHS said its intrusion detection system, known as EINSTEIN, which screens federal Internet traffic to identify potential cyber threats, identified the hack of OPM's systems and the Interior Department's data center, which is shared by other federal agencies.

"DHS is continuing to monitor federal networks for any suspicious activity and is working aggressively with the affected agencies to conduct investigative analysis to assess the extent of this alleged intrusion," the statement said.

Members of Congress were briefed on the breach earlier Thursday.

Rep. Adam Schiff, ranking Democrat on the House intelligence committee, called the hack "shocking, because Americans may expect that federal computer networks are maintained with state of the art defenses."

Ammon said federal agencies are rushing to install two-factor authentication with smart cards, a system designed to make it harder for intruders to access networks. But implementing that technology takes time.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Share on FacebookShare on TwitterShare on TumblrShare on Google+
Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 11, 2015 3:25 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
Based upon these news stories the data compromised by the US OPM may be much worse than initially reported.

http://abcnews.go.com/ABCNews/opm-hack- ... d=31689059

http://hosted.ap.org/dynamic/stories/U/ ... 1-15-58-33

Obviously the truth may be different but still it is something any federal employee should keep in mind. What can i say other than hope for the best but plan for the worst...because hope is not a plan.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 09, 2015 4:16 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
If you are a .gov employee or contractor who has or has had information on file with the Office of Personnel Management your data may have been compromised.

Quote:
The U.S. agency burglarized by suspected Chinese hackers has completed its long-awaited damage assessment: In total, more than 22 million people inside and outside government likely had their personal information stolen, officials announced today.

That number is more than five times larger than what the Office of Personnel Management announced a month ago when first acknowledging a major breach had occurred. At the time, OPM only disclosed that the personnel records of 4.2 million current and former federal employees had been compromised.


Quote:
Investigators ultimately determined that 19.7 million applicants for security clearances had their Social Security numbers and other personal information stolen and details about nearly 2 million relatives and other associates was also taken, according to OPM. Those numbers include many of the 4.2 current and former government employees whose personnel files were already confirmed as compromised, an OPM spokeswoman said.


Quote:
"If an individual underwent a background investigation through OPM in 2000 or afterwards ... it is highly likely that the individual is impacted by this cyber breach," OPM's statement said today.


Yes, you read that right 15 +/- years of data was compromised.

http://news.yahoo.com/25-million-affect ... ories.html

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 09, 2015 5:40 pm 
Offline
* *

Joined: Tue Aug 05, 2014 6:33 am
Posts: 275
Has thanked: 15 times
Been thanked: 32 times
Argh, hit the back button, forget what all I was going to type. Oh well - if you think you might've been affected, pay attention to your mail; the OPM should be contacting you soon if they haven't already.

Is it political to snicker - in light of recent events - about the FBI director wanting backdoors for private encryption? Or perhaps I should just bang my head on the keyboard.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 10, 2015 12:00 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
BTW A little suggestion for all you IT types.

Hackers have made mockery of IT security in places that spend literally tens to hundreds of millions of dollars on IT security. Any system designed by humans can be defeated. It should be part of your security protocol to randomly perform security checks and to bring in independent 3rd parties to assess security.

I would note that such independent checks were what detected several of these data compromises.

If the powers that be are too cheap to spend the money on security remind them that PR consultants and retroactive security is damned expensive. If they say they rely on you to prevent this 100% remind them that even the .gov cannot keep these folks out. There is no shame in asking for outside help.

Yes I know there as some asshats who will look at this as an admission of incompetence on your part . But still it better to lose a little face than to have explain why the data is compromised.

BTW OPM Director resigned.

http://www.theblaze.com/stories/2015/07 ... ta-breach/

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Tue Jul 14, 2015 5:33 pm 
Offline
*
User avatar

Joined: Mon Sep 17, 2012 12:21 pm
Posts: 89
Location: Albuquerque, NM
Has thanked: 3 times
Been thanked: 13 times
A note on passwords:

It is pretty much impossible to remember multiple secure passwords given the number of places that want you to create some sort of account online these days. One of the best compromises is something known as a Password Vault. The idea is that you set up a place to store all your passwords, encrypt it, and make the password to unlock the encryption actually secure as opposed to your "Passw0rd".

Pro: Only one password to remember, you can create multiple actually secure passwords that are stored somewhere.

Cons: They're still stored somewhere else, if anyone gets into your password vault they have ALL of your information.

There are a couple services out there, I prefer LastPass which is free (unless you go for the "deluxe" $12/year version, which I highly recommend), but so long as 1) they encrypt your passwords on your computer before they send them anywhere, and 2) they use strong encryption it's probably the best compromise between security and actually being able to use the internet there is. You can even (for LP if you buy the deluxe version) turn on multifactor authentication, where you need to know your standard password AND have another thing (USB drive, your phone, etc) in order to unlock your password vault.

LastPass also does security audits of your passwords, checking them for strength, to make sure you don't have duplicates, etc. AND if a website has a known hack, they will send you a note and STRONGLY encourage you to change your password for that site.

Anyway, it's really easy, the deluxe version lets you link your phone/tablet/desktop/etc, and it is pretty damn secure. Recommended.

Link to Lifehacker talking about different password managers: http://lifehacker.com/lifehacker-faceof ... 1682443320
Link to Lifehacker talking about how much you should worry about LastPass getting hacked: http://lifehacker.com/is-lastpass-secur ... 1555511389
Link to LastPass: https://lastpass.com/

_________________
ΜΟΛΩΝ ΛΑΒΕ


Top
 Profile  
Reply with quote  
PostPosted: Mon Aug 17, 2015 6:19 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
The IRS has admitted that its data breach was much larger than initially reported.

http://www.cnet.com/news/hackers-might- ... ouseholds/

Quote:
More than 300,000 households face "possible or potential" loss of their personal information to the electronic attackers, the agency said. That's more than twice the initial estimate of 114,000 households given by the IRS in May.


Unfortunately there is nothing a taxpayer can do if your data was compromised other than monitor your credit report. The likely use of this information is to file a fraudulent tax return claiming an over inflated refund amount in your name. The first hint of this will be a letter from the IRS instead of a refund check requesting that you repay said refund. Ultimately you should be able to clear up the issue but not without effort.

The IRS is saying they will notify affected taxpayers and provide credit monitoring services but considering the delay in even admitting the depth of the data breach that notification may be a while in arriving. If you or your tax preparer used the the tax transcript tool in 2014 or 2015 your odds of having been a part of the compromised data is high, not 100% but still high.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Mon Feb 08, 2016 3:31 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
Yet another possible breach of federal data.

http://www.foxnews.com/politics/2016/02 ... -data.html

Quote:
A law enforcement source confirmed to Fox News that federal authorities are now looking into the matter – but it may only involve open-source material. The source described the stolen information as data that could be obtained by filing a Freedom of Information Act request.

“We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information,” DHS said in a statement.

A Justice Department spokesman also said in a statement that this “unauthorized access” is under investigation but “there is no indication at this time that there is any breach of sensitive personally identifiable information.”





http://motherboard.vice.com/read/hacker ... -employees


Quote:
A hacker, who wishes to remain anonymous, plans to dump the apparent names, job titles, email addresses and phone numbers of over 20,000 supposed Federal Bureau of Investigation (FBI) employees, as well as over 9,000 alleged Department of Homeland Security (DHS) employees, Motherboard has learned.

The hacker also claims to have downloaded hundreds of gigabytes of data from a Department of Justice (DOJ) computer, although that data has not been published.

On Sunday, Motherboard obtained the supposedly soon-to-be-leaked data and called a large selection of random numbers in both the DHS and FBI databases. Many of the calls went through to their respective voicemail boxes, and the names for their supposed owners matched with those in the database. At one point, Motherboard reached the operations center of the FBI, according to the person on the other end.

One alleged FBI intelligence analyst did pick up the phone, and identified herself as the same name as listed in the database. A DHS employee did the same, but did not feel comfortable confirming his job title, he said.

A small number of the phones listed for specific agents or employees, however, went through to generic operator desks in various departments. One FBI number that Motherboard dialled did go through to a voicemail box, but the recorded message seemed to indicate it was owned by somebody else. This also applied to two of the DHS numbers.

After several calls, Motherboard was passed through to the State and Local desk at the National Operations Centre, part of the DHS. That department told Motherboard that this was the first they had heard about the supposed data breach.

The job titles included in the data cover all sorts of different departments: contractors, biologists, special agents, task force officers, technicians, intelligence analysts, language specialists, and much more.

The data was obtained, the hacker told Motherboard, by first compromising the email account of a DoJ employee, although he would not elaborate on how that account was accessed in the first place. (On Monday, the hacker used the DoJ email account to contact this reporter).

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 17, 2016 6:36 pm 
Offline

Joined: Fri Apr 30, 2010 9:50 am
Posts: 13
Has thanked: 0 time
Been thanked: 0 time
raptor wrote:
It is tax scam season.

People locally are getting phone calls from "IRS agents" 1) Claiming your tax refund is being held up pending a verification call and proof of ID which must include your social security number. 2) Your taxes are delinquent and an arrest warrant has been issued that can only be cancelled by an immediate payment of "x" amount with a prepaid gift card. 3.) My favorite. Your tax return was damaged in processing and they need you to provide your name, address and social security number so they can correct their records.

As I am sure most people know the IRS uses the US mail for such correspondence. If you get a phone call from someone claiming to be an IRS agent absent any correspondence; it is a scam.

If you get such a call feel free to have some fun with the scammers. :mrgreen:


A note about "having fun with scammers" Many are upping the ante by "SWATTING" folks for messing with them. This just happened here

http://www.kktv.com/home/headlines/Stan ... 78141.html


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 17, 2016 7:56 pm 
Offline
* * *

Joined: Mon Aug 17, 2015 2:56 pm
Posts: 513
Has thanked: 31 times
Been thanked: 97 times
This year, the IRS required an additional form of ID to file my returns. Also, every single, bar none, unrecognized SMS I have received has been a phishing scam. Often for banks and CC I don't have.

I've found as a countermeasure, to have the bank send me a text me about any purchases over an X amount. It won't stop multiple small purchases from flying under the radar until your next statement arrives. But, it will warn you about that 56 inch TV you just purchased in Florida while you're in California.

Also, as an FYI. I have my account numbers stolen off of a check a couple of years back. Multiple small online purchases were made. No $50 limit on damages like a CC, so I got screwed.


Top
 Profile  
Reply with quote  
PostPosted: Wed Feb 17, 2016 8:29 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
Coloranger wrote:

A note about "having fun with scammers" Many are upping the ante by "SWATTING" folks for messing with them. This just happened here

http://www.kktv.com/home/headlines/Stan ... 78141.html



If they are not afraid of pretending to be a federal agent why would they be afraid to SWAT someone. By the same token what is to prevent them from SWATTING their victims anyway.

It is unfortunate but it is the world we live in today.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 05, 2016 1:51 pm 
Offline
ZS Member
ZS Member
User avatar

Joined: Sun Apr 05, 2009 11:58 pm
Posts: 3757
Has thanked: 1549 times
Been thanked: 470 times
raptor wrote:
The IRS has admitted that its data breach was much larger than initially reported.

http://www.cnet.com/news/hackers-might- ... ouseholds/

Quote:
More than 300,000 households face "possible or potential" loss of their personal information to the electronic attackers, the agency said. That's more than twice the initial estimate of 114,000 households given by the IRS in May.


Unfortunately there is nothing a taxpayer can do if your data was compromised other than monitor your credit report. The likely use of this information is to file a fraudulent tax return claiming an over inflated refund amount in your name. The first hint of this will be a letter from the IRS instead of a refund check requesting that you repay said refund. Ultimately you should be able to clear up the issue but not without effort.

The IRS is saying they will notify affected taxpayers and provide credit monitoring services but considering the delay in even admitting the depth of the data breach that notification may be a while in arriving. If you or your tax preparer used the the tax transcript tool in 2014 or 2015 your odds of having been a part of the compromised data is high, not 100% but still high.



Both my state tax folks and the IRS were good enough to halt two short form applications from scammers trying to steal my tax refunds. Unfortunately for the rest of my life I will have extra work when filing in order to keep things legit. In the last year I have had four attempts to set up false credit cards. I highly recommend that everyone get the 7 year notification of fraud attempts placed on Transunion, Experian and Equifax. You can also file one with National Consumer Telecom & Utilities Exchange (NCTUE) http://www.nctue.com/Consumers. If you have had similar bad experiences be sure to go to your local police station and file a report.

_________________
Most of my adventures are on my blog http://suntothenorth.blogspot.com/" onclick="window.open(this.href);return false;
My Introduction With Pictures: http://zombiehunters.org/forum/viewtopi ... 10&t=79019" onclick="window.open(this.href);return false;
Graduated with honors from kit porn university


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 05, 2016 9:08 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
I am impressed that both caught the fraud attempts. I have assisted a couple of people this year and last year who were not so fortunate.

Although the Feds do seem to have more practice fixing issue lately.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 05, 2016 10:20 pm 
Offline
ZS Member
ZS Member
User avatar

Joined: Sun Apr 05, 2009 11:58 pm
Posts: 3757
Has thanked: 1549 times
Been thanked: 470 times
raptor wrote:
I am impressed that both caught the fraud attempts. I have assisted a couple of people this year and last year who were not so fortunate.

Although the Feds do seem to have more practice fixing issue lately.


Usually I file a 5 foot high stack of paper and it is always late. :D I can imagine that when a 1040EZ showed up in my name even the Feds knew it was suspicious.

_________________
Most of my adventures are on my blog http://suntothenorth.blogspot.com/" onclick="window.open(this.href);return false;
My Introduction With Pictures: http://zombiehunters.org/forum/viewtopi ... 10&t=79019" onclick="window.open(this.href);return false;
Graduated with honors from kit porn university


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 06, 2016 10:20 am 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
teotwaki wrote:
Usually I file a 5 foot high stack of paper and it is always late. :D I can imagine that when a 1040EZ showed up in my name even the Feds knew it was suspicious.


As long as there is an extension it is not late. :D

That said the people who file on or before Oct 15 with an extension are frequent targets because it gives the crud ID crooks that much longer before the crime is detected. The good news (at least if can call it that) is late filers are generally not counting on a fast refund. The last person I worked with took about 4 months to clear up the fraud issue and get the proper return filed and refund processed.

This is huge and growing ID theft issue. If you look at your tax return it has basically your entire life information on it. It is a treasure trove of data for a thief. That and the documents people frequently throw away after doing their taxes are jackpots for dumpster divers.

However, the latest issue is crooked tax preparers who do your tax return and then either sell the data or efile a tax return with a bogus huge refund amount to a 3rd party. They simply replace your bank account information with a cohorts' bank account information. The large refund goes to the cohort and they split it. The tax preparer packs up shop and you never see him/her again. when you go online to check the refund status it shows your return is filed and in process. You do not discover the scam until you miss the refund.


A couple of suggestions.

If you use a tax preparer make sure they are a CPA or an Enrolled Agent and have been in business for a few years.

Check your return carefully, including any banking information if there is a refund. The safest thing to do is apply the refund to next year's taxes and reduce your current year tax payments.

If you efile make sure the preparer give you a copy of the EFILEconfirmation.

If you do not use a preparer but rather software like TurboTax be aware that there have been glitches with the software and efiling. The safest thing to do is to print a copy and mail in the tax return (certified mail and obviously before the due date).

If you mail a tax return, take it to the main post office and hand it to the clerk inside and get the certified mail date stamped. This has two benefits. The receipt constitutes lawful proof of mailing and it makes it very unlikely that the tax return will be stolen form the mailbox.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 11, 2017 4:07 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
This news popped up while most of us were looking at Hurricanes Harvey and Irma. Granted financial fraud is not as exciting as hurricanes it can be hazardous to your financial health.

The Equifax data breach is likely one the largest and comprehensive breach of financial data to date. It is real problem for consumers because the golden data of name, DOB, social security number and address for the consumers were accessed. With this data anything is possible. In fact it is so severe that their insurance policy for this risk is likely to be inadequate.

https://www.bloomberg.com/news/articles ... cyber-hack

There are already class action suits being lined up and rightfully so. The data that Equifax has was collected without our explicit consent albeit with approval for the most part and since it was obtained by member businesses sharing data, then aggregated and sold for a profit. Equifax had a significant duty to safe the data. They failed and now they will likely lose any lawsuits brought against it.

The IRS breach in 2015 was pretty bad in that the attacked targeted the transcript function the IRS provides.

However that is Equifax's problem. Your problem is what do you do now?

First thing is find out if you are affected.

https://www.equifaxsecurity2017.com/

If you are affected read the site and look at the credit monitoring service they are offering.
You also consider of some of the other non-Equifax services.
Unfortunately this data can be a real issue and a true PITA if it is misused.

FWIW my wife and I were both included in the data breach.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 11, 2017 9:43 pm 
Offline
* * * * *
User avatar

Joined: Wed Feb 10, 2010 8:16 pm
Posts: 11348
Has thanked: 71 times
Been thanked: 574 times
Quote:
There are already class action suits being lined up and rightfully so.


Likely to be among the most expensive in US history, being resolved around the time of my death 35-45 years from now (if all goes really well). Young lawyers starting out this year will be retired before it is all over. But... very rich.

Meanwhile everyone else will get a couple of years of free credit monitoring, maybe... and a lifetime of credit identity theft schemes.



I will note that I have had two active attempts earlier this year. Likely these were linked to the to the theft of PI from the security clearance hack. Before that I had zero in my entire life. Nothing was taken but one of the schemes was quite ingenious.

Welcome to the new normal.

_________________
"Big Thanks - I promise to advance your agenda within the secret and omnipotent councils of the Trilateral Commission"

“No-one likes us, we don’t care.”


Top
 Profile  
Reply with quote  
PostPosted: Tue Sep 12, 2017 4:34 am 
Offline
* * *
User avatar

Joined: Wed Mar 05, 2008 3:07 pm
Posts: 521
Location: North Carolina
Has thanked: 9 times
Been thanked: 48 times
One of the potentially cheaper options than paying for a credit monitoring service is to place a freeze on your credit report from all the agencies. In many states you may have to pay a fee (usually around $10 to place a freeze, $5 to lift it) to each of the agencies, for each individual, so that can get pricey by itself, but if you aren't planning on applying for new credit lines or loans in the next couple of years, it might cost less than a credit monitoring service.

I signed up for the TransUnion TrueIdentity service, which has a free tier and a premium tier, but the free tier is worth a look for two reasons. First, you can "lock" and "unlock" your TransUnion credit report unlimited times, instantly, for free. This is supposed to work as an alternative to placing a "freeze" through them, and while it sounds materially the same, it doesn't seem to be technically the same (maybe someone who understands the differences better could help explain the nuances there). Secondly, it lets you request a up-to-date TransUnion credit report anytime, for free.

So far, it seems like a nice tool to help keep an eye on things, albeit with only one agency at the free level.

_________________
Rahul Telang wrote:
If you don’t have a plan in place, you will find different ways to screw it up

Colin Wilson wrote:
There’s no point in kicking a dead horse. If the horse is up and ready and you give it a slap on the bum, it will take off. But if it’s dead, even if you slap it, it’s not going anywhere.


Top
 Profile  
Reply with quote  
PostPosted: Fri Sep 15, 2017 8:32 am 
Offline
ZS Member
ZS Member
User avatar

Joined: Mon Aug 22, 2005 2:48 am
Posts: 3079
Location: Des Moines, Iowa
Has thanked: 543 times
Been thanked: 148 times
From NPR: After Equifax Hack, Consumers Are On Their Own. Here Are 6 Tips To Protect Your Data
Quote:
After Equifax Hack, Consumers Are On Their Own. Here Are 6 Tips To Protect Your Data September 14, 2017 4:34 PM ET By Yuki Noguchi

Massachusetts Attorney General Maura Healey, who plans to sue Equifax, called the breach "the most brazen failure to protect consumer data we have ever seen."

When it comes to dealing with the aftermath of Equifax's massive data breach, it'll be up to consumers to be on guard against data thieves, experts say.

Last week, the credit-rating company disclosed that it was hacked earlier this year, leaving 143 million U.S. consumers' personal information exposed. Equifax now faces numerous lawsuits, a huge stock price hit and several state and federal investigations.

Its slow and incomplete response continues to anger people all over the country, leaving many consumers wondering what — if anything — they can do to protect themselves if the company tasked with safeguarding their credit can't even make its phone lines operate.

Lisa Gerstner has been tracking Equifax's bungled response, both as a possible victim and as a writer for Kiplinger's Personal Finance.

"The call lines have been flooded to them; I think their call centers are overwhelmed," Gerstner says. "When I tried to call it last Friday about it, I got a busy signal then it hung up on me, so I went online."

But there, too, as of Thursday, problems continued with Equifax's website, with some users encountering system error messages. The company says that as of Tuesday, 11.5 million people had signed up to monitor their reports.

Quote:
It's the same company selling us services to protect ourselves that's now given up our data.
Lisa Gerstner, a writer for Kiplinger's Personal Finance


Equifax declined an interview. It has tried to respond to public outcry, removing legal language on its site, for example, that appeared to waive consumers' rights to sue.

It has also had to explain why executives sold off company stock days after the breach and why it took Equifax over a month after discovering the problem to disclose it to the public.

Gerstner was also offended by Equifax and other credit agencies' attempts to capitalize on the traffic by selling data-protection services, "which I think is also something that makes this Equifax breach galling to people ... it's the same company selling us services to protect ourselves that's now given up our data," she says.

It's not just consumers and investors coming down hard on Equifax. Legal and political powers are also demanding answers and justice.

Massachusetts Attorney General Maura Healey, who plans to sue the company, called Equifax's breach "the most brazen failure to protect consumer data we have ever seen." Several other states and the Federal Trade Commission have said they have opened their own investigations. Members of Congress have demanded criminal investigations and a full accounting of what happened.

Meanwhile, security experts say the burden will fall mostly on consumers to manage the aftermath.

"The tools that consumers have are things they have to do themselves," says Robert Schoshinski, assistant director of privacy and identity protection for the Federal Trade Commission. (He says his agency's IdentityTheft.gov site is a resource for concerned or affected consumers.)

Freezing your credit — a service Equifax says it is offering temporarily free of charge — can protect against people trying to establish new accounts. Experts also urge consumers to regularly check their credit reports, monitor every bank statement, put fraud alerts on credit cards, and file tax returns as early as possible to try to prevent fraudulent filings.

When it comes to consumer measures, Avivah Litan, a security analyst with Gartner, is an even bigger pessimist — or realist — depending on your point of view.

"This was a horrible event, but this data has already been leaked," she says.

Litan says freezing credit prevents fewer than 5 percent of financial crimes. Sadly, she says, because the three credit agencies have a virtual monopoly, there are no decent alternatives.

Doug Johnson, a vice president and cybersecurity expert at the American Bankers Association, says, "There's never complete certainty associated with any security measure." Freezing and monitoring accounts may help, he says, but "it's all incremental."

Consumers like Jacob Palenske of Dallas now take a different approach.

"The change now is that because I feel like there is no such thing as true privacy when it comes to data, that instead of depending on, and trusting the organizations that I give my data to to keep it protected, I've taken that upon myself now to say, 'All right, I have to be very proactive and not assume that they are protecting it.' " Palenske says.

And that, experts say, is unfortunately about all you can do.

What You Can Do To Protect Your Credit Data

Here are steps that you can take to protect your personal information from being misused:

Find out if your information may have been exposed. You can do this by entering your last name and the last six digits of your Social Security number at Equifax's website. The site will tell you if you've been affected by the data breach.

You can enroll for a free year of credit monitoring. Whether or not your information was exposed, U.S. Equifax consumers are eligible for year of free credit monitoring and other services. The site will give you a date when you can come back to enroll.

Contact the nationwide credit reporting companies and review your free credit reports from each of them. You are entitled to a free credit report every 12 months from each of the three major consumer reporting companies (Equifax, Experian and TransUnion). You can request a copy from AnnualCreditReport.com.

Be sure to monitor your accounts for any unusual activity. Accounts on your credit reports that you didn't open, incorrect personal information on your credit reports, and credit inquiries from companies you've never contacted are all potential signs of fraud or identity theft.

Consider placing a credit freeze. Placing a credit freeze on your reports makes it more difficult for a thief to open a new account in your name. Remember that a credit freeze cannot prevent a thief from making changes to your existing accounts.

Consider setting a fraud alert. This requires creditors to verify your identity before issuing a credit card, opening a new account or increasing a credit limit on an existing account. A fraud alert will not prevent a lender from opening credit in your name the same way a freeze does, but it does require lenders to take additional steps to verify your identity first.
—Emily Sullivan

_________________
Matthew Paul Malloy
Veteran: USAR, USA, IAANG.

Dragon Savers!
Golden Dragons!
Tropic Lightning!
Duty! Honor! Country!


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 21, 2017 11:50 am 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
Equifax did it yet again.

They mistakenly posted a link to a bogus website in an online post. :roll:

https://www.theverge.com/2017/9/20/1633 ... monitoring

This is a link to the correct website.
https://www.equifaxsecurity2017.com/

You have enter your name and full SS# to see if you have been affected. Be very careful to ensureyou are on the correct web site since this is outside of the Equifax site.

When I go to the incorrect site my security software blocks it but do not rely on the software to protect you.


You should review your credit reports and take actions to protect yourself. The compromised data is more than enough data to file fraudulent tax returns for you. Put a reminder to file as early as possible next year. If a fraudulent return is filed any refund you may expect can be delayed up to 12+ weeks.

If you routinely lend the .gov your money interest free to get a large refund and your data is compromised you should seriously consider adjusting your payroll tax withholding or estimated tax payments to minimize any refund of your overpaid taxes ASAP.









Sorry I need to rant...

So Mr. Equifax you collected data (very confidential personal data) without the explicit consent of the people you are monitoring. Yes, you did get this data from paying members who had permission to have the information and permission to share it but you aggregated, stored and disseminated this information and received fees for doing so.

So please tell me why you did not use your "best efforts" to ensure security of this data?

Also while you are at it please tell me why not only Equifax but your members who shared this data with Equifax should not have pay for credit monitoring and protection service for all people affected for their lifetime?

That and pay for any costs associated with fraud from any of this released data.

Equifax and all of its reporting members need to get out thier check book


End rant.



Then there is this:
http://fortune.com/2017/09/18/equifax-earlier-breach/

I would note a criminal investigation related to the breach and other activity by the company officers is underway.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Thu Sep 21, 2017 1:16 pm 
Offline
* * *
User avatar

Joined: Wed Mar 05, 2008 3:07 pm
Posts: 521
Location: North Carolina
Has thanked: 9 times
Been thanked: 48 times
Yeah, the really humiliating thing is that Equifax set up a completely separate domain (e.g. equifaxsecurity2017.com) rather than simply creating a new subdomain on their official domain equifax.com. Not only is that the less-obvious choice from a web design standpoint, but it makes it embarrassingly easy to fake, and impossible for legitimate customers to know that it is real, since it isn't related to their official site at all. I thought the same thing - "Is this real?" - about the URL they specified (the real one) when I saw it the first time.

Equifax failed hard on so many levels of cybersecurity, including a lot that would be in the 101 curriculum, next to don't make your passwords "password", etc. It is pretty sad.

One of my favorite quotes from (https://www.nytimes.com/2017/09/20/business/equifax-fake-website.html) about this incident was:
Quote:
Mr. [Rahul] Telang said Equifax’s actions suggested that the company had never anticipated or planned for a data breach.

“If you don’t have a plan in place, you will find different ways to screw it up,” he said. “Equifax is just a perfect example of that.”

I like the first part of that quote, since it is very ZS-esque.

_________________
Rahul Telang wrote:
If you don’t have a plan in place, you will find different ways to screw it up

Colin Wilson wrote:
There’s no point in kicking a dead horse. If the horse is up and ready and you give it a slap on the bum, it will take off. But if it’s dead, even if you slap it, it’s not going anywhere.


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 04, 2017 1:36 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15647
Location: Greater New Orleans Area
Has thanked: 845 times
Been thanked: 473 times
The Yahoo breach was not as troublesome as the IRS, Equifax and other but still this update is amazing in teh magnitude that and A class IT provider was owned by hackers.

https://www.yahoo.com/finance/news/yaho ... 35618.html

Quote:
Yahoo says all 3B accounts were impacted by 2013 breach, not 1B as thought


That is billion with a "B" users were affected. 100 % of them.


It seems the only way to have any chance of keeping data safe is to use the sneakernet, an air wall and and air gap your data. Even then it is only as safe as your people in whom you trust to keep it safe.

This is a link to a good article on what you can do if Equifax lost your data that does not rely on Equifax.

https://www.yahoo.com/news/7-tips-stayi ... 33421.html

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 04, 2017 3:03 pm 
Offline
* * * * *
User avatar

Joined: Wed Feb 10, 2010 8:16 pm
Posts: 11348
Has thanked: 71 times
Been thanked: 574 times
Yahoo has always been a throw away account for me. I never really trusted them. Of course i don't really trust anyone. I gave the US Government every bit of PID and bio-metric info on me there was and they fucked me over and gave it to the Chinese.

There is no such thing as safe. 15 years ago Bill Gates predicted this. He was not sure if it would lead to the end of ECommerce or not but it might.

_________________
"Big Thanks - I promise to advance your agenda within the secret and omnipotent councils of the Trilateral Commission"

“No-one likes us, we don’t care.”


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 47 posts ]  Go to page Previous  1, 2

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group