Where Are The Damned Handcuffs? (Equifax)

Market-Ticker ^ | Sept. 7, 2017

[Wolfie]

Where Are The Damned Handcuffs?

It's time to start locking people up and destroying businesses with federal criminal indictments.

The Internet has made many things very easy -- and fast. But it has also made many things quite-insecure, especially when corners are cut.

I can design and implement extremely secure internet-connected data facilities and services. I not only have done so they're in active use right now. Some are more-important than others, but all are important to me. Among other things my home is connected via same, never mind the work product I've developed for the last, oh, 30ish years when working on various pieces of computer-technology.

It has never been penetrated.

Do you know why? Because to get in you need cryptographic keys that you don't have, and as technology has advanced so has my willingness to regenerate said keys to keep step with same, along with taking proper security precautions with the necessary components to issue said credentials.

In other words I do my ****ing job.

Equifax did not. Nor did all of the other places that have had ridiculous data breaches over the last few years. Nor did the people who called me a couple of years ago in a panic because one of their "senior" IT people stripped the protection from their master key and stuck it on a network volume that was backed up to the cloud for convenience purposes. For the record, that person was not fired and the firm in question did not immediately re-generate all the keys issued by same.

So far I haven't read anything in the paper about them being compromised, but that doesn't mean they haven't been. It just means it didn't hit the papers.

Yet.

Equifax, along with Trans-Union and Experian, hold data on virtually every US Citizen over the age of about 18 and a large number of those who are not adults. If you have any sort of credit relationship with anyone they have a file on you. That file is indexed by something that until about 20 years ago was stamped on the face of said card "Not for Identification" -- your Social Security number.

Congress has permitted these firms to pervert that which it designated not for identification use, but only for the use of the Federal Government in administering retirement and disability benefits under the Social Security program, with the IRS having access to it so as to make sure your contributions to same were accurately recorded. Since deliberately turning its back on the outrageous abuse of same by private industry Congress has then gone even further and not only allowed and mandated its use by other firms, such as banks, for identification purposes it has effectively barred you from having any such account or access without same.

This, despite the fact that on the face of said cards until fairly recently it was explicitly stated: NOT FOR IDENTIFICATION as that was written into the original law that resulted in the issuance of same.

But what's even worse than that perversion for which every Congresscritter and Executive Branch member should be tried and imprisoned for the rest of their lives is what Congress and the Executive have not done since -- on purpose.

They have not enforced the law with regard to intentional and willful misconduct when it comes to cyber security in these large data stores nor do they give a damn about the material and incalculable harm these large firms inflict on consumers when your data is either stolen or misused because of their intentionally lax security. Further, the Congress and Executive allow effective extortion of every consumer in the nation by allowing these companies to charge you to freeze your credit, thus denying scammers access, they can charge you again to "unfreeze" it temporarily if you wish to obtain new credit and they deem said data "theirs" instead of "yours" which means you can't insist that they either not collect and store it or delete it.

See, proper security costs money and can be inconvenient. Having access to such data only when properly-secure machine certificates are used to encrypt same and all communication all the way back to a traceably-secure device would mean that "instant credit" decisions at millions of cash registers (e.g. to sell you a credit card while in the checkout line) could not be made.

Forcing these companies to allow consumers to turn "on" and "off" access to their credit files whenever they want, without cost, would mean that these companies couldn't sell your data to anyone and everyone who has a few bucks, and they'd have much smaller businesses than they have now. And prosecuting and jailing the executives of firms who put convenience for their customers, which are businesses -- not consumers -- ahead of security would mean they'd have no business at all. But at the same time it would make defending against someone opening a credit account in your name and stealing your identity very easy since you could disable access to your credit information any time you wish without having to pay to turn it on and off.

Because of how these firms operate and their business practices, choices they have voluntarily made, you get screwed -- again. This breach is so large and so egregious that no amount of "monitoring" and "credit watching" will do a damn thing. You're going to get ****ed as a consequence of this and your obsession with posting crap on Facesucker, Twatwaffle and Instrascrew instead of immediately demanding that strong, effective action be taken to put a stop to this crap.

The solution is to force Equifax to eat the cost of ANY fraud that ensues and all costs of its cleanup including liquidated damages for your time and effort on a permanent basis since they, and not you, decided to use an identifier never intended for that purpose and in addition they, and not you, were grossly negligent in failing to secure said data. In addition forcing all of these firms to allow no-cost lock and unlock options for consumers where locking your file at one bureau does so at all of them and can be done at zero cost at any time for any reason on a permanent basis would actually mitigate said risk. Finally, deeming any credit opened while you have locked your file as conclusively fraudulent and uncollectable with liquidated damages payable to you if someone does it anyway would shift the burden from you for said incidents to them.

And finally we can start by indicting right now the executives at Equifax who sold stock after the breach occurred and before it was reported along with indicting the company itself under federal Racketeering statutes -- they claim they didn't know but I call bull**** on that and demand an immediate felony criminal investigation of both the executives and company including but not limited to the immediate seizure of every single electronic device owed by said executives and the company that might hold evidence documenting that they're lying.

But instead of doing the right thing what we get is more mealy-mouthed bull****, and you, America, sit for it.

The breach is Equifax's fault.

The lack of immediate prosecutorial and policy response by the government is your fault, America, because you refuse to demand that it happen right damn now backed up by immediate and no-holds-barred protest, up to and including destroying all credit-issuing businesses through lawful economic action until the above occurs.

[Weirdad]

Great post, thank you.

This is a really big deal. It will also be the convenient excuse for practically anything that happens now.

I wrote a long page of comments and then realized that I was just writing another version of the article itself. One could go on and on about this.

So snippets...

I do think the credit unions now want EVERYONE to PAY THEM for credit monitoring. (And a government program to make payments to them for “the poor and vulnerable” will be needed too!)

What better way to get paid than to run their own credit monitoring service to make sure everyone is behaving, including them? “I’m kicking my ass!” (movie quote). CREDIT UNIONS and especially now Equifax HAVE CONSPIRED TO CREATE A MARKET FOR THEIR OWN CREDIT MONITORING SERVICES. Free at first, mandatory later.

Their requirement for agreeing to arbitration if you sign for the monitoring service is quite a concern also.

No source of loans or credit or even use of credit scores for rating insurance (etc) should use anything provided by Equifax.

Americans should also refuse to have anything to do with reports from ANY company (the other two) that does not assure us (with proof) that ALL their records are encrypted and better protected.

Equifax should now go out of business forever due to lack of public trust. And maybe they should be destroyed officially the same way that any criminal conspiracy is taken apart by authorities.

(And all the other stuff in the article too!)

Good riddance Equifax. I hope this snowballs into a movement so that things actually improve in these USA regarding credit bureaus.

[KeyLargo]

Class action complaint launched in Chicago federal court vs Equifax over data breach

by Scott Holland | Sep. 8, 2017

One day after it announced a data breach potentially affecting 143 million Americans, Equifax found itself on the other end of a federal class action complaint in Chicago.

On Sept. 8, Chicago resident Sean Neilan filed a complaint against Atlanta-based Equifax LLC, as a result of the July 29 discovery of unauthorized access to the credit reporting agency’s databases. The company announced the vulnerability Sept. 7, saying criminals accessed files from mid-May through the end of July, including names, Social Security numbers, birthdates, addresses and driver license numbers of millions of people.

The lawsuit is roughly similar to a class action lawsuit filed in Oregon federal court over the data breach on Sept. 7, the same day Equifax revealed the breach.

Neilan said he used a tool on the company’s website to determine the breach affected him and then filed the complaint because he “suffered from the deprivation of the value of his private information and will incur future costs and expenditures of time to protect himself from identity theft.”

According to the complaint, Equifax has information on more than 800 million people worldwide, and Neilan suggested high-profile data breaches involving Anthem, Yahoo and its competitor Experian means Equifax should have known it was a prime target for hackers.

“In fact, it makes many millions of dollars in profits convincing Americans to buy their credit protection and identity theft monitoring services to guard against such breaches and the damages they cause,” the complaint stated. “Despite this, Equifax failed to take adequate steps to secure its systems.”

read at:

http://cookcountyrecord.com/stories/511211094-class-action-complaint-launched-in-chicago-federal-court-vs-equifax-over-data-breach