Equifax breach

[bopajuice]

Do we know who did the hack? Are there any reports of the data being used yet? Has there been any documented cases of ID theft reported that is directly related to this breach?

 

[bradl]

Do we know who did the hack? Are there any reports of the data being used yet? Has there been any documented cases of ID theft reported that is directly related to this breach?

Not known yet. However, again, the least of the worry, and to be honest, slightly irrelevant. I say that, because searching for those is irrelevant to the fact that Equifax failed to keep their data secure, which lead to the entire issue to begin with.

And the problem we also have is that the lifespan of abuse from this data can go for at least the next 100-110 years. I'm saying that arbitrarily, based on the lifespan of someone born day-of-patch of the breach minus the time it takes for the Social Security Administration to generate a SSN for a newborn child. So for example, if a child was born a day after the breach was fixed, they should be safe. If a child was born n - 1 day from when the breach was patched, and a SSN was not generated for them, they should be safe. If a child was born n - x days from when the breach was patch, and a SSN was generated for them, they may have had their data compromised.

Keep in mind that Equifax also held SSNs, which while technically not PCI, is used for ID theft, and can be throughout the lifespan of the person holding the SSN. So that could be up to 120 years or slightly less (gauging off the longest time a human has lived).

BL.

 

[Cave Man]

If Equifax did not adhere to a true PCI environment, they will have bigger issues to deal with, as there are going to be even bigger ramifications to deal with. I'd even venture to say that if Equifax was not PCI Compliant, that would be the end of that company, period.

I have yet to see where Equifax has stated unequivocally that the stored data were encrypted on the hard drives.

 

[bradl]

I have yet to see where Equifax has stated unequivocally that the stored data were encrypted on the hard drives.

Like I said.. if they were not running that in a PCI-compliant environment, they will have even bigger issues to deal with, as that type of compliance is subject to annual audits, where they have to show the auditor that the data is truly encrypted, and a one-way encryption at that, meaning that when the data is received, it is immediately encrypted, with the original unencrypted files containing the data destroyed. Again, that type of compliance is required for such sensitive information as this. And if they weren't running a true PCI-compliant environment, that will truly be the end of their company.

To be blunt, you don't **** around with PCI, let alone PII.

BL.

 

[crayola21]

Is there a step to verify the trustedID premier account level 3 verification?
[doublepost=1510646085][/doublepost]

If you call in, how do you receive your PIN number? By email? Mail? Over the phone?

Hi man, the answer is all of the above
-email
-snail mail
-phone