Kitz Forum
Announcements => Site Announcements => Topic started by: kitz on September 09, 2017, 04:28:01 PM
-
Considering there are ~49 million adults in the UK this surely has to be largest leak of personal data affecting British citizens.
Equifax stores the personal details of 44 million UK citizens. Information stolen includes names, addresses, DoB, & social security numbers. Other data stolen includes some drivers license details and credit card numbers. Many UK citizens will not realise their personal information has been stolen. Customers of many UK companies such as BT, British Gas & Capital One are thought to be amongst those who are affected.
Equifax discovered the breach of data which is thought to have occurred during the period mid May - July 2017 on July 29th, but have only this week disclosed details of the cyber attack to the public. The breach also affects ~143 million US customers.
More info - The Telegraph (http://www.telegraph.co.uk/technology/2017/09/08/equifax-hack-britons-data-watchdog-investigates-ukimpact-major/)
-
IMHO it's highly suspicious that that three senior executives at Equifax sold $2million of their company's shares on Aug 1st, just days after the company learned of the attack (Jul 29).
Not surprisingly Equifax shares have fallen since public disclosure last Thursday - Business Insider (http://uk.businessinsider.com/equifax-executives-sold-shares-after-the-company-learned-of-a-massive-hack-2017-9?r=US&IR=T)
-
This is one of those worrying events which none of us can do anything to alleviate. We can change passwords, but this isn't about securing access - the criminals have already got the information that's available. It's a goldmine of information to assist identity theft. :(
-
I find it very worrying, the data is extremely sensitive. As one report said on a scale of one to ten, this is a ten.
Whilst they could and should be fined, its too late because there is no going back and the data is out there. It will likely turn up on the dark web at some point.
As I said elsewhere I cant help but wonder if there was any more information leaked. Equifax's purpose is to store credit history. Would criminals be able to access that too. I'm assuming when they mention the fewer number which also have driving licence, & social security details etc leaked too, that they would be those who were direct customers with Equifax as that info is hardly likely to be of any interest to the likes of BT and British Gas etc.
-
Hi
I hope you don't mind, but there's one obvious thing which comes to mind (although I have not read the links sorry - this was reported on speedtester a few days ago), and that's passwords
Equifax would have a number of registered users (they ran some television adverts), and I still think a lot of users use same passwords for other areas, internet banking, eBay PayPal etc, which there account details will show they have
I would not be surprised if a lot of users had money taken
Also, thinking about talktalk, when they were hit, they helped users by letting them use the similar company to equifax (sorry the name I cannot remember sorry), so who is equifax to allow to look after users who details were taken
These are just some thoughts I had on the matter sorry
Many thanks
John
-
This is why you dont store this type of information on a internet accessible server, the amount of ID and documents I get asked for when registering on exchanges and payment services is unreal.
-
Update, from Beeb
http://www.bbc.co.uk/news/technology-41286638
I actually think the potential for catastrophe is being missed. At least one nuisance caller a few years ago, trying to sell pensions iirc, seemed to know an awful lot of accurate personal data about better half. It was clearly a genuine call, not a scam, so I persisted in demanding to know where they had got the data. They had got it from Equifax. Equifax in turn, pointed out that permission for data sharing is granted in the small print T&C of many bank accounts, insurance contracts, etc.
Above details are from my hazy recollections, details may be wrong, but pretty sure that was the general scenario. If that same Equifax data is made available to scammers, even though it may not contain actual credit card details, or passwords or whatever, I suspect the scammers will have a field day when next they go phishing. :o
-
There's an update on the Equifax UK site
https://www.equifax.co.uk/incident.html
-
A patch for the vulnerability in Apache Struts was available since March, the exploit started mid-May and was detected in July. Equifax waited until this month to make any announcements.
https://www.theregister.co.uk/2017/09/14/missed_patch_caused_equifax_data_breach/
-
As data breaches go, this must rank as the biggest so far?
https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
I only found out when I visited https://haveibeenpwned.com/ >:D
There's another on here https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire
-
Equifax Ltd. (UK) can now confirm that UK systems are not affected.
Regrettably the investigation shows that a file containing UK consumer information may potentially have been accessed
..
UK data being stored in the US between 2011 and 2016. The information was restricted to: Name, date of birth, email address and a telephone number
Seems to me they are trying to downplay the UK data loss. Name, DoB, Phone No & email is pretty serious in my book. "fewer than 400,000" is still a sizeable chunk for loss of personal data :(
-
name and dob alone is a nasty combination to leak.
-
Belated confirmation of details from Equifax.
https://www.equifaxsecurity2017.com/
-
According to that update there were at best very tardy in applying patches and at worst totally irresponsible as the bug was fixed in March 2017!
Stuart
-
Whilst not directly connected with the equifax breach, this site might be of interest
https://haveibeenpwned.com/ (https://haveibeenpwned.com/)
If you give it your email address(es), it will tell you if they are on known spam, spoof and exploit lists.
You can also sign up for (free) notifications if your address turns up in future lists.
It's your position to judge if signing up to this service makes you more or less vulnerable to being hacked!
But I've been signed up for a year or so, and had notifications that my email address has been found on hackers lists and various vulnerabilities)
Ian