Equifax is ideally placed to help businesses if they experience a data breach
Yes... yes you are. Just not quite in the way you thought you meant.
Equifax hasn't found time for a houseclean and is making claims of authority and competence about security breaches that, following its own recent high profile breach, come off as pretty cringeworthy. An autumn 2016 whitepaper from Equifax - still available here at the time of publication – attempts to position the credit …
They should also advertise themselves as data experts. No one has even touched on the fact that their consumer data is a giant stinking ball of flaming crap. Wrong addresses, loans, bank and credit accounts on nearly everyone.
Little known fact that they charge consumers money to try to correct their data. Quite a scam to knowingly gather inaccurate data, fail to secure it, sell it to businesses, and then charge the consumer to correct their errors and to monitor their reporting.
"Equifax is ideally placed to help businesses if they experience a data breach. We have one of the largest sources of detailed consumer data in the UK."
I don't have time (OK can't be bothered then) to download the white paper to see how Equifax can help a business which experiences a data breach. If some one else does download it can you explain just how Equifax would be able to help? Surely if a company suffers a data breach they already have customer details so why would Equifax having these details help? Are Equifax offering a form of data restoration facility if a company's customer data is destroyed by the breach because in that case how would a company know which records have been destroyed?
Or, maybe, Equifax can tell them which of their customers might cause them grief (lawyers, politicians and other rich people) and so should be dealt with politely, helpfully and efficiently and which ones (everyone else) can be ignored or sent to a useless website,
A strategy I am assuming they are using themselves.
Sysadmins can't patch application libraries. Not if you expect the applications to work afterwards. You might get away with it with dynamically linked libc, but Java, Python or Go libraries (start praying if you use any stats or data science libraries) won't necessarily be backwards compatible and no sysadmin is going to know the subtleties of how each library call is used.
If you're lucky to have an application support team then it's their problem otherwise it's a developer problem.
It's not surprising that things like this happen when people who don't know what they're doing are employed for important jobs. Seems said Chief Security Officer's only qualifications are in Music, and nothing relating to any technology. Combined with her 'retirement' and subsequent attempt to expunge her information from the internet suggests she's trying to cover it up. Of course, she may have learned security herself, or picked the skills up on the job with no formal qualifications, but I doubt that someone who knows what they're doing, even with no official qualifications would then try to hide all their information.
http://www.marketwatch.com/story/equifax-ceo-hired-a-music-major-as-the-companys-chief-security-officer-2017-09-15
http://www.thegatewaypundit.com/wp-content/uploads/susan-mauldin-600x600.jpg
This industry is rife with people who are under qualified.
30 years ago.... to call yourself a software engineer, you needed to go to a college and graduate with a 4 yr degree in an accredited engineering program.
Today... its a job title.
When I look at resumes where someone who calls themselves an engineer who didn't go to school for engineering, I hammer them in the interview.
When I see a resume chock full of buzzwords, I hammer them to see what they know. How they handle stress. Note, I haven't made anyone cry... that's a feat that I've only seen happen once while my friend was interviewing someone.
30 years ago.... to call yourself a software engineer, you needed to go to a college and graduate with a 4 yr degree in an accredited engineering program.
In what jurisdiction was that?
Everywhere I've worked, it's always been a job title and nothing more. Most of the best jobs are. (See also: journalist, politician, forecaster, commentator, manager, director.)
Please, don't be an elitist idiot.
Back when Ms Mauldin went to university a degree was all about learning, academia and getting an education. It wasn't intended to be vocational training for a job.
Most people that age in IT don't have a degree at all, especially in the UK - only 20% of people even went to university - and it hasn't stopped them being effective at their jobs.
You're casting personal aspersions on someone based on your own prejudices. Stop.
In the of (th)UGA back in the day it was a 'university' were going to class was to sober up between binges and parties. If she was like most, her time in Athens was alcohol/drug induced haze. (The thuga bit is because the football team traditionally has a rap sheet that would make a mobster proud).
You're casting personal aspersions on someone based on your own prejudices. Stop.
Can there be any OTHER prejudices that should be considered?
I don't think so.
They are called hunches & heuristics and work pretty well.
This is also why people stay out of colored neighborhoods. It's not racism.
"the head of our Change Advisory Board was former air hostess"
The paths to follow for a change are located here, here and here.
Keep your Change Orders upright and follow the laminated instructions in the pouch in front of you.
Do not inflate your 'Panic, I've fucked my change' jacket unless instructed to do so by a Sysadmin.
Right - I'll be off to get a bloody good seeing to by the Captain. Carry on team.
Why would an air hostess necessarily be a bad choice for a CAB head? She wouldn't be making the decisions herself - it is more of facilitator role to get the people from technical, business, financial, etc. domains to reach consensus. Having an "outsider" in that role is probably not a bad idea.
She doesn't need to personally understand every detail about why making changes the weekend before year end closing is a bad idea, or why the business wanting to delay a critical Microsoft patch released early and out of cycle due to active exploitation is risking a breach. That's for business and technical people to understand - she just has to make them understand each other.
For someone used to soothing the angry flying public for years, dealing with heated arguments between people on the IT side and business side should be child's play!
This post has been deleted by its author
Westpac is using Equifax in Australia for credit reporting and felt sudden need to send following email on 7th of September
Hi DainB,
At Westpac, part of our service promise is a commitment to fix mistakes when we make them.
That's why we're writing to let you know that when opening your Westpac Reward Saver account we used Equifax (previously Veda Group Limited) to provide us with information to make a decision on whether to lend. Our required disclosure to you was not clear enough of our use of Equifax for this process.
No action is required from you and we apologise for any inconvenience caused. If you have any questions about what this means for you or need help with anything else, please feel free to drop into your local branch or call us on 1300 655 505.
Sincerely,
The Consumer Deposits Team
I am a Brit out here for a few days and this morning saw an Equifax ad on TV. It basically said "Do you know if your details are on the dark web for sale? Use our free search to check...". At no point did it say "because of us your details are on the dark web" nor did it make any indication that they may actually BE THE REASON.
You can bet that most people have no clue this has happened, and Equifax have turned this into a bloody marketing/advertising campaign to recruit new customers. Unbelievable really. I guess there needs to be a body who can hold them accountable and fine them accordingly...
"I guess there needs to be a body who can hold them accountable and fine them accordingly."
I don't know if anyone noticed after the financial crisis but a significant number of European banks and financial institutions got fined startlingly large amounts by the US authorities. And the Europeans coughed up without a fight. But I didn't see many or in fact any (I'm happy to be corrected) US banks being fined by European governing bodies for their part in starting the financial collapse. Equifax is a US firm so I'm not expecting any significant fining to happen.
Why is it the none of the "reporters" and none of the "Government agencies" have engaged their brain cells on this..............
Equifax upon first realizing this massive breach should have automatically put a freeze on all of their accounts and notified the two other credit agencies of the breach so they could keep an eye on it and freeze their associated accounts. Then instead of 140 million people scrambling to freeze their accounts, only a few million trying to get credit would be impacted by trying to un-freeze their accounts.
I would rather be told I can't get credit because the big-3 were acting proactively and locking all the accounts affected than worrying that someone may be stealing my identity until I pay the fees to freeze my accounts.
Equifax should have to pay for all of the fees associated with freezing all of the affected accounts at all three companies, period!
They could also have taken the route of putting a fraud alert on people's credit reports which wouldn't even bother those trying to get credit as a stop gap measure while they were busy screwing the pooch between when they discovered the breach and now.
I'll be sending the bill for my freezes at the other companies to equifax as well as a bill for the time it took for me to do it since it was considerable as the web sites and automated phone systems of both transunion and equifax fell over multiple times for me. Fortunately experian worked on the first go. I'm thinking somewhere in the $75-$100/hr range is a reasonable rate and if they don't pay I'll be happy to take them to small claims court.
I recommend everyone else hit by the breach do the same as it will be fun to watch equifax implode responding to 143 million small claims cases worth about $250 a pop. A rough calc shows that to be about three times their market cap of ~$11.2B
"I'll be sending the bill for my freezes at the other companies to equifax as well as a bill for the time it took for me to do it since it was considerable as the web sites and automated phone systems of both transunion and equifax fell over multiple times for me."
I hope you have more luck with this than I did trying to get Anthem to reimburse me for what I spent on postage and return-receipt certified mail to freeze my credit files after their breach was announced.
I can only take some cruel pleasure in the knowledge that what Anthem spent on the salaries of the bureaucrats for the time and effort it took to reject my claim was probably at least an order of magnitude more than the reimbursement I wanted.
Why is it the none of the "reporters" and none of the "Government agencies" have engaged their brain cells on this..............
One Answer: Trump
Follow on the answer: Trump has put billionaires and other people entirely unqualified people in charge of the government. He is making the FDA (Food & Drug Administration) into a political hack that you will no longer be able to trust any medication that is sold in the US. The others range from a person who is supposed to be in charge of education to one that wants to outsource education to other companies who want to run the system for profit. Another wants to close down our National Park system, like The Grand Canyon, or Yellowstone etc. Another one that has been put in charge of our Nuclear system to a person who wants to shut it down. This country will poison itself before the communist take over.
"Many of you will have read over the past week about the Equifax US hacking incident. I want to reassure you that ClearScore is not involved in this hack. Our systems and data remain secure.
Equifax have confirmed to us that no UK financial data was compromised in this incident."
Sent on 16 September, the day after Equifax admitted 400k UK people's data had been moved offshore by 'accident'
It's not that a music degree disqualifies you from being in charge of information/transaction security. It's just that such a degree is a contra-indicator.
Rather than a formal course of education and research into a technical area, you chose a degree that was decidedly non-technical. (Generally music degrees have negligible math requirements, I once took an excellent course in 'Acoustics' from Dr. Bose. Vanishingly few music majors had the analytic and numeric mathematics background to succeed with that material.)
What would qualify you? Doing work in the field that was publication level: Journal papers, conference paper, even a significant role in open source projects. Even at that the top level of management it's not just "people management", it's making having the background to understand what decisions are being made and when you are being misled by the middle managers.
At the time that I started my IT career (1978), Music was quite a common degree for other entrants. Personally I did Maths. Very few of my peers did a specifically computing degree.
I seem to remember that at that time Music was the most common non-STEM (we didn't call it that then) degree for computing professionals.
I seem to remember that at that time Music was the most common non-STEM (we didn't call it that then) degree for computing professionals.
That was when computing professionals were actually mathematicians or maybe engineers in electronics.
I don't see what Music has to do with any of this unless we are talking vocational college and a Moog synth.
To go a step further, one usually gets a degree in the subject that most interests them, and that especially applies when the field does not pay well, like music. If she is that enthused with music, then how likely is it that she takes much interest in a field like data security? There really isn't much cerebral overlap, is there?
Couple of rumors that I have heard....
Some interesting stock movements pre hack news release, so maybe a short sell money grab.
Their check if you have been compromised webpage gives different results for the same data.
Something tells me that this may not be the way to handle a security breach!
When it happened I checked on their site and they said they didn't believe I was affected. I later heard there were some initial issues with the site, so I checked myself again after getting the SSNs from my mom and dad so I could check for them as well. Still not affected, nor were either of them.
I think it was "up to 143 million people potentially affected", unless my family is just damn lucky. We all have a fairly lengthy credit history and high credit ratings, so it isn't like we wouldn't be in a major credit bureau's database. Maybe they only got people with last names up to 'R' or something...
In this case "most people" seems to have meant those senior execs who used that inside info to sell their stock ahead of the news.
I wonder how the rest of the employees who own stock in Equifax feel about their management? (Never mind the rest of us.) I wouldn't want to be one of them, alone in a room with one of the regular employees whose 401k balance took a hit.
Indeed, required NOT to be honest.
Marketing is required to cover up problems that would otherwise cause the share price to tank; that means marketing is REQUIRED to lie. It isn't an optional extra.
Anyway, who are you trying to fool? Obviously Equifax, while it certainly lies, has no responsibility whatsoever to the people who they rate; they are the PRODUCT not the CUSTOMER. The customer is the company that wants to know if the beef is good, the beef is the person with the credit rating.
Stop winging, live with it or change it.
Well, I can work around this breach. I've reached the point where I no longer need credit. What worries me is the thought of a data breach involving my insurance company. Over the years, my wife and I have acquired enough valuables (jewelry, gold, silver, coins, antiiques, etc.) to justify a big rider policy for coverage beyond standard homeowners' insurance. To get the rider, I had to itemize each asset and provide the address of where it is kept. That data now resides with the insurance provider. I have to believe that thieves would love to know who owned what, and where it was kept. I think there are a lot of us 'accidently affluent' retirees living in modest neighborhoods but holding substantial wealth, and we would be easy targets.
"30 years ago.... to call yourself a software engineer, you needed to go to a college and graduate with a 4 yr degree in an accredited engineering program"
You must be joking ... as I recall, at that time there were plenty of so-called 'software engineers' who had literally just wandered in off the street with zero qualifications, and accordingly many of them were absolutely clueless. There were also those had gone to so-called 'colleges', acquired so-called 'degrees' and were still absolutely clueless.