back to article Equifax fooled again! Blundering credit biz directs hack attack victims to parody site

You'd have thought that Equifax staff would be on their toes ever since the megahack that exposed the private data of over 143 million Americans but the corporation's social media certainly haven't got the message. When news of the hack was published on September 7, over a month after its scale had been discovered, Equifax set …

  1. Wensleydale Cheese

    You. Could. Not. Make. This. Up.

  2. ElReg!comments!Pierre

    Both domains went dark ?

    securityequifax2017.com refuses connections, and securityequifax.com now redirects to a parking page.

    1. Alister

      Re: Both domains went dark ?

      securityequifax2017.com was the one Nick set up, securityequifax.com was never registered.

      The real one is equifaxsecurity2017.com.

      1. bombastic bob Silver badge
        Mushroom

        Re: Both domains went dark ?

        article: "has since been blocked by Google"

        Alister: "The real one is equifaxsecurity2017.com."

        yeah, I _HOPE_ google doesn't wield THAT kind of power...

        It should stay there, for parody/comedic purposes. I laugh in their general direction over at Equifax. I'm tired of companies like that slurping my personal information. They "get it wrong" more often than not. Try applying for a loan some time when there are errors on your credit report...

        1. Will Godfrey Silver badge
          Unhappy

          Re: Both domains went dark ?

          Been in that position too. It's hopeless. the only thing you can do is wait years for the erroneous entry to become stale.

  3. wolfetone Silver badge

    Pointy haired boss, from Dilbert, would never be this incompetent.

    1. big_D

      Scott Adams' imagination couldn't contemplate such idiocy

      1. Anonymous Coward
        Anonymous Coward

        idiocy? imagination?

        "Scott Adams' imagination couldn't contemplate such idiocy"

        So? Dilbert is a set of HOWTOs for management, isn't it? It's not idiocy, it's management best practice, surely?

  4. Doctor Syntax Silver badge

    "Given that Equifax is trying desperately to avoid a full-scale investigation into its business practices"

    Equifax's whole business depends on persuading other businesses that they really know what they're doing when it comes to handling data. It's all going terribly well.

    1. Pascal Monett Silver badge

      From where I sit, it looks like a full-scale investigation is exactly what is needed.

      1. Anonymous Coward
        Anonymous Coward

        When this thing first exploded, I read a report that the two top execs had allegedly started selling off their stock as soon as they realized what they had done. It would explain why they waited a month to let everyone else know.

        If that's what actually happened, I believe they could be charged with defrauding those who bought that stock. Sure hope so.

      2. VinceH
        Mushroom

        "From where I sit, it looks like a full-scale investigation total annihilation is exactly what is needed."

        FTFY

      3. StheD
        Mushroom

        Followed by tarring and feathering.

        1. handleoclast

          Re: Tarring and Feathering

          @StheD

          Tarring and feathering isn't good enough. Here's my recommendation:

          1) Use a rusty, blunt penknife to skin them.

          2) Spray them with vinegar.

          3) Roll them in salt.

          4) Then really hurt them. The first three steps were just a warm up.

  5. Dr Who

    What I want to know is whether lenders are still consulting Equifax credit checks when extending credit to private individuals. The scale of technical incompetence at the company is clearly so huge that, breach or no breach, their credit scores cannot possibly be trusted. I suspect their credit scoring algorithm is something like :

    int value = rnd.Next(10, 100);

    or is that a bit too sophisticated?

    1. Anonymous Coward
      Anonymous Coward

      Sadly, yes, lenders are still using Equifax. I have a loan app in progress that was started after the breach was announced. Very disappointed to see my credit report pulled from Equifax...and with inaccuracies. Thankfully not identify theft oriented inaccuracies....yet.

    2. Anonymous Coward
      Anonymous Coward

      Try:

      int x = rnd.Next(-37, 123);

      int y = rnd.Next(20, 432);

      int z = rnd.Next(-100, 10);

      x, y and z are then used randomly throughout the credit check process.

  6. big_D

    How

    can this company still be in business?

    1. Zippy's Sausage Factory

      Re: How

      Give it time. About a month or two should do it I reckon.

    2. Anonymous Coward
      Anonymous Coward

      Re: How

      can this company still be in business?

      It's the tip of an iceberg.

      1, Lenders basing rates on potentially inaccurate data

      2. Debt collection agencies adding ridiculous penalties which can be knocked back by the courts

      3, Trading in those inflated debts

      There's a whiff of subprime crisis here.

    3. Anonymous Coward
      Anonymous Coward

      Re: How

      It's a large ship with a big hole.

      Sinking time will vary...

  7. Alan Brown Silver badge

    1 month to disclose it

    72 hours for Equifax execs to dump stock.

  8. ukgnome

    Equifucked

  9. Neil McCauley
    Trollface

    It's fail all the way down.

    The pisstake website rickrolled the user if you clicked the FAQ link.

  10. Paul Hovnanian Silver badge

    Why a new domain name?

    Why not security.equifax.com? Or equifax.com/security?

    The former is under the control of the owners of the equifax.com domain and the latter can be covered by the same https certificate as the parent site.

    Oh yeah. These people are idiots. Asked and answered.

    1. Mark 85

      Re: Why a new domain name?

      Oh yeah. These people are idiots. Asked and answered.

      Idiots indeed. And let's add "panic", "fear", and the resulting mayhem. The two steaming piles at the top were more concerned about their stock portfolio than the company.. that's obvious. So add "no leadership". I imagine the IT area is in heavy turmoil due to the outsourcing and no one really having a clue. All they can do is react and probably not with any kind of logic at this point.

      Now if this seems sympathetic.. it's not. I have sympathy for the grunts in the trenches but none whatsoever for the clowns in charge.

    2. Anonymous Coward
      Anonymous Coward

      Re: Why a new domain name?

      Pretty obvious why. They knew the site would get a huge number of hits, and knew their existing web servers couldn't take the load. They probably had clueless admins who thought the only solution was registering a new domain and getting external hosting.

      What they should have done is talk to someone like akamai. They could have had a link prominently displayed on their home page to take them to the site that does the testing, and it could have been a subdomain of their own - like security2017.equifax.com or whatever. That would have made people a lot more comfortable, and prevented a lot of this horseshit.

      Can't believe their IT team didn't contact someone for help instead of trying to figure out how to host this high demand "check if you are affected" site on their own!

      1. Adam 52 Silver badge

        Re: Why a new domain name?

        They did go to someone like Akamai - CloudFlare.

        I suspect this who episode was handled by a corporate PR or marketing team, who didn't involve the local techies (possibly fearing a premature leak, which would have been inevitable).

        Besides which if someone came to you and said "I've just lost shed loads of personal data, may I borrow your SSL certificate?" what would you do?

      2. handleoclast
        Coat

        Re: Why a new domain name?

        A better question would by why equifaxsecurity2017.com?

        Presumably because they expect to have a different major fuck-up in 2018. And yet another one in 2019. Etc.

        Of course, this strategy will fail. So they'll have to register equifaxsecurity2018q1.com etc. Or maybe equifaxsecurity2018january.com. etc.

    3. eldakka
      Coat

      Re: Why a new domain name?

      fail.equifax.com

      insecurity.equifax.com

      allyourbasesarebelongtous.equifax.com

      would have been better names

    4. phuzz Silver badge

      Re: Why a new domain name?

      "under the control of the owners of the equifax.com domain"

      Well, that's your problem right there ^

      I'd argue that a non-equifax.com domain makes the site more reputable, not less.

  11. colinb

    Lost for words

    Omnishambles..

    Clusterfuck..

    None of these seem to cover the ineptitude on display here. We need a new word.

    Equifax seem to be approaching the singularity of stupid, a collection of stupidity so dense no smart thought can escape from or indeed penetrate into.

    1. RosslynDad

      Re: Lost for words

      "Singularity of Stupid" is a phrase I intend to use everyday from now on.

    2. John G Imrie

      Re: Lost for words

      I thought we have a new word

      Equifax n. to screw up publicly and totally not to be confused with a Rattner.

  12. Anonymous Coward
    Anonymous Coward

    Clearly...

    The MFWICs* are too busy preparing their golden parachutes to worry about fixing the flaming wreckage they leave behind. Everybody from middle-management up is interviewing with other companies (esp. competitors) so that they can talk about "leading a top financial services company" before they need to add the words "right into an abyss of damnation."

    Same as it ever was.

    *MFWIC: Mother F(*+) What's In Charge

    1. Anonymous Coward
      Anonymous Coward

      Re: middle-management up is interviewing

      Any relevant profiles on LinkedIn that need archiving before they are updated?

      Just sayin'.

  13. macaroo

    Playing Games

    I object with these pointy headed individuals playing games with our most private information. I have conceited that most of my information has been leaked and resides on the Dark Web to be used and resold many times in the future. I have put security freezes on all of my accounts, but the existing CC account are still exposed.

  14. Eddy Ito
    Facepalm

    FFS

    Just turn off the lights already.

  15. YetAnotherJoeBlow

    Fireeye

    Several years ago, I told my client that you hire firms like that for PR; ie "The hack was sophisticated and most other companies would fail too." My client didn't believe me. I won't say what I did or when I did it, but I have some very loyal customers now.

  16. chivo243 Silver badge

    Equations

    Toilet Paper + Shoe = Equifax

    Foot + Bullet = Equifax

  17. Captain Badmouth
    Coat

    Careful me...

    I do not have internet banking for my major credit card nor my bank account. I do for cards which I use for internet purchases etc. The fact that I may have forgotten, or made a late payment hoists a red flag somewhere such that these bastards can gather info on me, and then hold that info. in an electronic colander administered by security personnel with no conception of the phrase, really grips my shit.

    Cash in the pocket from now on?

    1. Wensleydale Cheese

      Re: Careful me...

      "Cash in the pocket from now on?"

      Hang on to your cash. This dash to digitise payments is dangerous

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like