Equifax
"Anyone who receives a letter from FlightAware saying they may be affected was offered two years of service via Equifax."
Oh so nothing to worry about there then, they have never "lost" customer info...
Popular flight-tracking app FlightAware has admitted that it was exposing a bunch of users' data for more than three years. It made the admission via a notification filed last week with Rob Bonta, California's attorney general, saying the leak began on January 1, 2021, but was only detected on July 25 of this year. The …
I received the letter from FlightAware, No mention of Equifax.
All it says is:-
What Other Steps Can You Take?
If there is anything FlightAware can do to further assist you, please email our Customer Support Center at privacy@flightaware.com or write to FlightAware - Attn:  Privacy, 11 Greenway Plaza, Suite 2900, Houston, TX 77046.
That was the weird part cuz I've got a yearly subscription with them well I used to have a yearly subscription with them until 20 minutes ago, but they never needed my social security number.
They got you know they lost the last four digits of my credit card which is okay because it's been updated since like around last year or so so that won't matter.
But the social security number thing I don't get that at all.
Demanding stuff like that and then losing control at scale is something that should attract mandatory fines and damages (with the latter taking priority) sufficient to wipe out the company. Shareholders can sue the manglement - but not, as seems to be normal practice, themselves, to try to get some money back.
This post has been deleted by its author
Businesses here ask for all sorts of personal information if they can get it, and people are stupid enough to just toe the line and fork it over on the whim.
One of my doctors asked me for my driver's ID - err, no. Sorry, you're not getting it.
But the thousands of other patients? Forked it over just because they were asked.
I recently checked in for a hospital appointment, for me and only me. They asked for both my full SSN and that of my wife. We didn't provide either of them and my appointment still went ahead. I proved my ID with my drivers license and my health insurance with the appropriate card. That's all they needed. Just fishing for all they could get...
My hospital never asks for ID. I just show up for an appointment and they ask my name and DOB and I'm checked in. If you haven't done the e-checkin then they give you a tablet a fill out stuff to update your current medical situation but you can waive that off, or at least they let my 86 year old mom avoid it. It seems like it would be so easy for me to get medical services on someone else's insurance by making an appointment under their name and all I'd need to get seen was their DOB. I could get an elective procedure that they'd eventually get billed for rather than me! Not sure but if I got a prescription and had them fill it in the hospital's pharmacy I might be able to tell them to "bill me" for the co-payment and walk out the door with some expensive medications.
So while a hospital asking for your SSN is pretty extreme, I think there may be problems on the other end of the "identify yourself" spectrum. I'm sure you need to provide more information the first time you're seen at my hospital, but it appears as though once you're in their system there's an overabundance of trust.
Here in France we have a medical card (Carte Vitale) that says who we are and what our rights are (universal basic coverage, top up policy, etc). Doctors, hospitals, pharmacies, just hand that over. I was once asked for my passport because my card is an ancient one without a photo. The woman looked at the name and date of birth. Matched the medical card. All she was interested in.
We also have the GDPR that requires that information demanded is relevant, and not simply asked for because it can be.
One day my bank asked me questions about my job with the cheery justification, "We're just updating our records."
(No, you lying fuckers, you are not. The word 'updating' implies you have a particular piece of information to begin with. I certainly never gave you any info about my job; you're trying to deceive me into giving you that info, now.)
I gave the clerk a brittle smile and cheerily intoned, "I don't give that out."
My credit card company annually asks for my income and debt information. It's so they can increase my credit limit despite me asking them not to. Despite being marked as "optional", there's no "no thanks" option, and they keep asking until you provide it. (Then repeat next year.)
At one point I got fed up and told them I had no income and paid $999,999 per month on my mortgage. It's been a couple years, and nobody's said a word.
Same in India, and maybe worse too, because the government makes just enough noises to make people think Aadhaar number is mandatory for various things (e.g., getting a SIM card), but in fact all they need is *some* form of govt ID.
I was asked for my Aadhaar number (aka Modi's version of "papers please" as far as I am concerned) to get a replacement SIM card. I refused and offered my drivers license. The semi-literate chap didn't know what to do and looked to his boss, who -- luckily (for me? for them?) -- seemed to know it was sufficient. But in the course of this episode I got to hear how "everyone gives it" and "he's never heard of anyone having problems with it" and so on.
I wonder if they've finally adopted that highly advanced security practice, you know, locking the doors after they leave for the evening.
Storing password hashes, rather than passwords is only as basic.
But, they're offering the same wonderful deal that OPM gave when they exposed every detail of every cleared DoD person, from SSN to well, the most intimate details of their lives and their fingerprints. Maybe next blunder, our entire genetic code can get leaked as well... Omitting one upside to the OPM debacle, with OPM at least I could apply for a PRC security clearance.
And one upside for me at least, this one doesn't impact me, as I never got an account with these children of unacquainted parents.
Hopefully, the fertility clinic cleans their test tubes better after these defectives were born.
Still, never fear. The CEO will get the golden parachute and a new career opportunity to move onto another company to perform a similar disservice, like the locusts that still plague crops in some parts of the world. If only we had the corporate version of DDT...
That's something I've wondered about. Do these "free" account accumulate so you actually get more time or do the likes of Equifax just pocket the money and treat it as "already got an account, 18 months left on, start the new one now so only an extra 6 months". If they add on and accumulate, some people might end up with "free" lifetime cover.
I too got an email from FlightAware as I'm feeding my Pi based ADSB receiver into their network. Luckily this gives me a free subscription so no financials involved however as a feeder there's some other info potentially exposed so not great. It seems as though FlightRadar24 is bigger on this side of the pond as they're EU based (the BBC always uses it for example) they've had DDoS type attacks before but no data breaches so far?