Equifax Lobbied for Easier Regulation Before Data Breach

Equifax Lobbied for Easier Regulation Before Data Breach
Equifax Lobbied for Easier Regulation Before Data Breach

Those fucking snakes. I hope the suit goes from $70 billion to 700.

Also interesting that I just went to Experian, because people are saying put a Credit freeze on your stuff, and Experian says they want $11.00 to do this. Screw you Experian. I'll see you all in court.

The US needs something like the Data Protection Directive and a National data protection authority

US personal data is sold bulk on the market and you (3rd person you) don't even realize it!

Would love to see them go bankrupt and most of their executive staff, especially their security officer put in jail.

Oh yea, this is America, they'll all walk and get a huge bonus!

"Equifax Lobbied for Easier Regulation Before Announcing Data Breach" -FIFY

Don't see that happening when our government votes to expand the selling of data (the ISP privacy thing from last year).

Reddit post yesterday said that if you file an Identity Theft report with local police, then that stuff is free. You probably have to send in paperwork though.

And it depends on the state you live in.

It still amazes me how easy identity theft is in to US... all because people refuse a National ID because "freedom", so the SSN is used as a ID even though it's not supposed to.

Seriously... It's easiest issue to fix. 1 - Just get an National ID... with all those high tech security measures like a photo. 2 - That's it.

Whenever you need to identify someone, use the National ID... that was made for that purpose... And it's easy to check to see if the person in the ID is the person you're talking to about opening that bank account.

You guys already use the SSN as a national ID anyway... why not make one specific for that purpose that would be more safe?

That million a year would have been a good start towards actually securing the data.

I wish there weren't government sanctioned monopolies because I'd make billions by selling a low cost, no data cap internet plan with built no-logging and free VPN services.

I recommend people give that small claims court bot a try. It'll supposedly handle the grunt work of suing them.

https://donotpay-search-master.herokuapp.com

Small claims in many jurisdictions are exempt from class action inclusion. So if we bury them in successful small claims, they can't scape goat out of it with a "slap on the wrist" class action settlement that does nothing but feed the lawyers.

One of three things need to happen to have meaningful legislation most of the time:

An elected representative is directly affected. Enough people are affected that elected representatives can't ignore it. Elected officials are threatened with not being reelected.

$15 total isn't enough to bicker with anyone over.

And that's how the rich fuck ya over, bit by bit.

It's absolutely insane that you should pay a fee to protect your identity. That shouldn't even be on the table. But you'll pay it, and won't call your senators or congressmen for legislation, cause it's not 'worth it'

I too think that voting without an ID is bonkers... But I understand that's because not everyone in the US has an ID. And people who don't is usually minorities.

So it's an easy fix. Get everyone above the age of 16 a National ID that the person has to carry with them all the time. That's it. It would solve so much problems and would create exactly none. (Except for nuts who thinks the FBI and CIA is after them)

Honestly... Last time I talked about the US having a obligatory national ID that everyone must carry with then... Was the right who were upset.

I think most liberals would be ok with a National ID system while most conservatives wouldn't.

Depends on the state. In my state it's $5 per bureau. $15 total isn't enough to bicker with anyone over.

Regulation is very useful.

So I heard on the radio that due to the data breach, I now have to Pay Equifax $5 if I want them to protect me from identity theft? What the what? shouldn't they do that for free?

Is said ID free? If not it becomes a poll tax.

Or at the very least, make the national ID have 2FA and a password.

It should also be illegal for a company to store the password. So we don't have a data breach leaking all of that as well.

If the ID is not free, it shouldn't be required. ID's are not free and everyone knows the right uses this as an attempt to disenfranchise poor people from voting. They don't even try and hide it look at their gerrymandering.

You could not be more wrong or uniformed. Perhaps you should research what you claim first.

But, but, Freedom!

But, but, "Number of the Beast"!

Despite the name, it's not identity theft if someone knows your personal information without your permission. It's identity theft if somebody uses your personal information and pretends to be you.

/u/spacednlost: You should probably not do a credit freeze unless you are already a victim of your identity being used, or you have some reason to believe that such use is imminent.

Consider a fraud alert instead. You should also get your free credit report from each of the monitoring agencies each year.

National ID is an idea of the left. It's opposed by the right.

by selling

Its a nice thought, however there is also the matter of cost based barriers to market entry. Which in no part is due to the cost of infrastructure needed to get there. The first step really outside of that would be to regulate the ISPS as the public utilities and critical infrastructure stakeholders that they are.

I made this throwaway specifically to talk about the Equifax breach.

I used to work for a company which was purchased by Equifax, so in effect, I worked for Equifax for about 4 years.

Now, it's important to note that Equifax allowed us a lot of autonomy, so some of what I'm about to say may not necessarily apply to the larger company we know for being a credit monitoring service. But we were definitely a part of Equifax. Equifax executives visited us. We were on the Equifax health insurance plan. Equifax's time off accrual and vacation policies applied to us.

The company was a complete clusterfuck of no one giving a shit. You would all be amazed at the lackadaisical attitude employees took toward other peoples' social security numbers. We would get phone calls to look something up, jot down a name and SAN, and there it sat. There was a policy, of course, against having SSNs at your desk. But no one cared unless a corporate executive was visiting. People had strangers' SSNs plastered everywhere.

As for the security of the data files, they were usually encrypted with a secret code which was changed every 6 months and only given out to those employees with a business need for them. However, regular reviews to ensure that those with access still needed access were not conducted. A coworker of mine lost access to several systems once because hee last name had changed due to getting married three years previously. That's how often they bothered to check who had access against who was supposed to have it. The secret codes were usually phrases from popular movies or television shows.

No one ever, and I mean ever, checked to see that you had legitimate reasons for opening the files you opened. I could have looked up everyone I ever knew, and no one would have noticed, stopped me, or questioned it.

Data files were sent and received every day Thousands of data files. Tens of thousands, probably. And sometimes, those files would fail to load because of a formatting error or other problem with the file. What was supposed to happen was that a department dedicated to contacting customers and helping them fix the processes that generated their files would reach out and help them fix the issue. In practice though, that group was often bogged down and didn't have the time to fix everything. So employees would quite often fix the file themselves to force it to load. Yes, they would directly manipulate data in the file in order to get it to load correctly into the system. Think about that. Typically it was removal of an invalid character or something equally innocuous, but there was no log or anything whatsoever that would hold the employee responsible for the changes they made. They could have changed literally anything in the file and it would never, ever, ever be discovered.

Employees could also email SSNs and send them to one another internally via instant messaging. Not some proprietary IM system with security lockdowns. No, this was on Skype. And they could easily accidentally send data to the wrong person.

A coworker once sent an entire data file with thousands of peoples' records to the wrong FTP server. She was just told to be more careful in the future.

Toward the end of my time working there, they made it impossible to use external drives in company computers. Before that, though, it was entirely possible to transfer all the files you wanted onto a USB stick.

Employees were not supposed to copy files onto their company laptops. They did anyway. They took those laptops home every night, as per company policy. Those laptops with thousands upon thousands of people's names, SSNs, salaries, addresses, and other personally identifying information just stored on their desktop, unencrypted.

They certainly didn't take data security seriously when I worked there. That's why I wasn't surprised at all about the hack.

Sometimes, it's "free" but inaccessible because of where and when you choose to allow these IDs to be issued. Like, you know, closing the sources down in all the (strangely segregated) black neighborhoods but leaving them open in the white ones.