. 24/7 Space News .
CYBER WARS
Massive bureau hack raises troubling questions
 By Rob Lever
 Washington (AFP) Sept 8, 2017


143 mn affected in hack of US credit agency
San Francisco (AFP) Sept 8, 2017 - A major American credit reporting agency entrusted to safeguard personal financial information said Thursday hackers looted its system in a colossal breach that could affect nearly half the US population as well as people in Britain and Canada.

Equifax said that a hack it learned about on July 29 had the potential to affect 143 million US customers, and involved some data for British and Canadian residents.

The Atlanta-based company disclosed the breach in a release that did not explain why it waited more than a month to warn those affected about a risk of identity theft.

Filings with the US Securities and Exchange Commission showed that three high-ranking Equifax executives sold shares worth almost $1.8 million in the days after the hack was discovered.

An Equifax spokesperson told AFP the executives "had no knowledge that an intrusion had occurred at the time they sold their shares."

Copies of SEC filings regarding the transactions were on an investor relations page at the company's website.

Equifax collects information about people and businesses around the world and provides credit ratings used for decisions regarding loans and other financial matters.

It also touts a service protecting against identity theft.

"The fact that it is a credit company that people pay to be protected from breaches, and now they have been breached... it feels like a betrayal of trust to a point," said Aires Security chief executive Brian Markus, whose firm specializes in computer network defenses.

He considered the breach "gigantic," made worse by the fact that Equifax stores extensive personal information about people and keeps it up to date.

Markus wondered what level of responsibility Equifax is going to take if stolen information is used for fraud or identity theft, and advised people to enlist credit monitoring services to alert them to trouble.

- 'Strikes at the heart' -

Equifax released a statement saying that it learned of the breach on July 29 and "acted immediately" with the assistance of an independent cybersecurity firm to assess the impact.

"Criminals exploited a US website application vulnerability to gain access to certain files," the statement said.

An internal investigation determined the unauthorized access occurred from mid-May through July 2017, according to the company.

Equifax said the hackers obtained names, social security numbers, birth dates, addresses and, in some instances, driver's license numbers from the database, potentially opening up victims to identity theft.

The company said credit card numbers were compromised for some 209,000 US consumers, as were credit dispute documents for 182,000 people.

Equifax vowed to work with British and Canadian regulators to determine appropriate next steps for customers affected in those countries, but added in the release that it "found no evidence that personal information of consumers in any other country has been impacted."

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," said company chairman and chief executive Richard Smith.

"I apologize to consumers and our business customers for the concern and frustration this causes."

He added that Equifax is reviewing its overall security operations.

Equifax said it had established a website to enable consumers to determine if they are affected and would be offering free credit monitoring and identity theft protection to customers.

The company is the latest to announce a major breach. Yahoo last year disclosed two separate cyber attacks which affected as many as one billion accounts.

It could be the worst-ever data breach for American consumers, exposing some of the most sensitive data for a vast number of US households.

The hack disclosed this week at Equifax, one of the three major credit bureaus which collect consumer financial data, potentially affects 143 million US customers, or more than half the adult population.

While not the largest breach -- Yahoo attacks leaked data on as many as one billion accounts -- the Equifax incident could be the most damaging because of the nature of data collected: bank and social security numbers and personal information of value to hackers and others.

"This is the data that every hacker wants to steal your identity and compromise your accounts," said Darren Hayes, a Pace University professor specializing in digital forensics and cybersecurity.

"It's not like the Yahoo breach where you could reset your password. Your information is gone. There's nothing to reset."

Some reports suggested Equifax data was being sold on "dark web" marketplaces, but analysts said it was too soon to know who was behind the attack and the motivation.

"This could be a mercenary group or it could be a nation-state compiling it with other data" for espionage purposes, said James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a Washington think tank.

"This is the kind of information I would go after if I were a nation-state, to set up psychographic targeting for information and political warfare."

- National security risks -

Peter Levin, chief executive at the data security firm Amida Technology Solutions and a former federal cybersecurity official, said he is concerned over the national security impact of the breach, which follows a leak of data on millions of US government employees disclosed in 2015.

"The implications with regard to national security are very large," he said.

Because most federal employees also have credit reports, "those people have now been hacked twice," Levin said, offering potential adversaries fresh data to be used against them.

"We've just given the bad guys a lot more information," he said. "Even if they didn't perpetrate the attack, they can buy the data."

An FBI statement said the US law enforcement agency "is aware of the reporting and tracking the situation as appropriate."

The breach raised numerous questions among experts, such as why the company waited more than a month to notify consumers after learning of the attacks July 29.

Some analysts expressed concern that a company with a mission to safeguard sensitive data allowed a breach of this scope to take place.

"Equifax knew it was a prime target for cyberattacks," said Annie Anton, who chairs the Georgia Tech School of Interactive Computing and specializes in computer security research.

"It's amazing that one flaw could lead to a breach involving 140 million people. They should have safeguards in place. Even if a breach happens, it shouldn't grow to that scale."

Even more surprising, Anton said, is that Equifax still used social security numbers for verification despite the known risks from storing these key identifiers.

Anton noted that she testified before Congress in 2007 recommending that credit bureaus be required to use alternatives to social security numbers "and it still hasn't been fixed."

Some details of the attack remain unclear, including whether the data stolen was encrypted -- which would make it harder for the hackers to monetize.

At least two class-action lawsuits on behalf of consumers were filed following the disclosure claiming Equifax failed to adequately protect important data.

Equifax "should have been better prepared for any attempt to penetrate its systems," said attorney John Yanchunis, who filed one of the lawsuits.

Separate lawsuits announced Friday meanwhile said Equifax may have violated securities laws by allowing three high-ranking Equifax executives to sell shares worth almost $1.8 million in the days after the hack was discovered.

An Equifax spokesperson told AFP the executives "had no knowledge that an intrusion had occurred at the time they sold their shares."

Equifax stock fell 13.6 percent in New York trades on Friday following the disclosure.

- How to respond-

The potential impact of the Equifax breach prompted some experts to suggest the government revisit the idea of social security numbers issued for life.

"The government should consider changing social security numbers since there have been so many breaches," Hayes said.

Levin added that he "would be in favor of issuing new social security," even though "it's a fraught political discussion."

Others said the US could follow a European rule set to take effect in 2018 requiring companies to notify consumers within 72 hours of a data breach.

"Companies will put more into cybersecurity if there are tough penalties associated with data breaches," Hayes said.

The House Financial Services Committee will hold hearings on the breach, committee chair Jeb Hensarling said while expressing concern over a "very troubling situation."

New York state attorney general Eric Schneiderman said his office was launching a formal probe to determine if Equifax adequately notified consumers and had appropriate safeguards in place.

CYBER WARS
EU defence ministers put to test in mock cyberattack
 Tallinn (AFP) Sept 7, 2017
 A major cyberattack targets European Union military structures, with hackers using social media and "fake news" to spread confusion, and governments are left scrambling to respond as the crisis escalates. This was the scenario facing a gathering of EU defence ministers in Tallinn on Thursday as they undertook a exercise simulating a cyber assault on the bloc - the first mock drill of its ki ... read more
Related Links
 Cyberwar - Internet Security News - Systems and Policy Issues

Thanks for being here;
 We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain.

With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords.

Our news coverage takes time and effort to publish 365 days a year.

If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor
$5 Billed Once

credit card or paypal
 		SpaceDaily Monthly Supporter
$5 Billed Monthly

paypal only


Comment using your Disqus, Facebook, Google or Twitter login.
Share this article via these popular social media networks
del.icio.usdel.icio.us DiggDigg RedditReddit GoogleGoogle

CYBER WARS
NASA Offers Space Station as Catalyst for Discovery in Washington

 Voyager Spacecraft: 40 Years of Solar System Discoveries

 Trump names former Navy aviator to head NASA

 The wackiest innovations at Berlin's IFA 2017
CYBER WARS
ISRO suspects pyro elements failed to separate rocket's heat shield

 Ariane 5 rocket aborts Guiana lift-off in final seconds

 Pentagon Will Have to Rely on Russian Rocket Engines Until Mid-2020s

 SpaceX tests first stage of 'world's most powerful rocket'
CYBER WARS
For Moratorium on Sending Commands to Mars, Blame the Sun

 Tributes to wetter times on Mars

 Opportunity will spend three weeks at current location due to Solar Conjunction

 Curiosity Mars Rover Begins Study of Ridge Destination
CYBER WARS
China, Russia to Have Smooth Space Cooperation, Says Expert

 Kuaizhou-11 to send six satellites into space

 Russia, China May Sign 5-Year Agreement on Joint Space Exploration

 ESA and Chinese astronauts train together
CYBER WARS
ASTROSCALE Raises a Total of $25 Million in Series C Led by Private Companies

 LISA Pathfinder: bake, rattle and roll

 Bids for government funding prove strong interest in LaunchUK

 Blue Sky Network Reaffirms Commitment to Brazilian Market
CYBER WARS
Van Allen probes survive extreme radiation five years on

 New microscopy method for quick and reliable 3-D imaging of curvilinear nanostructures

 Chinese video site offers virtual escape from 'boring' reality

 Non-thermal atmospheric pressure plasma treatment for leather products
CYBER WARS
Does the Organic Material of Comets Predate our Solar System?

 Earth as Hybrid Planet: The Anthropocene Era in Astrobiological Context

 A New Search for Extrasolar Planets from the Arecibo Observatory

 Gulf of Mexico tube worm is one of the longest-living animals in the world
CYBER WARS
New Horizons Video Soars over Pluto's Majestic Mountains and Icy Plains

 Juno spots Jupiter's Great Red Spot

 New evidence in support of the Planet Nine hypothesis

 Scientists probe Neptune's depths to reveal secrets of icy planets








The content herein, unless otherwise known to be public domain, are Copyright 1995-2024 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. General Data Protection Regulation (GDPR) Statement Our advertisers use various cookies and the like to deliver the best ad banner available at one time. All network advertising suppliers have GDPR policies (Legitimate Interest) that conform with EU regulations for data collection. By using our websites you consent to cookie based advertising. If you do not agree with this then you must stop using the websites from May 25, 2018. Privacy Statement. Additional information can be found here at About Us.