Equifax: 15 million more at risk

Készült: 2017. október 11
Nyomtatás

Credit checking agency Equifax now believes that 15.2 million people in the UK were affected by the massive data breach that hit its US operation last month.

These individuals entered its database between 2011 and 2016, which suggests that potentially anyone in Britain who applied for a financial product requiring a credit check during that period could be caught up by the breach in some way.

Importantly, not everyone is affected to the same degree. The highest-risk group are 693,665 people (up from September’s 400,000 estimate) comprising the following groups:

  • 14,961 people who had “portions” of their 2014 equifax.co.uk membership details accessed, including user names, passwords, secret questions/answers, and partial credit card details
  • 637,430 people whose phone numbers were accessed
  • 29,188 people whose driving license numbers were accessed
  • 12,086 people who had an email address associated with their equifax.co.uk account in 2014

The company is now contacting these people by letter “to offer them Equifax and third-party safeguards” in the form of subscriptions to the company’s ID protection service.

What does this admission tell us about the scale of damage the breach will cause in the UK?

Let’s start with the large number of people not deemed high risk. The company states:

The balance of the 14.5m records potentially compromised may contain the name and date of birth of certain UK consumers. Whilst this does not introduce any significant risk to these people Equifax is sorry that this data may have been accessed.

In Equifax’s view, then, this group does not face significant risks despite an unknown number having personally identifiable data compromised (data that is often used by banks for security questions, for example). This assessment isn’t exactly reassuring.

The next concern is what Equifax plans to do to protect the nearly 694,000 people in the highest-risk categories.

Of these, 56,235 will be offered free subscriptions to the company’s Equifax Protect ID service that gives users unlimited access to credit files held on them as well as emailed reports of any new activity.

The company hasn’t confirmed how long this service will be offered free of charge, but the risk is likely to remain high for these individuals for many years to come.

The remaining 637,430 whose telephone numbers were accessed will also be offered a free “identity monitoring service”, although it’s not clear which one or for how long it will remain in place.

What the UK Information Commissioner’s Office (ICO) will make of all this is anyone’s guess, but it’s a reminder that one of the most serious data breaches ever to affect UK citizens happened in the US, beyond the oversight of this country’s data protection regime.

It’s not even clear whether 2016’s tightened EU-US Privacy Shield agreement, which governs how data on EU citizens should be handled when transferred by US companies, would have made a difference.

In the end, most of the 15 million Britons caught up in the great Equifax breach of 2017 will probably shrug their shoulders. Many will never have heard of Equifax, let alone been aware it held their personal data, and Equifax seems satisfied to have kept them waiting weeks for information.

Security expert Bruce Schneier recently summed up the strange situation “customers” find themselves in with the following observation:

Markets work because buyers choose between sellers, and sellers compete for buyers. In case you didn’t notice, you’re not Equifax’s customer. You’re its product.

Judging by the response we’ve seen, people in US have certainly noticed, but we aren’t holding our breath for reform there either.


Source: Naked Security

Hozzászólások

Hacktivity 2014

Események

Nincs esemény létrehozva még.

mySec talk #7 (ITBN)

A frissítés nélkül hagyott szoftverek magas aránya még mindig aggodalomra ad okot

A Secunia biztonsági cég jelentése azt mutatja, hogy az Egyesült Államokban rengeteg frissítés nélküli szoftver

Önmegsemmisítő Facebook- és Twitter-üzeneteket és fotókat kínál a Dstrux

Egy cég, amely az üzleti dokumentumok biztonságba helyezésével foglalkozik, egy „Mission: Impossible” jellegű ö

Új titkosítási szabvány kerül bevezetésre az Apple-nél és a Google-nél

Az Apple azon bejelentésének nyomán, miszerint egy olyan fejlesztést eszközölnek az iOS8 operációs rendszerükön,

Az FBI igazgatója szerint az Anonymous veszélyesebb, mint az al-Kaida

Múlt héten rendezték meg San Franciscóban az RSA biztonsági konferenciát, ahol az FBI jelenlegi igazgatója, Robert Mueller

CEO vs. CISO, avagy a biztonság két szemüvegen keresztül

A vállalatok igazgatói továbbra is nagyon eltérően tekintenek a kockázatokra és a védelmi teendőkre, mint a biztonsági v

Alig egy hét múlva Hacktivity

Október 21–22-én, immáron 13. alkalommal gyűlnek össze az etikus

Az Index.hu újságírója lett az „Év információbiztonsági újságírója”

A Hétpecsét Információbiztonsági Egyesület 2006-ban alap&iac

Boldog Új Évet Kívánunk! - 2016.

Az Antivirus.blog nevében Minden Kedves Olvasónknak Egészségben, siker

Ez történt 2015-ben

Nem volt eseménytelen esztendő a 2015. - sem. A legizgalmasabb incidense

mySec Információ