This debate will rage on, but even if that clause does exist, it will be very difficult to defend in court. I'm sure it will be no more effective than the stickers on dump trucks claiming they are not responsible for broken windshields.
-
Be sure to read this post! Beware of scammers. https://www.indianagunowners.com/threads/classifieds-new-online-payment-guidelines-rules-paypal-venmo-zelle-etc.511734/
Equifax data breach... get free monitoring
- Thread starter myhightechsec
- Start date
The #1 community for Gun Owners in Indiana
Member Benefits:
Fewer Ads! Discuss all aspects of firearm ownership Discuss anti-gun legislation Buy, sell, and trade in the classified section Chat with Local gun shops, ranges, trainers & other businesses Discover free outdoor shooting areas View up to date on firearm-related events Share photos & video with other members ...and so much more!
Member Benefits:
There is a big difference between those two. One you actually have to agree to, the other you had no such option.
True, but it seems that they never intended to try and absolve themselves. The below was posted yesterday on the equifaxsecurity site's front page. This seems pretty clear that the interpretations of some internet lawyers were incorrect.
KittySlayer
Grandmaster
It is not as though any settlements or reimbursements from Equifax are going to be first come, first served. There is not a big enough pile of money to fix what they allowed to happen by the evil hacker scumbags. Even if you win, what you get wont even cover the cost of your inconvenience trying to protect yourself and will come nowhere close to covering the cost if you get your identity stolen.
As someone noted, the theft already occurred. The bad guys have the information they need and no rush to use it. Your data floating around is just as dangerous today as it is next month and two years from now. The Genie is out of the bottle.
Completely agreed. The credit monitoring should be lifetime and the credit freeze fees should be paid for by equifax if the can't get the other two agencies to waive the fees for those impacted.
I just got this email from Life Lock. It has some good info and includes phone numbers to put a fraud alert on your info. I used Transunion. It was all automated. According to Life lock, if you put it on one of the big 3, they have to notify the other two.
https://www.lifelock.com/education/steps-lifelock-members-can-take-after-equifax-data-breach/
https://www.lifelock.com/education/steps-lifelock-members-can-take-after-equifax-data-breach/
AmmoManAaron
Master
Possible diversity hire?
CSO is not a technical position. It is more of a bureaucratic position. Most people in IT leadership I have known have not had degrees in anything IT related.Possible diversity hire?
The CISO/CIO would not have had anything to do with this leak anyway. This leak was likely the result of a very common IT problem:
Systems need to be kept up to date at a very low level.
This is often a mundane and tedious task relegated to the lower levels of the IT staff.
Even when automated someone must monitor the automation to ensure that it worked correctly.
I predict that one of two things happened.
The updates were automated but the monkey supposed to be monitoring wasn't watching. (This gets my personal vote)
There were not enough staff members to do the updates or the updates were not prioritized over other things.
Too often I've seen higher ups scream "OMG this needs to be secured now!" but they don't put any more staff effort into security and expect that other projects continue at their current pace. The staff is left to prioritize on their own and often choose the projects that have high visibility. Stakeholders watching those projects don't like to hear that their project was delayed while things were patched. Showing value in patching is difficult since you're essentially trying to prove a negative "I patched/updated the systems and nothing happened." as often times not patching will also yield the same result, nothing happened. It is only when something like this does happen that people start to take notice. Sadly the impact of this will have far reaching consequences for the company as well as about half the US population.
Systems need to be kept up to date at a very low level.
This is often a mundane and tedious task relegated to the lower levels of the IT staff.
Even when automated someone must monitor the automation to ensure that it worked correctly.
I predict that one of two things happened.
The updates were automated but the monkey supposed to be monitoring wasn't watching. (This gets my personal vote)
There were not enough staff members to do the updates or the updates were not prioritized over other things.
Too often I've seen higher ups scream "OMG this needs to be secured now!" but they don't put any more staff effort into security and expect that other projects continue at their current pace. The staff is left to prioritize on their own and often choose the projects that have high visibility. Stakeholders watching those projects don't like to hear that their project was delayed while things were patched. Showing value in patching is difficult since you're essentially trying to prove a negative "I patched/updated the systems and nothing happened." as often times not patching will also yield the same result, nothing happened. It is only when something like this does happen that people start to take notice. Sadly the impact of this will have far reaching consequences for the company as well as about half the US population.
Keeping default passwords doesn't help.
Equifax had 'admin' as login and password in Argentina - BBC News
Also true but the cause is often similar. The value of IT Security isn't seen until it's broken.
The CISO should be setting the tone for these things... I agree, the folks actually carrying out the patching are at the lower levels of the org, but reporting and dashboarding on patching should be bubbling up, and the CISO is ultimately responsible. Their next CISO will hopefully pay attention. Their current one should be looking for a job. The Execs who dumped stock after the discovery but before making it public should be looking for lawyers.
Last edited:
I doubt that Equifax has a staffing problem in security.
I would lean more towards social engineering and phishing as the path into their network.
I wonder when we will learn the details of what happened.
There is no excuse for that. They should be doing periodic testing of their systems and that is one of the things you always check for. Someone should lose their job over this one.
I would not say that until we know what happened.
When it comes to security, you can do everything right and still fail. Users are your weakest link.
Careful doing a credit freeze through TransUnion. They're trying to lead people to their service and away from an actual freeze.
Which... good luck doing anyway... still can't get logged in to do it. Have to use the phone number I guess.
Which... good luck doing anyway... still can't get logged in to do it. Have to use the phone number I guess.
Site Supporter
Members online
- DoggyDaddy
- Lee11b
- hammerd13
- Colt556
- Steve
- MCgrease08
- ranger04
- El Conquistador
- cmamath13
- AFvet3366
- jsharmon7
- duff
- slims2002
- unique
- mcapo
- drgnrobo
- jbm1521
- DJM95B
- LeftyGunner
- bigz82
- SolidDragon74
- papa6x
- simpleman44
- wesnellans
- efd1295
- daventos
- Todd haley
- Timjoebillybob
- KBreezy
- SnoopLoggyDog
- Nacho Man
- HoosierHunter07
- Steel and wood
- JamesV
- hopper68
- DDadams
- dmeadlo
- cp1149
- jsn_mooney
- INgunowner
- loudgroove
