Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Experian Breach Fallout: ID Theft Nightmares Continue
Newest First  |  Oldest First  |  Threaded View
Railroader
50%
50%
Railroader,
User Rank: Apprentice
11/3/2013 | 8:28:15 PM
re: Experian Breach Fallout: ID Theft Nightmares Continue
I Believe this Data collecting violates my constitutional rights and should be stopped immediately, I have not given these thugs my expressed written permission to collect any information, public or private, about me, or to sell same, and should be considered illegal.
Mathew
50%
50%
Mathew,
User Rank: Apprentice
10/28/2013 | 3:22:59 PM
re: Experian Breach Fallout: ID Theft Nightmares Continue
Thanks for all of this. Another notable effort on this front is being helmed by Sen. Jay Rockefeller (D-WV), who chairs the Senate's Committee on Commerce, Science, and Transportation. He's written a letter to Experian, cited by security reporter Brian Krebs, demanding more information about the data breach.

Last year, the committee launched an investigation into the business practices of nine data brokers, including Experian, although the data broker has reportedly declined to answer all of the committee's related questions. Last month, Rockefeller widened the probe to include the data-sharing practices of 12 websites.
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
10/28/2013 | 2:49:53 PM
re: Experian Breach Fallout: ID Theft Nightmares Continue
Odd, I thought their core business was selling personal information and rating recommendations (ideally to the banks that provide it in the first place). Now with many major retailers finding that managing their own credit system is lucrative, they are buying credit reports on prospective customers as well. I've never seen anything to indicate they have more than a passing interest about the individual. Ideally, they would care who they sell to but investigating a paying customer and taking away from your own revenue is kind of hard to believe.
BGREENE292
50%
50%
BGREENE292,
User Rank: Apprentice
10/26/2013 | 12:28:41 AM
re: Experian Breach Fallout: ID Theft Nightmares Continue

Matthew, thank you for helping readers understand the tortuous chains of corporate responsibility involved in management of personal financial data. Experian has been a problem of late, as your article details at length.



As with Experian-- which claimed the security breach (somehow) was beyond its control after acquiring Court Ventures because Court Ventures was already (allegedly) compromised-- denial seems the first corporate reflex.

But if managing securely all data access by third parties to bank and fund accounts is not fundamentally a fiduciary responsibility, what could else could it be? Denial of responsibility seems the least acceptable response of those whose job was, and is, to manage data security for depositors' assets in trust. In this age of digital commerce, data security, itself, is a primary client asset.



Aside from a federal regulatory review of such issues, it now appears only sweeping and thorough legislation can address the endemic problems of data security. Readers can contact Sen. Elizabeth Warren, a strong consumer financial rights advocate, at http://www.warren.senate.gov/ or the federal Consumer Financial Protection Bureau, director Richard Cordray, at http://www.consumerfinance.gov...
TerryB
50%
50%
TerryB,
User Rank: Ninja
10/25/2013 | 5:08:51 PM
re: Experian Breach Fallout: ID Theft Nightmares Continue
Strike two against Experian. Those clowns were just on 60 Minutes in last year because they can't even get their core business correct, removing bad credit information from their database even after the person shows them it was incorrect. The takeaway from 60 Minutes report was they don't care, doesn't impact their bottom line.
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
10/25/2013 | 4:51:55 PM
re: Experian Breach Fallout: ID Theft Nightmares Continue
Good story, Matthew. I think this all reflects how technology has outpaced society's ability to cope with new issues like abuse of PII. We've always had PII and we've always had people who abused that info for illegal personal gain -- crooks. There have always been companies that compile personal information -- an industry that goes back a century, at least. What is new is the speed with which that information can be shared and resold -- quite legally -- and the abused illegally. And the problem will get much worse very quickly, as big-data-skimming analytics tools piece together such things as your mother's maiden name, your pet's name, your hometown, and childhood friends from social media, where billions of people generously post such information daily.
What to do? A) End the current weak methods of online payments and replace them with biometric systems that confirm the ID of the buyer; B) Require credit montoring companies to red-flag changes in contact information to the individual involved; C) Create a universal registry to help victimized consumers identify and quickly correct fraudulent entries in ALL their credit accounts simultaneously.
The failures of the current system should not fall on the shoulders of the victims, who are usually technically ill-equipped to combat the technologically sophisticated crooks who are victimizing them.
Other ideas?
archangelnikk
50%
50%
archangelnikk,
User Rank: Apprentice
10/25/2013 | 2:26:29 PM
re: Experian Breach Fallout: ID Theft Nightmares Continue
Really shows the bad guys will stop at nothing to acquire consumer information, and as well the lack of controls big business has protecting that data...


COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20925
PUBLISHED: 2020-11-24
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions...
CVE-2020-5641
PUBLISHED: 2020-11-24
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
CVE-2020-5674
PUBLISHED: 2020-11-24
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2020-29002
PUBLISHED: 2020-11-24
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
CVE-2020-29003
PUBLISHED: 2020-11-24
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.