Equifax hack and the Equifax Data breach In U.S and Argentina explained In Full
The Equifax hack & the Equifax data breach was horrible, because it has affected up to 143 million people that had their social security numbers exposed in the Equifax data breach disaster. Now Equifax Argentina has been hacked due to equifax using no security measure for a certain portals login credentials. So, what happened with Equifax data breach? Equifax security had a history of not responding or fixing known security vulnerabilities in their system at the time the equifax hack in the U.S took place. One of many vulnerabilities that had not been fixed was an xss that was reported a year prior to the malicious hack, which may help show the negligence that Equifax showed towards their cyber-security.
After the Equifax hack in the U.S took place, the Argentina Equifax hack took place, because their username and password were the same default credentials, no one in the world should be using. What was their username and password? admin for username and the password was also admin.
If you haven’t heard that Equifax royally screwed up on providing credit card monitoring, or even if you have heard that they messed up, it’s far worse than what you know. Originally when people accepted the Equifax credit card monitoring they were waiving their rights to sue Equifax for the equifax data breach, according to multiple reports. After they came under extreme criticism Equifax updated their terms to say they meant you can’t sue them for the use of the credit card monitoring, but you can still sue them for the cyber-security breach that has already occurred.
If the Equifax credit card monitoring issues stopped there, that would be amazing but Equifax showed they weren’t prepared to handle a breach. Equifax only provides you a year of free monitoring services and they use their own companies services to provide you that one year of monitoring. Senator Schatz wrote a scathing, yet one hundred percent factual critique of Equifax and the Equifax data breach that points out they will make a large profit off of their credit monitoring, because per his critique, Senator Schatz stated that was insufficient. He Also pointed out that their current one year monitoring model makes them profit when people can go back to the company that equifax owns for continued monitoring after the year is up.
It was pointed out by others that Equifax can make up to $120 of profit per person off of credit card monitoring per their page that allows you to sign up. If all 142 million people affected paid for the next year of credit card monitoring they would make 14 billion dollars off of the breach, just on the credit card monitoring. Senator Schatz went on to point out that they will make 30 dollars off of each person who wants to freeze their credit card file, which is a smart thing to do.
After the scathing critique from Senator Schatz, and colleagues and many other people who protested over the credit freeze charge Equifax announced they will be allowing free credit report freezes until November 21st and refunding anyone who paid for the service after the breach was announced. A credit freeze is also known as a security freeze for your credit report adding layers of security helping protect criminals from opening new credit in your name.
Equifax went on to say that you will not be automatically enrolled or charged after the free year of credit monitoring is over. However, they do not state that they won’t use the email addresses or other information to contact you to let you know you have the option to enroll for another year. Their wording is quite specific in that it states you won’t be automatically enrolled, so the probability of them trying to manually convert you into a paying customer whether via email blasts or phone calls still appears to remain per the wording they have chosen to use.
Now let’s make this very clear, the Equifax data breach could still make them up to 14 billion dollars if every single person used their service and was manually or via automatic blast email opted into one paid year of monitoring after the free year ended. Let’s make it equally clear that not every person has signed up for their monitoring nor would every person renew services, but let’s say 50 percent of the 142 million people affected used the service for an additional year on their own dime. Based off of Equifax’s site the services cost $120 a year so , Equifax could make 8 billion and 520 million dollars. Even if only 25 percent of people renewed they would make 4 billion and 200 million dollars off of their own disaster. Nonetheless, they stand to profit off of being hacked.
When you go to equifaxsecurity2017.com to see if you are hacked and click on any button to see if you were affected by the hack or to enroll in the one year monitoring, they are going to direct you to go to trustedidpremier.com. Most people won’t notice this, since sadly people don’t pay attention to the site they are actually on. This site asks for your six digit social security number, which quite frankly you should never enter online. Furthermore, you did not hire Equifax to collect the data that was leaked on you, they collect it as part of their business model for their clients. You are not the client, you are the product, which the well written CNN piece makes painfully clear.
How did the equifax data breach in United States happen?
Updated: We were correct that Equifax was hacked by the March, 2017 Apache Struts bug.
Updated: Providing insight to the carefully crafted Equifax announcment that looks like they are blaming Apache Struts, but are evading from doing so. Removed the Quartz article link, since that article appears to be partially inaccurate.
Equifax released a statement that many news outlets took as admitting they were hacked by an Apache Struts vulnerability, however after careful analysis, that isn’t what they were saying whatsoever. They were simply noting that their is evidence that someone may have tried to use the 2 month old Apache struts vulnerability, but have not yet confirmed that is indeed how the hack took place. While we do believe not updating Apache Struts is one way an attacker could’ve gotten in, their security is inexcusably weak making it possible that a different exploit was used.
However the equifax data breach wouldn’t have happened as badly if they hadn’t kept so much data about people online, that the people did not ask to be collected about them. When a site you are the customer of is hacked that’s one thing, when a site that you are the product of and in this case you are a product of Equifax, that’s entirely different. You are the victim in this scenario, and Equifax put too much of your personal data online. Also, they did not fix known security vulnerabilities.
How did the Equifax Data Breach happen in Argentina?
The Equifax Data breach in Argentina occured because someone had the idea to put the username and password as admin for the username and admin as password. Now to be fair, they may have just bought some software and did not follow the instructions or do any security review whatsoever, like resetting the default admin credentials for the portal they were using. As far as we know, only thousands upon thousands of people were affected in the Equifax Argentina Data Breach. The Equifax Argentina data breach is a developing story, so we will continue to update this as more information becomes available.
What countries were affected by the Equifax breach?
There have been multiple Equifax breaches this year, but so far we know that the U.S was affected, Argentina was affected, U.K was partially affected.
We will continue to update this article when more information becomes available