Everywhere erriff you went and every bung you arver dropped into, in cit or suburb or in addled areas, the Rose and Bottle or Phoenix Tavern or Power’s Inn or Jude’s Hotel or wherever you scoured the countryside from Nannywater to Vartryville or from Porta Lateen to the lootin quarter
On Monday, the Justice Department announced that it was charging four members of China’s People’s Liberation Army with the 2017 Equifax breach that resulted in the theft of personal data of about 145 million Americans.
Using the personal data of millions of Americans against their will is certainly alarming. But what’s the difference between the Chinese government stealing all that information and a data broker amassing it legally without user consent and selling it on the open market? Both are predatory practices to invade privacy for insights and strategic leverage. […]
Equifax is eager to play the hapless victim in all this. […] “The attack on Equifax was an attack on U.S. consumers as well as the United States,” [Equifax’s chief executive] said. […]
According to a 2019 class-action lawsuit, the company’s cybersecurity practices were a nightmare. The suit alleged that “sensitive personal information relating to hundreds of millions of Americans was not encrypted, but instead was stored in plain text” and “was accessible through a public-facing, widely used website.” Another example of the company’s weak safeguards, according to the suit, shows the company struggling to use a competent password system. “Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes,” it read.
Though the attack was quite sophisticated — the hackers sneaked out information in small, hard to detect chunks and routed internet traffic through 34 servers in over a dozen countries to cover their tracks — Equifax’s apparent carelessness made it a perfect target.
According to a 2019 class-action lawsuit, the company’s cybersecurity practices were a nightmare. The suit alleged that “sensitive personal information relating to hundreds of millions of Americans was not encrypted, but instead was stored in plain text” and “was accessible through a public-facing, widely used website.” Another example of the company’s weak safeguards, according to the suit, shows the company struggling to use a competent password system. “Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes,” it read.
The takeaway: While almost anything digital is at some risk of being hacked, the Equifax attack was largely preventable.
related { The End of Privacy as We Know It? }
related { The FBI downloaded CIA’s hacking tools using Starbuck’s WiFi }
