Month: October 2017

Data Breach, Hacked, Identity Theft, Technology

EQUIFAX SOFTWARE UPDATES

| Linda Vitale

What does Equifax Software Updates have to do with the Equifax breach?  EVERYTHING! Credit Bureau Equifax actually allowed Hackers into their system, by NOT timely updating one of their software programs.

To begin with – the number of those affected by the Equifax Breach has been revised upward to 145.5 million, up from 143 million. The social security numbers of more than 60% of the U.S. adult population has been exposed.  Mind you, this breach occurred sometime between May and July, 2017, but Equifax didn’t publicly announce it until early September. This gave the bad guys plenty of time to amass all that data and do some serious damage, before most of us were even aware of the breach.

Recently fired Equifax CEO Richard Smith, testified before Congress last week explaining how the company got hacked in the first place. It seems the company failed to update a patch, which would have fixed a security flaw, in a program, called Apache Struts. This security flaw, in the Apache software, is how Hackers were able to steal all that data.

Had Equifax been prompt in updating the program, this epic breach would have been completely avoided!

In March, Apache had issued a patch to fix the problem in their Apache program. The patch was made available for users to update. The patch was available to update two months before the Equifax breach. It is inexcusable for any company that controls huge amounts of sensitive data, to fail to update their software in a timely manner.

CEO Richard Smith told Congress that the “person responsible for updating the software, did not properly do their job”. The fact that only ONE person at Equifax was responsible to handle this job, without any other oversight or backup, is reprehensible!

Equifax Software Updates not done
SHAME ON YOU EQUIFAX!

The important lesson, which should be learned from this story, is to always be sure to update your software. Set these programs to automatically update whenever one becomes available.  Setting them to automatically update eliminates the need for you to have to take any specific action yourself.  It ensures that you’lll always be operating the most safe-and- secure versions of your software at all times.

Finally, it is most important to discontinue the use of outdated software, which is no longer being updated with the latest security patches. The WannaCry Ransomware attack was easily spread around the world, because so many companies were still using the outdated Windows XP operating system.  Microsoft had long ago stopped supporting XP, Vista and other previous software versions with security updates.

Equifax had an obligation to protect the sensitive data of millions of U.S. citizens and failed miserably!  The fact that they made such an avoidable mistake is truly frightening!  Those affected will have to be constantly vigilant about identity theft – for the rest of their lives.

Read a previous article about Equifax Breach

Data Breach, Education, Identity Theft, Uncategorized

Credit FREEZE vs. a Credit LOCK

| Linda Vitale

Consumers Union is recommending consumers place a Credit FREEZE vs. a Credit LOCK.  Here’s Why…

A credit LOCK is simply a contractual business agreement between you and the Credit Bureau. 

Having a contractual agreement is not nearly as strong as having protections under the law. A contractual agreement with a company is subject to change, or may be unclear. It may include provisions that you may be better off NOT agreeing to – such as binding arbitration. With LOCKS, it’s also not clear who would be liable for financial losses.

A Credit FREEZE is the better option, because a credit freeze offers stiffer legal protections.

Its promise to guard your credit accounts is guaranteed by law! If something goes wrong, and your credit accounts are fraudulently accessed, consumers are protected from financial liability.

Credit Freeze vs. a Credit Lock
A Credit Freeze is better than a Credit Lock

BUT – In response to the stampede of people attempting to place a Credit Freeze, after the massive Equifax breach, the 3 Credit Bureaus are pushing consumers to “LOCK” their credit files instead of placing a Credit “FREEZE”.

Just To Be Clear: The best way to protect yourself from an identity thief opening a credit account in your name, is still by placing a credit freeze at all three credit bureaus.

Consumers should be wary of this push towards Credit “Locks”. Equifax and the other two credit bureaus fought for years against our right to freeze our credit reports – and then demanded fees to do so.

Equifax has said it will be offering a new type of credit “LOCK” FREE – for life. This raises questions and concerns about their motives! Credit Bureaus make huge sums of money by selling your information and allowing access to your credit file.  A credit FREEZE will greatly limit their ability to do so.

So if you are offered a choice between a Credit Freeze vs a Credit Lock, don’t let the Credit Bureaus try to fool you. A Credit Freeze has always been the best way to keep the bad guys from getting credit in your good name. A credit LOCK is designed to work in the best interest of the Credit Bureaus – NOT YOU!

“We are still trying to figure out why they are pushing this newer thing they call a credit “lock” says Mike Litt at U.S. PIRG (Public Interest Research Group). “It may allow credit bureaus to market to consumers more aggressively for products that they may not need and/or shouldn’t pay for”.

It’s time for Congress to provide free Credit Freezes. To learn more go here: http://www.uspirg.org/news/usp/interactive-map-shows-consumers-42-states-have-no-access-free-credit-freezes 

You can also read one of my previous articles about the Equifax Data Breach

 

Data Breach, Hacked, Uncategorized

SONIC Breach- 5 Million Debit & Credit Card Info Stolen

| Linda Vitale

The recent Sonic Breach reported by the fast food chain was a breach of their card processing system. The Sonic Breach resulted in the theft of 5 million credit and debit card information. The chain has more than 3,500 locations in 44 states. At the time of this writing, Sonic did not disclose the number of its restaurants that were potentially affected.

The stolen card data included the zip codes of the card holders!

The fact that zip codes were included as part of the stolen information, makes the resale of this information more valuable.

The zip codes allow a criminal to know exactly which geographical area the card originated from. This in turn, helps the criminal avoid making their purchases look suspicious; by only using the card to make purchases in the cardholder’s local geographical area.

Sonic Breach of Card Info

The information from the Sonic breach is already being sold on the Dark Web, which is the part of the Internet where criminals go to purchase stolen data. The card data will fetch a price of about $25 to $50 each, depending on the type of card (debit or credit) and the card limits available.

It seems like almost every week we hear news of another data breach. Your personal information is only as safe as the companies entrusted to protect it.

The Sonic Breach could have been totally avoided had Sonic updated their processing equipment to accept the more secure EMV chip cards. Instead, they’re still using the old style magnetic-strip for their card processing.

WHAT CAN YOU DO TO PROTECT YOURSELF
  • Avoid making purchases at retailers who have not yet switched to the new EMV system.
  • If you used a credit or a debit card at a Sonic restaurant in the last 6 months, be sure to carefully monitor your accounts for any sign of fraudulent purchases.
  • If you discover any fraudulent purchases on your credit card bill, notify your credit card company. In the case of a DEBIT card, be sure to notify your bank immediately, to prevent the money in your checking account from getting completely wiped out.
  • Debit cards do NOT have the same consumer protections as credit cards. Therefore, in the future, refrain from using your debit card except at an ATM. If your debit card gets stolen or skimmed, you could lose all the money in your checking account if it is not timely reported to your bank. Also, the funds in your checking account will be frozen while the bank investigates, denying you access to your account during the process.

Until all businesses switch to the newer and safer EMV chip cards, we will unfortunately see more and more breaches like this one.

It is up to you to remain ever vigilant!