• Welcome to DOSBODS

    Please consider creating a free account to be able to access all the features of the DOSBODS community. It only takes 20 seconds!

Sign in to follow this  
spygirl

Equifax equihaxed

Recommended Posts

There should be jail for executives of any listed company that fail to maintain security. Prevention of hacking is entirely possible, it just takes time, effort and money.

Share this post


Link to post
Share on other sites

Mind boggling really considering that the other big credit scorer Experian is used as part of the UK government s Verify system to establish a UK individuals identity. Up to 2010 Equifax used to supply the Digital certificates used to access UK government systems via the Gateway so this hack may go way beyond just people who use Equifax for credit scoring. BTW the geniuses in the UK government  have also been sharing some of the data they hold on you with Equifax.

https://www.theguardian.com/politics/2014/apr/18/hmrc-to-sell-taxpayers-data

Edited by Virgil Caine

Share this post


Link to post
Share on other sites
6 minutes ago, Virgil Caine said:

Mind boggling really considering that the other big credit scorer Experian is used as part of the UK government s Verify system to establish a UK individuals identity. Up to 2010 Equifax used to supply the Digital certificates used to access UK government systems via the Gateway so this hack may go way beyond just people who use Equifax for credit scoring. BTW the geniuses in the UK government  have also been sharing some of the data they hold on you with Equifax.

https://www.theguardian.com/politics/2014/apr/18/hmrc-to-sell-taxpayers-data

That is outrageous.  Government selling taxpayers data to private companies. Beggars belief that they would stoop so low. It's not as if you can opt out of the tax system is it and take your business elsewhere in protest. 

If it ends up that tax payer data has been compromised in this, there is surely a masshoosive payout coming along.   

Share this post


Link to post
Share on other sites
1 minute ago, One percent said:

That is outrageous.  Government selling taxpayers data to private companies. Beggars belief that they would stoop so low. It's not as if you can opt out of the tax system is it and take your business elsewhere in protest. 

If it ends up that tax payer data has been compromised in this, there is surely a masshoosive payout coming along.   

No.

UKGOV does not sell data to Equifax.

Equihax hover the info up by using contacts/contracts with creditr providers.

UKGOV does not give credit. It just hands out money.

Share this post


Link to post
Share on other sites
4 minutes ago, One percent said:

Not what the guardian article was saying

;Firms could buy 'anonymised' financial details ;

Could

Anonymised.

Basically, stats on how much people earn and tax paid.

If tis anonymised then its useless to Equifax for their credit scoring. They are looking if Joe PCP has a string of CC defaults to his name.

It *might* use info on where Joe CC lives to work out if its likleth that someone living in Grnagetown is really eearning 2m working at Goldmanc sachs.

 

Share this post


Link to post
Share on other sites
2 hours ago, NTB said:

There should be jail for executives of any listed company that fail to maintain security. Prevention of hacking is entirely possible, it just takes time, effort and money.

I'd rather they jailed the people hacking into them, personally. It's sad to see the blame culture spreading to Directors when it's normally some incompetent idiot in the security department who can't be bothered to do their job.

Share this post


Link to post
Share on other sites
Just now, spunko2010 said:

I'd rather they jailed the people hacking into them, personally. It's sad to see the blame culture spreading to Directors when it's normally some incompetent idiot in the security department who can't be bothered to do their job.

But you have got to ask why the grunt cannot be bothered to do their job.  Shit wages, conditions and generally being treated with contempt. Treat staff well and they pay you back in spades. 

Share this post


Link to post
Share on other sites
4 minutes ago, One percent said:

But you have got to ask why the grunt cannot be bothered to do their job.  Shit wages, conditions and generally being treated with contempt. Treat staff well and they pay you back in spades. 

Everyone blames the director when things go wrong. I'd be fine with that, if they received the praise when things go right, but they don't normally. Everyone hates their boss.

I'd be amazed if those working for Equifax in a sec capacity are underpaid, they're probably on big fat salaries with many perks. If however it transpires they outsourced this to India then I will concur with you :) 

Share this post


Link to post
Share on other sites
19 minutes ago, spunko2010 said:

I'd rather they jailed the people hacking into them, personally. It's sad to see the blame culture spreading to Directors when it's normally some incompetent idiot in the security department who can't be bothered to do their job.

Sort of.

Youd expect a company to put fences and security around a store.

When you get to equifax you are dealing with someo e who makes a living out of selling detailed infirmation about a person which, if stolen, could cause that person huge expense and hassle.

The criminals should be csught. But the comoany should be levelled with a punitive fine, far in excess of the cost to joe punter.

Share this post


Link to post
Share on other sites
39 minutes ago, spunko2010 said:

Everyone blames the director when things go wrong. I'd be fine with that, if they received the praise when things go right, but they don't normally. Everyone hates their boss.

I'd be amazed if those working for Equifax in a sec capacity are underpaid, they're probably on big fat salaries with many perks. If however it transpires they outsourced this to India then I will concur with you :) 

Sure, but the director gets the big bucks whether things go right or go wrong. They are responsible for the whole thing including making sure everyone does their job and that risks are properly managed. Security is one of those things that you have to do and you have to do it right. The threats are out there, they're not going to go away and I don't see any excuse for complacency.

Share this post


Link to post
Share on other sites
2 minutes ago, NTB said:

Sure, but the director gets the big bucks whether things go right or go wrong. They are responsible for the whole thing including making sure everyone does their job and that risks are properly managed. Security is one of those things that you have to do and you have to do it right. The threats are out there, they're not going to go away and I don't see any excuse for complacency.

Are we talking about Equifax or generally? If the latter then most Directors in this country earn close to minimum wage when factoring in hours worked, despite the popular image of a fat cat on a yacht.

All that responsibility, that personal risk-taking, that stress, for very little in most cases.

Share this post


Link to post
Share on other sites
1 minute ago, spunko2010 said:

Are we talking about Equifax or generally? If the latter then most Directors in this country earn close to minimum wage when factoring in hours worked, despite the popular image of a fat cat on a yacht.

I'm talking about listed companies. I wouldn't expect the local plumber to be forking out on penetration testing for his website.

Share this post


Link to post
Share on other sites

Strikes me as odd that when people everywhere pay lip service to data protection in so many circumstances that there are companies able to tell anybody almost everything they want to know about you.

Whether you have any County Court Judgements, how many, how much, why.

Whether your car has tax, MOT, mileage, valuation, number of owners, accident history, outstanding finance.

What your house was last sold for etc

Imagine your medical history being available through such set ups.

Yet our data is protected. 

Share this post


Link to post
Share on other sites
5 minutes ago, spygirl said:

DJs7XSpUQAA0gLx.jpg

Playing devils advocate here - music is a language and there'll be transferable skills into the world of coding. It's very easy to tear someone apart after the event. 

Low wages, project managers  and outsourcing more likely to be where the blame lies, still she should go. 

Share this post


Link to post
Share on other sites
1 minute ago, longtomsilver said:

 

Low wages, project managers  and outsourcing more likely to be where the blame lies, still she should go. 

None of those would be allowed through the system if you employed the right people to co-ordinate the dev teams and pick/vet resources.

Share this post


Link to post
Share on other sites
20 hours ago, longtomsilver said:

Playing devils advocate here - music is a language and there'll be transferable skills into the world of coding. It's very easy to tear someone apart after the event. 

Low wages, project managers  and outsourcing more likely to be where the blame lies, still she should go. 

Nope.

Music is sequence of notes.

Software is a series of actions on mutable state.

Anyone who makes that gormless mistake of confusing a musical score for software is an idiot. And there are a lot of idiots around.

Rolling out systems and ensuring security requires you to be very careful about what software and systenm you put in place. You also need to to audit and version everything.

Share this post


Link to post
Share on other sites
2 minutes ago, spygirl said:

Nope.

Music is sequence of notes.

Software is a series of actions on mutable state.

Anyone who makes that gormless mistake of confusing a musical score for software is an idiot. And there are a lot of idiots around.

Rolling out systems and ensuring security requires you to be very careful about what software and systenm you put in place. You also need to to audit and version everything.

I'm not confusing a music score for software. I wouldn't say I'm gormless or an idiot either.

For all we know she could be a dab hand at coding, developing or whatever and self-taught the same as 50% of those working in the same IT field that never went to university. Her degree choice as a young lady shouldn't define what she can and cannot do in life and I think you'll find heaps of people in life who work in a different field to the one they studied at University. 

Share this post


Link to post
Share on other sites
19 minutes ago, longtomsilver said:

I'm not confusing a music score for software. I wouldn't say I'm gormless or an idiot either.

For all we know she could be a dab hand at coding, developing or whatever and self-taught the same as 50% of those working in the same IT field that never went to university. Her degree choice as a young lady shouldn't define what she can and cannot do in life and I think you'll find heaps of people in life who work in a different field to the one they studied at University. 

For that job shes needs to be a dab hand at auditing and enforcing policy and process.

Id not touch anyone without 20+ years solid development for anything involving security. Its really not simple.

Share this post


Link to post
Share on other sites
4 hours ago, ccc said:

How do these companies fit in with the incoming GDPR legislation ? Going to be very tricky for them. 

Yes, there are financial penalties based on turnover I believe. This assumes that the regulatory bodies will fine them of course.

Share this post


Link to post
Share on other sites
3 minutes ago, Dipsy said:

Yes, there are financial penalties based on turnover I believe. This assumes that the regulatory bodies will fine them of course.

 

4 hours ago, ccc said:

How do these companies fit in with the incoming GDPR legislation ? Going to be very tricky for them. 

Anyone know if GDPR applies to dead people? Wondering about this as it potentially overlaps copyright rules and may affect historical documents etc.

Share this post


Link to post
Share on other sites
On 15/09/2017 at 06:18, longtomsilver said:

Playing devils advocate here - music is a language and there'll be transferable skills into the world of coding.

Going way off topic here, I don't know about transferable skills (maybe soft stuff like the ability to concentrate on something for a long period of time) but there is definitely a correlation between ability at coding and ability at music. I have known way too many people who did both to a high level for it to be entirely coincidental.

I agree with Sypgril on the not wanting anyone inexperienced in charge of security (whether at the code level or higher up the stack) though, it really is a complex space.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.