Equifax says 100,000 Canadians impacted by cybersecurity breach

. Equifax Canada said a massive cybersecurity breach at the company may have exposed the personal information of about 100,000 Canadian consumers.
Equifax is a consumer information company that provides, among other services, credit information and credit ratings on individuals.
Our focus now is on providing impacted consumers with the support they need,” Nelson said in a release.
Canada’s privacy commissioner said Friday it had opened an investigation into the data breach after receiving several complaints and dozens of calls from concerned Canadians.
Equifax said it has been working with the Office of the Privacy Commissioner of Canada (OPC) and will be sending notices via mail directly to all impacted consumers outlining the steps they should take.
Equifax has said the breach of its system occurred between mid-May through July, and it learned of the hack on July 29.
Last week, Equifax put the blame for the breach on a web server vulnerability in its Apache Struts open-source software. However, the vulnerability could have been fixed back in early March when patches became available.

Data Differences: Better Records, Better Care

. “I’ve learned how important it is to get my records from one provider to another.
First, doctors’ offices still don’t share patient data very well. Yet a unified electronic medical record (EMR) system, the kind that would allow multiple providers to access and update medical records, still doesn’t exist in the United States.
And that’s too bad, especially for those whose chronic conditions — including MS — demand a carefully orchestrated coordination among many providers.
There are loads of online resources that patients may use to create a data hub accessible by anyone with internet access and who has received permission via an invitation or password. But, according to Healthcare IT News (you do read that, right?
It does not provide medical advice, diagnosis, or treatment.

Kempner: Equifax data breach fiasco? It’s actually a stunning repeat

Consumers complain the company waited too long to warn them, didn’t have its act together when it finally did and then offered inadequate protections. Federal investigators dig into questions of insider trading because top executives sold company stock after the breach was discovered but before it was disclosed.
If you don’t notify consumers right away, at least be excellent in communicating with consumers when you do fill them in.
ChoicePoint’s saga makes clear who will probably come out OK in this scenario: the entity that didn’t fully protect our data.
In ChoicePoint’s case, the bad guys got the goods on more than 160,000 people, including some Social Security numbers and credit reports.
The company said law enforcement urged them to hold off during the investigation, but an officer suggested it was the company that really pushed for the delay.
ChoicePoint CEO Derek Smith and president Doug Curling started selling nearly the $21 million in stock before the crisis was disclosed. (Equifax has said the same about its executives who sold shares after its breach was discovered.)
ChoicePoint executives had to put more attention to pesky issues like privacy, security, transparency and apologies.
They may hold that precious data until consumers drop their guards — and Equifax’s offers of free credit monitoring and credit freezes expire.

Equifax image is battered by data breach as consumers feel violated

The Equifax brand is under assault.
The credit bureau has suffered a major public relations hit since Sept. 7, when it said its computer systems were breached by hackers and that personal data of 143 million Americans was at risk of being stolen as a result.
The negative headlines have taken a toll on its “Buzz score,” tallied by YouGov, which tracks the perception of more than 1,500 brands daily.
Equifax’s Buzz score — which measures whether respondents have heard something “positive or negative” about the brand — has dropped from zero to -33 in the first 10 days since the hack was publicized. (A score can range from -100 to 100 with a zero score indicating a neutral viewpoint.)
Other high-profile breaches, such as one at Anthem Blue Cross in February 2015 and Home Depot in September 2014, did not cause as big a hit to those brands.
Only Volkswagen’s 49-point Buzz score decline 10 days after news of its emissions-cheating scandal broke in September 2015 was bigger. “Until Equifax’s actions take a more positive and productive step with consumers, this will most likely impact their perception for a long time,” the YouGov spokesperson said.

Political campaigns prep for battle with hackers

Democratic committees like the Democratic Congressional Campaign Committee, which was breached last year, have switched internally from email to encrypted messaging apps.
The political world is officially obsessed with cybersecurity in 2017 — especially the Democrats burned by the hacking of their committees and operatives during the 2016 election.
But operatives warned that the only way to secure a political party’s information is to get everyone on the same page — and that the best way to prevent hacking in the 2020 presidential campaign is to have a security-first culture change take root before then.
And in a further step, the DCCC urged Democratic House campaigns and consultants to use Wickr in 2018.
Party committees have a particularly strong interest in securing their communications that individual campaigns may not share, said another consultant. Hackers stole some of that delicate information from the DCCC’s central file during the 2016 election.
Cybersecurity is “really one of the most challenging things I’ve dealt with as a manager, because it’s not my expertise and it’s not the expertise of the majority of people who work in this business,” said Pritzker campaign manager Anne Caprara, who previously worked at Priorities USA Action, the Democratic super PAC (and another CrowdStrike client).
The National Republican Congressional Committee has paid CrowdStrike nearly $80,000 for services in 2017, according to its campaign finance reports.
At a recent training session for progressive candidates, the Progressive Change Campaign Committee held a breakout session on secure messaging on campaigns.

Clark Howard Answers Your Questions About The Equifax Breach

. It’s a story that has worried millions: What exactly is the Equifax data breach? How am I impacted?
That’s why Consumer Warrior Clark Howard is here for you.
Equifax has been under intense public pressure since it disclosed last week that hackers accessed or stole millions of Social Security numbers, birthdates and other information.
On Friday — the same day two key executives retired immediately — it gave its most detailed timeline of the breach yet, saying it noticed suspicious network traffic associated with its U.S. online dispute portal web application on July 29.
Equifax had said earlier that it identified a weakness in an open-source software package called Apache Struts as the technological crack that allowed hackers to heist the data from the massive database maintained primarily for lenders.
That disclosure late Wednesday cast the company’s damaging security lapse in an even harsher light.
Equifax said its security officials were “aware of this vulnerability at that time, and took efforts to identify and to patch any vulnerable systems in the company’s IT infrastructure.”
The company has hired Mandiant, a business often brought in to deal with major security problems at big companies, to conduct a forensic review.

California’s privacy proposal failed, but it probably violated the Constitution anyway

California’s privacy proposal failed, but it probably violated the Constitution anyway.
Moreover, the Federal Trade Commission (FTC) refused to support it, and it contradicted the Obama administration’s Consumer Privacy Bill of Rights.
The hyperbole of today’s privacy activists claiming that securing rules on broadband providers is the end-all, be-all of regulation only became a rallying cry when the 2015 FCC classified broadband as a telecommunications service.
The bill’s advocates are fighting against broadband providers’ attempt to offer broadband as an advertising-subsidized service.
While states have some leeway to regulate commerce within their borders, Dormant Commerce Clause arguments have been used to challenge state-level internet regulation, showing that it discriminates against and unduly burdens commerce.
It’s unclear how the proposed rules would have stopped mobile subscribers from other states from enjoying advertising-supported broadband service when in California.
A Wickard v. Filburn argument could show that regulation in California, especially given its population, could have deleterious impacts, not only on Californians who would be denied competition and choice, but also on the rest of the country with increased compliance costs for doing business in California.
And yet, there is little evidence that Californians enjoy more privacy.
In fact, the proposed privacy law did nothing to address the real harms evidenced by Californians, namely those that emanate from government over-collection and under-protection of personal data.
James Madison, the Father of the Constitution, warned of “abridgment of the freedom of the people, by gradual and silent encroachments of those in power.” California is just one of half a dozen states which have proposed misguided privacy laws.

Attorney general’s office monitoring Equifax data breach

Attorney general’s office monitoring Equifax data breach.
Exactly how many West Virginians’ sensitive personal financial information was compromised by the Equifax data breach, but Attorney General Patrick Morrisey says his office continues to monitor the situation.
My office is also working to educate the public on identity theft issues and will provide additional information about the breach as it becomes available.” Last week, Equifax reported that hackers exploited a website application vulnerability and gained access to files potentially impacting 143 million consumers nationwide.
In other instances, hackers also may have gained access to driver’s license numbers, credit card numbers and dispute documents containing personal identifying information.
The danger now is that hackers may use that information for identity theft and open new accounts or take out loans in other people’s names.
Even with that, Morrisey said, consumers should access the Equifax website only on a secured computer and make sure they use the correct website, ensuring it includes the “s” in “https:” for security with no changes to the spelling or domain.
Equifax says it is offering one year of credit file monitoring and identity theft protection for all U.S. consumers, whether or not the consumers are among those impacted by the breach.
It includes credit monitoring for Equifax, Experian and TransUnion; copies of and the ability to lock Equifax credit reports; identity theft insurance and online scanning for Social Security numbers.
Some experts say people who are concerned about the data breach can ask the three reporting agencies to freeze their information.
If the consumer applies for a new loan or a credit card, he or she can ask the credit bureau to thaw the data for a limited time.

Equifax’s Data Breach Should Prop Up These Cybersecurity Stocks

Equifax’s Data Breach Should Prop Up These Cybersecurity Stocks.
Betting on cybersecurity stocks has been a profitable trade in 2017.
The company last week admitted that it failed to fix a vulnerability called “Apache Struts.” And here’s the thing: This vulnerability, which was exploited by the attackers, was first discovered in March — a good six months before the breach took place.
As expected, heads at Equifax have begun to roll as various class-action suits are being formed.
On Friday the company said two technology and security executives, Susan Mauldin and David Webb were leaving the company “effective immediately.” According to Reuters, the company also announced that it has brought on FireEye (FEYE) threat intelligence subsidiary Mandiant, to investigate the breach.
Cybersecurity stocks like FireEye, which last week soared 8%, has skyrocketed 46% year to date, crushing both the CIBR and HACK.
For similar reasons, investors should look to data security specialist Barracuda Networks (CUDA), which last week rose more modestly at 1.74%.
CUDA stock, which has risen just 14.5% year to date, could move higher in the quarters ahead.
Cybersecurity threat prevention could soon see spending of up to $101.6 billion on cybersecurity software, services, and hardware, according to research by the International Data Corporation.
And because of this latest breach to Equifax, businesses and consumers likely won’t wait to be victimized, especially given the ever-connected world in which we live.

Bluetooth problem could let hackers take control of Apple, Samsung and Google devices

Bluetooth problem could let hackers take control of Apple, Samsung and Google devices.
Millions of mobile phones, laptops and smart home devices could be at risk of hacking after researchers discovered a way to take over devices using the Bluetooth connection.
Vulnerabilities in Bluetooth, which allow devices to link wirelessly over short distances, could be exploited to let hackers take over devices, and steal data and passwords.The problem affects products from major brands including Apple, Samsung, Google and Microsoft.
The problem affects nearly all devices with a Bluetooth connection, and is not limited to one type of phone or operating system, according to security research firm Armis. “Unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file,” it said.
Apple devices that are up to date are already be protected.
Samsung, which is the world’s biggest smartphone producer, did not respond to Armis regarding a security update.
Top 4 | Most popular cyber crimes Phishing The aim is to trick people into handing over their card details or access to protected systems.
Criminals use online ‘fraud forums’ to buy and sell credit cards, email addresses and passports.
It is estimated that 90% of all data records that were used in a crime was a result of hackers employed by organised crime.