Wednesday, September 13, 2017

Equifax Breach 2017 Class Action Lawsuit Sign-up USA & CDN

In light of the most consequential data breach in the history of the planet, here a few thing you should know about the Equifax Breach and why you should join the class action lawsuit. Get even people this is your life.

1) Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the immediate days after July 29, but the public disclosure was a full month later on Sept 7th, 2017, that a security breach that may have compromised information on about 143 million U.S. consumers. The credit-reporting service said earlier in a statement that it discovered the intrusion on July 29. Regulatory filings show that on Aug. 1, Chief Financial Officer (CFO) John Gamble sold shares worth $946,374 and Joseph Loughran, PRESIDENT of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans. Another stunning example of corporate greed and the 1% shitting on you.

2) Do not use equifaxsecurity2017.com unless you want to waive your right to participate in a class action lawsuit. The problem with using Equifax’s free ID protection, though, is that in signing up, you have to agree to terms of service that appear to force you into arbitration and waive the right to participate in any class-action lawsuit against TrustedID, the credit monitoring service. (Arbitration is the technical term for settling a dispute outside of court.)

Moreover  equifaxsecurity2017.com is more insecure than the breached site! It's a WordPress site which is the most insecure CMS but it's really easy-to-use ! Equifax appears to have hired global PR firm Edelman PR to build this insecure website. It's just a matter of time before this becomes hacked!



https://sucuri.net/website-security/website-hacked-report






































3) Equifax tried to blame open source Apache Struts - a web application development framework that turns out was not properly maintained. 


"Security experts say that prompt patching of enterprise applications is a must-do practice, given the ease with which attackers can find and automatically exploit known flaws. Equifax has yet to explain why it delayed patching such critical software.

The exploited vulnerability, CVE-2017-5638, became public on March 6, when Apache released an updated version of Struts that fixed the flaw. Within a day, security analysts saw attacks against websites that were designed to exploit the flaw.

Equifax, meanwhile, says its breach began in mid-May but wasn't discovered until July 29.

Apache Struts 2, which uses Java Enterprise Edition, is widely used by many organizations, including airlines, car rental companies, e-commerce sites, social networks and government agencies."

From https://www.govinfosecurity.com/equifaxs-colossal-error-patching-apache-struts-flaw-a-10292


4) Sept  7 - some trivia - https://www.equifucked.com/ - Registered Sept 7, 2017


5) Sept 8 - Calls for dissolution of company and capital to spread over all customers who have credit record with Equifax . Ask for it, when you sign-up for the class action. Anyone with a credit score record will be affected since this is no long a trustworthy score of credit, they should get their fair share, and more for people in the leak. https://www.nytimes.com/2017/09/08/technology/seriously-equifax-why-the-credit-agencys-breach-means-regulation-is-needed.htm


6) Sept 15 Equifax holds data of more than 820 million consumers and more than 91 million businesses worldwide, according to its website. The U.S., U.K. and Canada are its biggest markets. British Gas and BT (BT) in the U.K., and TD (AMTD) and CIBC in Canada are among Equifax's biggest customers. http://money.cnn.com/2017/09/15/news/equifax-hack-uk/index.html

7) Sept 17 Recent security review of revealed password in Argentina Equifax portal using user id "Admin" and password "Admin". "It took almost no time for them to discover that an online portal designed to let Equifax employees in Argentina manage credit report disputes from consumers in that country was wide open, protected by perhaps the most easy-to-guess password combination ever: admin/admin." from https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/

8) Sept 18 - Bloomberg is reporting that Equifax, the credit reporting company that recently reported a cybersecurity incident impacting roughly 143 million U.S. consumers, learned about a breach of its computer systems in March -- almost five months before the date it has publicly disclosed. The company said the March breach was unrelated to the recent hack involving millions of U.S. consumers, but one of the people familiar with the situation said the breaches involve the same intruders


9) Sept 19 - Equifax has been working with the Office of the Privacy Commissioner of Canada (OPC) and will be sending notices via mail directly to all impacted consumers outlining the steps they should take. For impacted Canadians we will also be providing complimentary credit monitoring and identity theft protection for 12 months. Do not use equifaxsecurity2017.com unless you want to waive your right to participate in a class action lawsuit. 
Approximately 100,000 Canadian consumers, and that the information that may have been breached includes name, address, Social Insurance Number and, in limited cases, credit card numbers.

http://www.marketwired.com/press-release/equifax-provides-canadians-with-additional-clarity-on-cybersecurity-incident-involving-2234230.htm


10) Sept 26 - CEO retires in uproar - https://www.bloomberg.com/news/articles/2017-09-26/equifax-ceo-smith-resigns-barros-named-interim-chief-after-hack

11) Oct 12 - 15.2 million U.K. residents
The vast majority of those records - 14.5 million - contained only names and birthdates, which Equifax contends "does not introduce any significant risk to these people."

But the remaining 700,000 records had data that may have included driver's license numbers, email addresses, phone numbers, partial credit card numbers and sensitive information tied to online Equifax.co.uk accounts.

from https://www.govinfosecurity.com/equifax-152-million-uk-records-exposed-a-10372

12) Oct 12 - AS PREDICTED - Equifax website to check if you been hacked has been hacked. It redirects to fake Flash update! That's what you get for using Wordpress.

from https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/

13) 17-Feb-18 https://www.databreachtoday.com/equifax-confirms-probable-breached-data-was-indeed-stolen-a-10644

14) 14-Mar-18 https://www.bloomberg.com/news/articles/2018-03-14/sec-says-former-equifax-executive-engaged-in-insider-trading - CEO charged on insider trading - Why is the company not in Chapter 8 ? 

Class Action Sign-Up

Equifax Breach US Class Action Lawsuit sign-up (not available yet, inquire here)
http://www.geragos.com/practice-areas/civil-litigation/class-actions

Equifax Breach Canadian Class Action Lawsuit sign-up 
https://www.merchantlaw.com/class-actions/equifax


How to check if your Equifax account has been hacked?

Awaiting for this site to get the update, stay tuned.
https://haveibeenpwned.com/

Do not use equifaxsecurity2017.com unless you want to waive your right to participate in a class action lawsuit. 

No comments:

Post a Comment