[gnso-rds-pdp-wg] Fwd: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc
John Bambenek
jcb at bambenekconsulting.com
Tue Feb 13 17:03:22 UTC 2018
Which is why I have stated repeatedly, vigorsly, and consistently whois
privacy SHOULD be FREE. Let the CONSUMER make that choice, not a bunch
of mostly American and European guys telling the world how they need to
do business. I don't care if MY number is out there. So the question is,
why create a system that prevents me from sharing MY OWN information as
I see fit?
On 2/13/2018 11:01 AM, Chris Pelling wrote:
> So was mine in the UK, and ICANN keeping or requiring ANY retention of
> data for long periods of time IMHO is dangerous.
> Equifax dropped the ball here, and a lot (you and I both plus god know
> really how many others) have had their personal data stolen.
> I dont want my telephone number to be out in the wild, nor any of my
> other details quite frankly.
>
> Kind regards,
>
> Chris
>
> ------------------------------------------------------------------------
> *From: *"John Bambenek" <jcb at bambenekconsulting.com>
> *To: *"Chris Pelling" <chris at netearth.net>, "gnso-rds-pdp-wg"
> <gnso-rds-pdp-wg at icann.org>
> *Sent: *Tuesday, 13 February, 2018 16:54:29
> *Subject: *Re: [gnso-rds-pdp-wg] Fwd: Equifax hack worse than
> previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc
>
> My personal data WAS stolen in the Equifax breach. People can do real
> fraud with that. My point is that having my address, phone number and
> email his radically different risks than financial information. That
> is the only point I was making.
>
>
> On 2/13/2018 10:52 AM, Chris Pelling wrote:
>
> Please don't diss valid points John - I am sure if your personal
> information was stolen in this attack and they had your SSN/TIN,
> credit card number and expiry date, you would be singing a
> different tune.
>
> Kind regards,
>
> Chris
>
> ------------------------------------------------------------------------
> *From: *"gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org>
> *To: *"gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org>
> *Sent: *Tuesday, 13 February, 2018 16:48:27
> *Subject: *Re: [gnso-rds-pdp-wg] Fwd: Equifax hack worse than
> previously thought: Biz kissed goodbye to card expiry dates, tax
> IDs etc
>
> Let's be honest here, we're talking about phone numbers and email
> addresses. The threat model is RADICALLY different with the data
> we are talking about.
>
>
> On 2/13/2018 10:45 AM, Stephanie Perrin wrote:
>
> Undeterred by the fact that noone has responded to my last
> post, I offer the following update to the Equifax breach to
> further illustrate my point. As many companies have found
> out, you don't find out what you've got till it's gone.....a
> further reason for data minimization and short retention periods.
>
>
>
>
>
>
>
>
>
> To:
>
>
> http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/
>
>
> *Equifax hack worse than previously thought: Biz kissed
> goodbye to card expiry dates, tax IDs etc*
> Pwned credit-score biz quietly admits more info lost
> By Iain Thomson in San Francisco 13 Feb 2018 at 02:13
>
> Last year, Equifax admitted
> https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/
> hackers stole sensitive personal records on 145 million
> Americans and hundreds of thousands in the UK
> https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/
> and Canada.
>
> The outfit already said cyber-crooks "primarily" took names,
> social security numbers, birth dates, home addresses,
> credit-score dispute forms, and, in some instances, credit
> card numbers and driver license numbers. Now the
> credit-checking giant reckons the intruders snatched even more
> information from its databases.
>
> According to documents provided by Equifax to the US Senate
> Banking Committee,
> and revealed this month by Senator Elizabeth Warren (D-MA),
> https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc
> the attackers also grabbed taxpayer identification numbers,
> phone numbers, email addresses, and credit card expiry dates
> belonging to some Equifax customers.
>
> Like social security numbers, taxpayer ID numbers are useful
> for fraudsters seeking to steal people's identities or their
> tax rebates, and the expiry dates are similarly useful for
> online crooks when linked with credit card numbers and other
> personal information.
>
>
> *Contradictory*
>
> "As your company continues to issue incomplete, confusing and
> contradictory statements and hide information from Congress
> and the public, it is clear that five months after the breach
> was publicly announced, Equifax has yet to answer this simple
> question in full: what was the precise extent of the breach?"
> Warren fumed in a missive late last week.
> https://www.warren.senate.gov/?p=press_release&id=2317
>
> Equifax spokeswoman Meredith Griffanti stressed to The
> Register today that the extra information snatched by hackers,
> as revealed by Senator Warren, belonged to "some" Equifax
> customers. In other words, not everyone had their phone
> numbers, email addresses, and so on, slurped by crooks just
> some. How much is some? Equifax isn't saying, hence Warren's
> (and everyone else's) growing frustration.
>
> The senator is a cosponsor of the proposed Data Breach
> Prevention and Compensation Act,
> https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/
> which, if passed, would impose computer security regulations
> on credit reporting agencies, with mandatory fines that would
> have led to Equifax coughing up $1.5bn for its IT blunder.
>
> Some regulation or punishment is obviously needed.
>
> No senior Equifax executives were fired over the attack
> instead the CEO, CSO and CIO were all allowed to retire with
> multi-million dollar golden parachutes. The US government's
> Consumer Financial Protection Bureau promised a full
> investigation into the Equifax affair, and then gave up. On
> February 7, an open letter [PDF]
> https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf
> from 32 senators to the bureau asked why the probe was
> dropped, and the gang has yet to receive a response. ®
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> --
> --
>
> John Bambenek
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> --
> --
>
> John Bambenek
>
--
--
John Bambenek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180213/29e31f7b/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list