This is just an example but there is a lot of damage that can be caused with data being exposed. In our case we have phone numbers, addresses, emails which is required to verification. <div><br></div><div>This takes us to issue of consent.<br><br>On Tuesday, February 13, 2018, John Bambenek via gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Let's be honest here, we're talking about phone numbers and email
addresses. The threat model is RADICALLY different with the data
we are talking about.<br>
</p>
<br>
<div>On 2/13/2018 10:45 AM, Stephanie Perrin
wrote:<br>
</div>
<blockquote type="cite">
<p>Undeterred by the fact that noone has responded to my last
post, I offer the following update to the Equifax breach to
further illustrate my point. As many companies have found out,
you don't find out what you've got till it's gone.....a further
reason for data minimization and short retention periods.<br>
</p>
<div>
<table cellspacing="0" cellpadding="0" height="107" width="787" border="0">
<tbody>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap valign="BASELINE" align="RIGHT">To: </th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<font face="Times New Roman"><font size="3"><a href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/" target="_blank">http://www.theregister.co.uk/<wbr>2018/02/13/equifax_security_<wbr>breach_bad/</a><br>
<br>
<br>
<b>Equifax hack worse than previously thought: Biz kissed
goodbye to card expiry dates, tax IDs etc</b><br>
Pwned credit-score biz quietly admits more info lost<br>
By Iain Thomson in San Francisco 13 Feb 2018 at 02:13<br>
<br>
Last year, Equifax admitted <br>
<a href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/" target="_blank">https://www.theregister.co.uk/<wbr>2017/09/07/143m_american_<wbr>equifax_customers_exposed/</a><br>
hackers stole sensitive personal records on 145 million
Americans and hundreds of thousands in the UK <br>
<a href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/" target="_blank">https://www.theregister.co.uk/<wbr>2017/10/10/equifax_uk_records_<wbr>update/</a><br>
and Canada.<br>
<br>
The outfit already said cyber-crooks "primarily" took names,
social security numbers, birth dates, home addresses,
credit-score dispute forms, and, in some instances, credit
card numbers and driver license numbers. Now the
credit-checking giant reckons the intruders snatched even
more information from its databases.<br>
<br>
According to documents provided by Equifax to the US Senate
Banking Committee, <br>
and <u>revealed this month by Senator Elizabeth Warren
(D-MA)</u>, <br>
<a href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc" target="_blank">https://apnews.com/<wbr>2a51e3e5f9a945978df4ad96246b8e<wbr>cc</a><br>
the attackers also grabbed taxpayer identification numbers,
phone numbers, email addresses, and credit card expiry dates
belonging to some Equifax customers.<br>
<br>
Like social security numbers, taxpayer ID numbers are useful
for fraudsters seeking to steal people's identities or their
tax rebates, and the expiry dates are similarly useful for
online crooks when linked with credit card numbers and other
personal information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company continues to issue incomplete, confusing
and contradictory statements and hide information from
Congress and the public, it is clear that five months after
the breach was publicly announced, Equifax has yet to answer
this simple question in full: what was the precise extent of
the breach?" Warren fumed in a missive late last week.<br>
<a href="https://www.warren.senate.gov/?p=press_release&id=2317" target="_blank">https://www.warren.senate.gov/<wbr>?p=press_release&id=2317</a><br>
<br>
Equifax spokeswoman Meredith Griffanti stressed to The
Register today that the extra information snatched by
hackers, as revealed by Senator Warren, belonged to "some"
Equifax customers. In other words, not everyone had their
phone numbers, email addresses, and so on, slurped by crooks
just some. How much is some? Equifax isn't saying, hence
Warren's (and everyone else's) growing frustration.<br>
<br>
The senator is a cosponsor of the <u>proposed Data Breach
Prevention and Compensation Act, </u><br>
<a href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/" target="_blank">https://www.theregister.co.uk/<wbr>2018/01/10/credit_reporting_<wbr>agencies_fines/</a><br>
which, if passed, would impose computer security regulations
on credit reporting agencies, with mandatory fines that
would have led to Equifax coughing up $1.5bn for its IT
blunder.<br>
<br>
Some regulation or punishment is obviously needed.<br>
<br>
No senior Equifax executives were fired over the attack
instead the CEO, CSO and CIO were all allowed to retire with
multi-million dollar golden parachutes. The US government's
Consumer Financial Protection Bureau promised a full
investigation into the Equifax affair, and then gave up. On
February 7, an open letter [PDF] <br>
<a href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf" target="_blank">https://www.schatz.senate.gov/<wbr>imo/media/doc/CFPB%20Equifax%<wbr>20Letter%202-7-18.pdf</a><br>
from 32 senators to the bureau asked why the probe was
dropped, and the gang has yet to receive a response. ®<br>
</font></font></div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre cols="72">--
--
John Bambenek</pre>
</div>
</blockquote></div><br><br>-- <br><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div> <br>Regards <br>Nanghaka Daniel K.<br><span style="font-size:small">Executive Director - ILICIT Africa / Chair - FOSSFA / Community Lead - ISOC Uganda Chapter / Geo4Africa Lead / Organising Team - FOSS4G2018</span><br>Mobile +256 772 898298 (Uganda)<br></div><div>Skype: daniel.nanghaka<br></div><div><br></div><div>----------------------------------------- <i><span>"Working for Africa" </span></i>-----------------------------------------<br> <br><br></div></div></div></div></div></div></div></div></div></div></div></div><br>