<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Consolas;

        panose-1:2 11 6 9 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;

        color:black;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

pre

        {mso-style-priority:99;

        mso-style-link:"HTML Preformatted Char";

        margin:0in;

        margin-bottom:.0001pt;

        font-size:10.0pt;

        font-family:"Courier New";

        color:black;}

span.HTMLPreformattedChar

        {mso-style-name:"HTML Preformatted Char";

        mso-style-priority:99;

        mso-style-link:"HTML Preformatted";

        font-family:Consolas;

        color:black;}

p.msonormal0, li.msonormal0, div.msonormal0

        {mso-style-name:msonormal;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;

        color:black;}

span.EmailStyle20

        {mso-style-type:personal;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

span.EmailStyle21

        {mso-style-type:personal;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

span.EmailStyle22

        {mso-style-type:personal;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

span.EmailStyle23

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal"><span style="color:windowtext">Nope.  Those don’t recommend any new RAA requirements that will protect the data collected and stored by registrars.  They recommend discussion of such.

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="color:windowtext">I’m sure folks could imagine a variety of information security requirements that could be incorporated into the RAA.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:windowtext"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:windowtext"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext"> Michele Neylon - Blacknight [mailto:michele@blacknight.com]

<br>

<b>Sent:</b> Tuesday, February 13, 2018 12:28 PM<br>

<b>To:</b> Greg Aaron <gca@icginc.com>; John Bambenek <jcb@bambenekconsulting.com>; Chris Pelling <chris@netearth.net>; 'RDS PDP WG' <gnso-rds-pdp-wg@icann.org><br>

<b>Subject:</b> Re: [gnso-rds-pdp-wg] Fwd: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal"><span lang="EN-GB" style="color:windowtext">Greg<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB" style="color:windowtext"><o:p> </o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB" style="color:windowtext">I assume you’re referring to this?<o:p></o:p></span></p>

<p class="MsoNormal"><a href="https://www.icann.org/en/system/files/files/resolutions-implementation-recs-ssac-advice-scorecard-04feb18-en.pdf"><span lang="EN-IE" style="color:purple">https://www.icann.org/en/system/files/files/resolutions-implementation-recs-ssac-advice-scorecard-04feb18-en.pdf</span></a><span lang="EN-IE" style="color:windowtext"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB" style="color:windowtext"><o:p> </o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB" style="color:windowtext">Regards<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB" style="color:windowtext"><o:p> </o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB" style="color:windowtext">Michele<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB" style="color:windowtext"><o:p> </o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB" style="color:windowtext"><o:p> </o:p></span></p>

<div>

<p class="MsoNormal"><span lang="EN-GB">--<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB">Mr Michele Neylon<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB">Blacknight Solutions<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB">Hosting, Colocation & Domains<o:p></o:p></span></p>

<p class="MsoNormal"><a href="https://www.blacknight.com/"><span lang="EN-GB">https://www.blacknight.com/</span></a><span lang="EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><a href="http://blacknight.blog/"><span lang="EN-GB">http://blacknight.blog/</span></a><span lang="EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB">Intl. +353 (0) 59  9183072<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB">Direct Dial: +353 (0)59 9183090<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB">Personal blog: </span><a href="https://michele.blog/"><span lang="EN-GB">https://michele.blog/</span></a><span lang="EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB">Some thoughts: </span><a href="https://ceo.hosting/"><span lang="EN-GB">https://ceo.hosting/</span></a>

<span lang="EN-GB"><o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB">-------------------------------<o:p></o:p></span></p>

<p class="MsoNormal"><span lang="EN-GB">Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty<o:p></o:p></span></p>

</div>

<p class="MsoNormal"><span lang="EN-GB">Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845</span><span lang="EN-GB" style="color:windowtext"><o:p></o:p></span></p>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span lang="EN-IE" style="font-size:12.0pt">From: </span>

</b><span lang="EN-IE" style="font-size:12.0pt">gnso-rds-pdp-wg <</span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org"><span lang="EN-IE" style="font-size:12.0pt">gnso-rds-pdp-wg-bounces@icann.org</span></a><span lang="EN-IE" style="font-size:12.0pt">>

 on behalf of Greg Aaron <</span><a href="mailto:gca@icginc.com"><span lang="EN-IE" style="font-size:12.0pt">gca@icginc.com</span></a><span lang="EN-IE" style="font-size:12.0pt">><br>

<b>Date: </b>Tuesday 13 February 2018 at 17:06<br>

<b>To: </b>John Bambenek <</span><a href="mailto:jcb@bambenekconsulting.com"><span lang="EN-IE" style="font-size:12.0pt">jcb@bambenekconsulting.com</span></a><span lang="EN-IE" style="font-size:12.0pt">>, Chris Pelling <</span><a href="mailto:chris@netearth.net"><span lang="EN-IE" style="font-size:12.0pt">chris@netearth.net</span></a><span lang="EN-IE" style="font-size:12.0pt">>,

 'RDS PDP WG' <</span><a href="mailto:gnso-rds-pdp-wg@icann.org"><span lang="EN-IE" style="font-size:12.0pt">gnso-rds-pdp-wg@icann.org</span></a><span lang="EN-IE" style="font-size:12.0pt">><br>

<b>Subject: </b>Re: [gnso-rds-pdp-wg] Fwd: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-IE" style="color:windowtext"><o:p> </o:p></span></p>

</div>

<p class="MsoNormal"><a name="_MailOriginalBody"><span lang="EN-IE" style="color:windowtext">John’s point is a fair one: the risk levels are very different.  Comparing social security numbers to phone numbers is an apples-to-oranges comparison.</span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="color:windowtext"> </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="color:windowtext">A logical conclusion is that folks should be very concerned about the information security practices at their registrars, which is where the most sensitive

 data is collected and stored.  Anyone up for inserting better security requirements into the RAA?  ;-)</span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="color:windowtext"> </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:10.0pt;color:windowtext"> </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="color:windowtext"> </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><b><span lang="EN-IE" style="color:windowtext">From:</span></b></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="color:windowtext"> gnso-rds-pdp-wg [</span></span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">mailto:gnso-rds-pdp-wg-bounces@icann.org</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="color:windowtext">]

<b>On Behalf Of </b>John Bambenek via gnso-rds-pdp-wg<br>

<b>Sent:</b> Tuesday, February 13, 2018 11:54 AM<br>

<b>To:</b> Chris Pelling <</span></span><a href="mailto:chris@netearth.net"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">chris@netearth.net</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="color:windowtext">>;

 gnso-rds-pdp-wg <</span></span><a href="mailto:gnso-rds-pdp-wg@icann.org"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">gnso-rds-pdp-wg@icann.org</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="color:windowtext">><br>

<b>Subject:</b> Re: [gnso-rds-pdp-wg] Fwd: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc</span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

</div>

</div>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"> <o:p></o:p></span></span></p>

<p><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">My personal data WAS stolen in the Equifax breach. People can do real fraud with that. My point is that having my address, phone number and email his radically different risks than financial

 information. That is the only point I was making.<o:p></o:p></span></span></p>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"> <o:p></o:p></span></span></p>

<div>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">On 2/13/2018 10:52 AM, Chris Pelling wrote:<o:p></o:p></span></span></p>

</div>

<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">

<div>

<div>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif">Please don't diss valid points John - I am sure if your personal information was stolen in this attack and they had

 your SSN/TIN, credit card number and expiry date, you would be singing a different tune.</span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

</div>

<div>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

</div>

<div>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif">Kind regards,<br>

<br>

Chris</span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

</div>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"><img border="0" width="1532" height="1" style="width:15.9583in;height:.0104in" id="Horizontal_x0020_Line_x0020_1" src="cid:image002.png@01D3A4CD.50D0D2B0" alt="cid:image001.png@01D3A4EF.EE146790"></span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></span></p>

<div>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><b><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif">From:

</span></b></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif">"gnso-rds-pdp-wg"

</span></span><a href="mailto:gnso-rds-pdp-wg@icann.org"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"><gnso-rds-pdp-wg@icann.org></span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"><br>

<b>To: </b>"gnso-rds-pdp-wg" </span></span><a href="mailto:gnso-rds-pdp-wg@icann.org"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"><gnso-rds-pdp-wg@icann.org></span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"><br>

<b>Sent: </b>Tuesday, 13 February, 2018 16:48:27<br>

<b>Subject: </b>Re: [gnso-rds-pdp-wg] Fwd: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc</span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

</div>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<div>

<p><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif">Let's be honest here, we're talking about phone numbers and email addresses. The threat model is RADICALLY different with the data we

 are talking about.</span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<div>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif">On 2/13/2018 10:45 AM, Stephanie Perrin wrote:</span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

</div>

<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">

<p><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif">Undeterred by the fact that noone has responded to my last post, I offer the following update to the Equifax breach to further illustrate

 my point.  As many companies have found out, you don't find out what you've got till it's gone.....a further reason for data minimization and short retention periods.</span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<div>

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="787" style="width:590.25pt">

<tbody>

<tr>

<td nowrap="" valign="top" style="padding:0in 0in 0in 0in"><span style="mso-bookmark:_MailOriginalBody"></span></td>

<span style="mso-bookmark:_MailOriginalBody"></span>

<td style="padding:0in 0in 0in 0in"><span style="mso-bookmark:_MailOriginalBody"></span></td>

<span style="mso-bookmark:_MailOriginalBody"></span>

</tr>

<tr>

<td nowrap="" valign="top" style="padding:0in 0in 0in 0in"><span style="mso-bookmark:_MailOriginalBody"></span></td>

<span style="mso-bookmark:_MailOriginalBody"></span>

<td style="padding:0in 0in 0in 0in"><span style="mso-bookmark:_MailOriginalBody"></span></td>

<span style="mso-bookmark:_MailOriginalBody"></span>

</tr>

<tr>

<td nowrap="" valign="top" style="padding:0in 0in 0in 0in"><span style="mso-bookmark:_MailOriginalBody"></span></td>

<span style="mso-bookmark:_MailOriginalBody"></span>

<td style="padding:0in 0in 0in 0in"><span style="mso-bookmark:_MailOriginalBody"></span></td>

<span style="mso-bookmark:_MailOriginalBody"></span>

</tr>

<tr>

<td nowrap="" valign="top" style="padding:0in 0in 0in 0in"><span style="mso-bookmark:_MailOriginalBody"></span></td>

<span style="mso-bookmark:_MailOriginalBody"></span>

<td style="padding:0in 0in 0in 0in"><span style="mso-bookmark:_MailOriginalBody"></span></td>

<span style="mso-bookmark:_MailOriginalBody"></span>

</tr>

<tr>

<td nowrap="" valign="top" style="padding:0in 0in 0in 0in">

<p class="MsoNormal" align="right" style="text-align:right"><span style="mso-bookmark:_MailOriginalBody"><b>To:

</b><o:p></o:p></span></p>

</td>

<span style="mso-bookmark:_MailOriginalBody"></span>

<td style="padding:0in 0in 0in 0in"><span style="mso-bookmark:_MailOriginalBody"></span></td>

<span style="mso-bookmark:_MailOriginalBody"></span>

</tr>

</tbody>

</table>

<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"><br>

</span></span><a href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/" target="_blank"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif">http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif"><br>

<br>

<br>

<b>Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc</b><br>

Pwned credit-score biz quietly admits more info lost<br>

By Iain Thomson in San Francisco 13 Feb 2018 at 02:13<br>

<br>

Last year, Equifax admitted <br>

</span></span><a href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/" target="_blank"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif">https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif"><br>

hackers stole sensitive personal records on 145 million Americans and hundreds of thousands in the UK

<br>

</span></span><a href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/" target="_blank"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif">https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif"><br>

and Canada.<br>

<br>

The outfit already said cyber-crooks "primarily" took names, social security numbers, birth dates, home addresses, credit-score dispute forms, and, in some instances, credit card numbers and driver license numbers. Now the credit-checking giant reckons the

 intruders snatched even more information from its databases.<br>

<br>

According to documents provided by Equifax to the US Senate Banking Committee, <br>

and <u>revealed this month by Senator Elizabeth Warren (D-MA)</u>, <br>

</span></span><a href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc" target="_blank"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif">https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif"><br>

the attackers also grabbed taxpayer identification numbers, phone numbers, email addresses, and credit card expiry dates belonging to some Equifax customers.<br>

<br>

Like social security numbers, taxpayer ID numbers are useful for fraudsters seeking to steal people's identities or their tax rebates, and the expiry dates are similarly useful for online crooks when linked with credit card numbers and other personal information.<br>

<br>

<br>

<b>Contradictory</b><br>

<br>

"As your company continues to issue incomplete, confusing and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in

 full: what was the precise extent of the breach?" Warren fumed in a missive late last week.<br>

</span></span><a href="https://www.warren.senate.gov/?p=press_release&id=2317" target="_blank"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif">https://www.warren.senate.gov/?p=press_release&id=2317</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif"><br>

<br>

Equifax spokeswoman Meredith Griffanti stressed to The Register today that the extra information snatched by hackers, as revealed by Senator Warren, belonged to "some" Equifax customers. In other words, not everyone had their phone numbers, email addresses,

 and so on, slurped by crooks just some. How much is some? Equifax isn't saying, hence Warren's (and everyone else's) growing frustration.<br>

<br>

The senator is a cosponsor of the <u>proposed Data Breach Prevention and Compensation Act,

</u><br>

</span></span><a href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/" target="_blank"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif">https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif"><br>

which, if passed, would impose computer security regulations on credit reporting agencies, with mandatory fines that would have led to Equifax coughing up $1.5bn for its IT blunder.<br>

<br>

Some regulation or punishment is obviously needed.<br>

<br>

No senior Equifax executives were fired over the attack instead the CEO, CSO and CIO were all allowed to retire with multi-million dollar golden parachutes. The US government's Consumer Financial Protection Bureau promised a full investigation into the Equifax

 affair, and then gave up. On February 7, an open letter [PDF] <br>

</span></span><a href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf" target="_blank"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif">https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:13.5pt;font-family:"Times New Roman",serif"><br>

from 32 senators to the bureau asked why the probe was dropped, and the gang has yet to receive a response. ®</span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

</div>

<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<pre><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">_______________________________________________<o:p></o:p></span></span></pre>

<pre><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">gnso-rds-pdp-wg mailing list<o:p></o:p></span></span></pre>

<pre><span style="mso-bookmark:_MailOriginalBody"></span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">gnso-rds-pdp-wg@icann.org</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></pre>

<pre><span style="mso-bookmark:_MailOriginalBody"></span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></pre>

</blockquote>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"> </span></span><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

<pre><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">-- <o:p></o:p></span></span></pre>

<pre><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">--<o:p></o:p></span></span></pre>

<pre><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"> <o:p></o:p></span></span></pre>

<pre><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">John Bambenek<o:p></o:p></span></span></pre>

<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"><br>

_______________________________________________<br>

gnso-rds-pdp-wg mailing list<br>

</span></span><a href="mailto:gnso-rds-pdp-wg@icann.org"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif">gnso-rds-pdp-wg@icann.org</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif"><br>

</span></span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE" style="font-size:12.0pt;font-family:"Arial",sans-serif">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"><o:p></o:p></span></span></p>

</div>

</div>

</blockquote>

<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"> <o:p></o:p></span></span></p>

<pre><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">-- <o:p></o:p></span></span></pre>

<pre><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">--<o:p></o:p></span></span></pre>

<pre><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE"> <o:p></o:p></span></span></pre>

<pre><span style="mso-bookmark:_MailOriginalBody"><span lang="EN-IE">John Bambenek</span></span><span lang="EN-IE"><o:p></o:p></span></pre>

</div>

</body>

</html>