<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>My personal data WAS stolen in the Equifax breach. People can do
real fraud with that. My point is that having my address, phone
number and email his radically different risks than financial
information. That is the only point I was making.<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:52 AM, Chris Pelling
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1415844100.525.1518540749465.JavaMail.zimbra@netearth.net">
<div style="font-family: Arial; font-size: 12pt; color: #000000">
<div>Please don't diss valid points John - I am sure if your
personal information was stolen in this attack and they had
your SSN/TIN, credit card number and expiry date, you would be
singing a different tune.</div>
<div><br>
</div>
<div data-marker="__SIG_PRE__">Kind regards,<br>
<br>
Chris</div>
<br>
<hr id="zwchr" data-marker="__DIVIDER__">
<div data-marker="__HEADERS__"><b>From: </b>"gnso-rds-pdp-wg"
<a class="moz-txt-link-rfc2396E" href="mailto:gnso-rds-pdp-wg@icann.org"><gnso-rds-pdp-wg@icann.org></a><br>
<b>To: </b>"gnso-rds-pdp-wg"
<a class="moz-txt-link-rfc2396E" href="mailto:gnso-rds-pdp-wg@icann.org"><gnso-rds-pdp-wg@icann.org></a><br>
<b>Sent: </b>Tuesday, 13 February, 2018 16:48:27<br>
<b>Subject: </b>Re: [gnso-rds-pdp-wg] Fwd: Equifax hack worse
than previously thought: Biz kissed goodbye to card expiry
dates, tax IDs etc<br>
</div>
<br>
<div data-marker="__QUOTED_TEXT__">
<p>Let's be honest here, we're talking about phone numbers and
email addresses. The threat model is RADICALLY different
with the data we are talking about.<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:45 AM, Stephanie
Perrin wrote:<br>
</div>
<blockquote
cite="mid:719df73e-bbbd-f0d5-db38-1b8648f75811@mail.utoronto.ca">
<p>Undeterred by the fact that noone has responded to my
last post, I offer the following update to the Equifax
breach to further illustrate my point. As many companies
have found out, you don't find out what you've got till
it's gone.....a further reason for data minimization and
short retention periods.<br>
</p>
<div class="moz-forward-container">
<table class="moz-email-headers-table" cellspacing="0"
cellpadding="0" width="787" border="0">
<tbody>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">To:
</th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<span face="Times New Roman" data-mce-style="font-family:
'Times New Roman';" style="font-family: 'Times New
Roman';"><span size="3" data-mce-style="font-size:
medium;" style="font-size: medium;"><a
class="moz-txt-link-freetext"
href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/"
target="_blank" moz-do-not-send="true">http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/</a><br>
<br>
<br>
<b>Equifax hack worse than previously thought: Biz
kissed goodbye to card expiry dates, tax IDs etc</b><br>
Pwned credit-score biz quietly admits more info lost<br>
By Iain Thomson in San Francisco 13 Feb 2018 at 02:13<br>
<br>
Last year, Equifax admitted <br>
<a class="moz-txt-link-freetext"
href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/</a><br>
hackers stole sensitive personal records on 145
million Americans and hundreds of thousands in the UK
<br>
<a class="moz-txt-link-freetext"
href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/</a><br>
and Canada.<br>
<br>
The outfit already said cyber-crooks "primarily" took
names, social security numbers, birth dates, home
addresses, credit-score dispute forms, and, in some
instances, credit card numbers and driver license
numbers. Now the credit-checking giant reckons the
intruders snatched even more information from its
databases.<br>
<br>
According to documents provided by Equifax to the US
Senate Banking Committee, <br>
and <span data-mce-style="text-decoration:
underline;" style="text-decoration: underline;">revealed
this month by Senator Elizabeth Warren (D-MA)</span>,
<br>
<a class="moz-txt-link-freetext"
href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc"
target="_blank" moz-do-not-send="true">https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc</a><br>
the attackers also grabbed taxpayer identification
numbers, phone numbers, email addresses, and credit
card expiry dates belonging to some Equifax customers.<br>
<br>
Like social security numbers, taxpayer ID numbers are
useful for fraudsters seeking to steal people's
identities or their tax rebates, and the expiry dates
are similarly useful for online crooks when linked
with credit card numbers and other personal
information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company continues to issue incomplete,
confusing and contradictory statements and hide
information from Congress and the public, it is clear
that five months after the breach was publicly
announced, Equifax has yet to answer this simple
question in full: what was the precise extent of the
breach?" Warren fumed in a missive late last week.<br>
<a class="moz-txt-link-freetext"
href="https://www.warren.senate.gov/?p=press_release&id=2317"
target="_blank" moz-do-not-send="true">https://www.warren.senate.gov/?p=press_release&id=2317</a><br>
<br>
Equifax spokeswoman Meredith Griffanti stressed to The
Register today that the extra information snatched by
hackers, as revealed by Senator Warren, belonged to
"some" Equifax customers. In other words, not everyone
had their phone numbers, email addresses, and so on,
slurped by crooks just some. How much is some? Equifax
isn't saying, hence Warren's (and everyone else's)
growing frustration.<br>
<br>
The senator is a cosponsor of the <span
data-mce-style="text-decoration: underline;"
style="text-decoration: underline;">proposed Data
Breach Prevention and Compensation Act, </span><br>
<a class="moz-txt-link-freetext"
href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/"
target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/</a><br>
which, if passed, would impose computer security
regulations on credit reporting agencies, with
mandatory fines that would have led to Equifax
coughing up $1.5bn for its IT blunder.<br>
<br>
Some regulation or punishment is obviously needed.<br>
<br>
No senior Equifax executives were fired over the
attack instead the CEO, CSO and CIO were all allowed
to retire with multi-million dollar golden parachutes.
The US government's Consumer Financial Protection
Bureau promised a full investigation into the Equifax
affair, and then gave up. On February 7, an open
letter [PDF] <br>
<a class="moz-txt-link-freetext"
href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf"
target="_blank" moz-do-not-send="true">https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf</a><br>
from 32 senators to the bureau asked why the probe was
dropped, and the gang has yet to receive a response. ®<br>
</span></span></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature">--
--
John Bambenek</pre>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
John Bambenek</pre>
</body>
</html>