<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>The law does not differentiate. Personal data is personal data
and the only one to decide what happens to it is the data subject.
<br>
</p>
<p>(And we are talking about names, addresses, telephone numbers and
email addresses, thank you very much)</p>
<p>Volker<br>
</p>
<br>
<div class="moz-cite-prefix">Am 13.02.2018 um 17:48 schrieb John
Bambenek via gnso-rds-pdp-wg:<br>
</div>
<blockquote type="cite"
cite="mid:0f109e63-e507-e798-f551-a9d349c0a6fe@bambenekconsulting.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<p>Let's be honest here, we're talking about phone numbers and
email addresses. The threat model is RADICALLY different with
the data we are talking about.<br>
</p>
<br>
<div class="moz-cite-prefix">On 2/13/2018 10:45 AM, Stephanie
Perrin wrote:<br>
</div>
<blockquote type="cite"
cite="mid:719df73e-bbbd-f0d5-db38-1b8648f75811@mail.utoronto.ca">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<p>Undeterred by the fact that noone has responded to my last
post, I offer the following update to the Equifax breach to
further illustrate my point. As many companies have found
out, you don't find out what you've got till it's gone.....a
further reason for data minimization and short retention
periods.<br>
</p>
<div class="moz-forward-container">
<table class="moz-email-headers-table" cellspacing="0"
cellpadding="0" height="107" width="787" border="0">
<tbody>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT"><br>
</th>
<td><br>
</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">To:
</th>
<td><br>
</td>
</tr>
</tbody>
</table>
<br>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<font default="FACE" face="Times New Roman"><font
pointsize="12" default="SIZE" size="3"><a
class="moz-txt-link-freetext"
href="http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/"
moz-do-not-send="true">http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/</a><br>
<br>
<br>
<b>Equifax hack worse than previously thought: Biz kissed
goodbye to card expiry dates, tax IDs etc</b><br>
Pwned credit-score biz quietly admits more info lost<br>
By Iain Thomson in San Francisco 13 Feb 2018 at 02:13<br>
<br>
Last year, Equifax admitted <br>
<a class="moz-txt-link-freetext"
href="https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/"
moz-do-not-send="true">https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/</a><br>
hackers stole sensitive personal records on 145 million
Americans and hundreds of thousands in the UK <br>
<a class="moz-txt-link-freetext"
href="https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/"
moz-do-not-send="true">https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/</a><br>
and Canada.<br>
<br>
The outfit already said cyber-crooks "primarily" took
names, social security numbers, birth dates, home
addresses, credit-score dispute forms, and, in some
instances, credit card numbers and driver license numbers.
Now the credit-checking giant reckons the intruders
snatched even more information from its databases.<br>
<br>
According to documents provided by Equifax to the US
Senate Banking Committee, <br>
and <u>revealed this month by Senator Elizabeth Warren
(D-MA)</u>, <br>
<a class="moz-txt-link-freetext"
href="https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc"
moz-do-not-send="true">https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc</a><br>
the attackers also grabbed taxpayer identification
numbers, phone numbers, email addresses, and credit card
expiry dates belonging to some Equifax customers.<br>
<br>
Like social security numbers, taxpayer ID numbers are
useful for fraudsters seeking to steal people's identities
or their tax rebates, and the expiry dates are similarly
useful for online crooks when linked with credit card
numbers and other personal information.<br>
<br>
<br>
<b>Contradictory</b><br>
<br>
"As your company continues to issue incomplete, confusing
and contradictory statements and hide information from
Congress and the public, it is clear that five months
after the breach was publicly announced, Equifax has yet
to answer this simple question in full: what was the
precise extent of the breach?" Warren fumed in a missive
late last week.<br>
<a class="moz-txt-link-freetext"
href="https://www.warren.senate.gov/?p=press_release&id=2317"
moz-do-not-send="true">https://www.warren.senate.gov/?p=press_release&id=2317</a><br>
<br>
Equifax spokeswoman Meredith Griffanti stressed to The
Register today that the extra information snatched by
hackers, as revealed by Senator Warren, belonged to "some"
Equifax customers. In other words, not everyone had their
phone numbers, email addresses, and so on, slurped by
crooks just some. How much is some? Equifax isn't saying,
hence Warren's (and everyone else's) growing frustration.<br>
<br>
The senator is a cosponsor of the <u>proposed Data Breach
Prevention and Compensation Act, </u><br>
<a class="moz-txt-link-freetext"
href="https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/"
moz-do-not-send="true">https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/</a><br>
which, if passed, would impose computer security
regulations on credit reporting agencies, with mandatory
fines that would have led to Equifax coughing up $1.5bn
for its IT blunder.<br>
<br>
Some regulation or punishment is obviously needed.<br>
<br>
No senior Equifax executives were fired over the attack
instead the CEO, CSO and CIO were all allowed to retire
with multi-million dollar golden parachutes. The US
government's Consumer Financial Protection Bureau promised
a full investigation into the Equifax affair, and then
gave up. On February 7, an open letter [PDF] <br>
<a class="moz-txt-link-freetext"
href="https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf"
moz-do-not-send="true">https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf</a><br>
from 32 senators to the bureau asked why the probe was
dropped, and the gang has yet to receive a response. ®<br>
</font></font></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
John Bambenek</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</body>
</html>