[gnso-rds-pdp-wg] Fwd: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Tue Feb 13 16:53:31 UTC 2018

I know full well what data we are talking about. And you know full well
I know it to. But your pattern of bullying, sexism, condescension and
abuse CONTINUES to derail any meaningful discussion on these issues.

On 2/13/2018 10:51 AM, Volker Greimann wrote:
>
> The law does not differentiate. Personal data is personal data and the
> only one to decide what happens to it is the data subject.
>
> (And we are talking about names, addresses, telephone numbers and
> email addresses, thank you very much)
>
> Volker
>
>
> Am 13.02.2018 um 17:48 schrieb John Bambenek via gnso-rds-pdp-wg:
>>
>> Let's be honest here, we're talking about phone numbers and email
>> addresses. The threat model is RADICALLY different with the data we
>> are talking about.
>>
>>
>> On 2/13/2018 10:45 AM, Stephanie Perrin wrote:
>>>
>>> Undeterred by the fact that noone has responded to my last post, I
>>> offer the following update to the Equifax breach to further
>>> illustrate my point.  As many companies have found out, you don't
>>> find out what you've got till it's gone.....a further reason for
>>> data minimization and short retention periods.
>>>
>>>
>>> 	
>>>
>>> 	
>>>
>>> 	
>>>
>>> 	
>>> To: 	
>>>
>>>
>>> http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/
>>>
>>>
>>> *Equifax hack worse than previously thought: Biz kissed goodbye to
>>> card expiry dates, tax IDs etc*
>>> Pwned credit-score biz quietly admits more info lost
>>> By Iain Thomson in San Francisco 13 Feb 2018 at 02:13
>>>
>>> Last year, Equifax admitted
>>> https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/
>>> hackers stole sensitive personal records on 145 million Americans
>>> and hundreds of thousands in the UK
>>> https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/
>>> and Canada.
>>>
>>> The outfit already said cyber-crooks "primarily" took names, social
>>> security numbers, birth dates, home addresses, credit-score dispute
>>> forms, and, in some instances, credit card numbers and driver
>>> license numbers. Now the credit-checking giant reckons the intruders
>>> snatched even more information from its databases.
>>>
>>> According to documents provided by Equifax to the US Senate Banking
>>> Committee,
>>> and _revealed this month by Senator Elizabeth Warren (D-MA)_,
>>> https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc
>>> the attackers also grabbed taxpayer identification numbers, phone
>>> numbers, email addresses, and credit card expiry dates belonging to
>>> some Equifax customers.
>>>
>>> Like social security numbers, taxpayer ID numbers are useful for
>>> fraudsters seeking to steal people's identities or their tax
>>> rebates, and the expiry dates are similarly useful for online crooks
>>> when linked with credit card numbers and other personal information.
>>>
>>>
>>> *Contradictory*
>>>
>>> "As your company continues to issue incomplete, confusing and
>>> contradictory statements and hide information from Congress and the
>>> public, it is clear that five months after the breach was publicly
>>> announced, Equifax has yet to answer this simple question in full:
>>> what was the precise extent of the breach?" Warren fumed in a
>>> missive late last week.
>>> https://www.warren.senate.gov/?p=press_release&id=2317
>>>
>>> Equifax spokeswoman Meredith Griffanti stressed to The Register
>>> today that the extra information snatched by hackers, as revealed by
>>> Senator Warren, belonged to "some" Equifax customers. In other
>>> words, not everyone had their phone numbers, email addresses, and so
>>> on, slurped by crooks just some. How much is some? Equifax isn't
>>> saying, hence Warren's (and everyone else's) growing frustration.
>>>
>>> The senator is a cosponsor of the _proposed Data Breach Prevention
>>> and Compensation Act, _
>>> https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/
>>> which, if passed, would impose computer security regulations on
>>> credit reporting agencies, with mandatory fines that would have led
>>> to Equifax coughing up $1.5bn for its IT blunder.
>>>
>>> Some regulation or punishment is obviously needed.
>>>
>>> No senior Equifax executives were fired over the attack instead the
>>> CEO, CSO and CIO were all allowed to retire with multi-million
>>> dollar golden parachutes. The US government's Consumer Financial
>>> Protection Bureau promised a full investigation into the Equifax
>>> affair, and then gave up. On February 7, an open letter [PDF]
>>> https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf
>>> from 32 senators to the bureau asked why the probe was dropped, and
>>> the gang has yet to receive a response. ®
>>>
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>> -- 
>> --
>>
>> John Bambenek
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-- 
--

John Bambenek

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180213/e2ed4c84/attachment.html>