[gnso-rds-pdp-wg] Fwd: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Tue Feb 13 16:58:13 UTC 2018

With respect, John, I think you'd do well to reflect on how you communicate on this list. I think the same comment you just made to Volker could apply equally to a large number of the posts you have sent to this mailing list.

Kind regards,

Ayden

-------- Original Message --------
On 13 February 2018 5:53 PM, John Bambenek via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org> wrote:

> I know full well what data we are talking about. And you know full well I know it to. But your pattern of bullying, sexism, condescension and abuse CONTINUES to derail any meaningful discussion on these issues.
>
> On 2/13/2018 10:51 AM, Volker Greimann wrote:
>
>> The law does not differentiate. Personal data is personal data and the only one to decide what happens to it is the data subject.
>>
>> (And we are talking about names, addresses, telephone numbers and email addresses, thank you very much)
>>
>> Volker
>>
>> Am 13.02.2018 um 17:48 schrieb John Bambenek via gnso-rds-pdp-wg:
>>
>>> Let's be honest here, we're talking about phone numbers and email addresses. The threat model is RADICALLY different with the data we are talking about.
>>>
>>> On 2/13/2018 10:45 AM, Stephanie Perrin wrote:
>>>
>>>> Undeterred by the fact that noone has responded to my last post, I offer the following update to the Equifax breach to further illustrate my point.  As many companies have found out, you don't find out what you've got till it's gone.....a further reason for data minimization and short retention periods.
>>>>
>>>> To:
>>>>
>>>> http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/
>>>>
>>>> Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc
>>>> Pwned credit-score biz quietly admits more info lost
>>>> By Iain Thomson in San Francisco 13 Feb 2018 at 02:13
>>>>
>>>> Last year, Equifax admitted
>>>> https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/
>>>> hackers stole sensitive personal records on 145 million Americans and hundreds of thousands in the UK
>>>> https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/
>>>> and Canada.
>>>>
>>>> The outfit already said cyber-crooks "primarily" took names, social security numbers, birth dates, home addresses, credit-score dispute forms, and, in some instances, credit card numbers and driver license numbers. Now the credit-checking giant reckons the intruders snatched even more information from its databases.
>>>>
>>>> According to documents provided by Equifax to the US Senate Banking Committee,
>>>> and revealed this month by Senator Elizabeth Warren (D-MA),
>>>> https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc
>>>> the attackers also grabbed taxpayer identification numbers, phone numbers, email addresses, and credit card expiry dates belonging to some Equifax customers.
>>>>
>>>> Like social security numbers, taxpayer ID numbers are useful for fraudsters seeking to steal people's identities or their tax rebates, and the expiry dates are similarly useful for online crooks when linked with credit card numbers and other personal information.
>>>>
>>>> Contradictory
>>>>
>>>> "As your company continues to issue incomplete, confusing and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?" Warren fumed in a missive late last week.
>>>> https://www.warren.senate.gov/?p=press_release&id=2317
>>>>
>>>> Equifax spokeswoman Meredith Griffanti stressed to The Register today that the extra information snatched by hackers, as revealed by Senator Warren, belonged to "some" Equifax customers. In other words, not everyone had their phone numbers, email addresses, and so on, slurped by crooks just some. How much is some? Equifax isn't saying, hence Warren's (and everyone else's) growing frustration.
>>>>
>>>> The senator is a cosponsor of the proposed Data Breach Prevention and Compensation Act,
>>>> https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/
>>>> which, if passed, would impose computer security regulations on credit reporting agencies, with mandatory fines that would have led to Equifax coughing up $1.5bn for its IT blunder.
>>>>
>>>> Some regulation or punishment is obviously needed.
>>>>
>>>> No senior Equifax executives were fired over the attack instead the CEO, CSO and CIO were all allowed to retire with multi-million dollar golden parachutes. The US government's Consumer Financial Protection Bureau promised a full investigation into the Equifax affair, and then gave up. On February 7, an open letter [PDF]
>>>> https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf
>>>> from 32 senators to the bureau asked why the probe was dropped, and the gang has yet to receive a response. ®
>>>>
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>>
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>> --
>>> --
>>>
>>> John Bambenek
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>>
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> --
> --
>
> John Bambenek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180213/35272d5c/attachment.html>