[gnso-rds-pdp-wg] Fwd: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

John Bambenek jcb at bambenekconsulting.com
Tue Feb 13 17:03:22 UTC 2018 

Which is why I have stated repeatedly, vigorsly, and consistently whois
privacy SHOULD be FREE. Let the CONSUMER make that choice, not a bunch
of mostly American and European guys telling the world how they need to
do business. I don't care if MY number is out there. So the question is,
why create a system that prevents me from sharing MY OWN information as
I see fit?


On 2/13/2018 11:01 AM, Chris Pelling wrote:
> So was mine in the UK, and ICANN keeping or requiring ANY retention of
> data for long periods of time IMHO is dangerous.  
> Equifax dropped the ball here, and a lot (you and I both plus god know
> really how many others) have had their personal data stolen.
> I dont want my telephone number to be out in the wild, nor any of my
> other details quite frankly.
>
> Kind regards,
>
> Chris
>
> ------------------------------------------------------------------------
> *From: *"John Bambenek" <jcb at bambenekconsulting.com>
> *To: *"Chris Pelling" <chris at netearth.net>, "gnso-rds-pdp-wg"
> <gnso-rds-pdp-wg at icann.org>
> *Sent: *Tuesday, 13 February, 2018 16:54:29
> *Subject: *Re: [gnso-rds-pdp-wg] Fwd: Equifax hack worse than
> previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc
>
> My personal data WAS stolen in the Equifax breach. People can do real
> fraud with that. My point is that having my address, phone number and
> email his radically different risks than financial information. That
> is the only point I was making.
>
>
> On 2/13/2018 10:52 AM, Chris Pelling wrote:
>
>     Please don't diss valid points John - I am sure if your personal
>     information was stolen in this attack and they had your SSN/TIN,
>     credit card number and expiry date, you would be singing a
>     different tune.
>
>     Kind regards,
>
>     Chris
>
>     ------------------------------------------------------------------------
>     *From: *"gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org>
>     *To: *"gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org>
>     *Sent: *Tuesday, 13 February, 2018 16:48:27
>     *Subject: *Re: [gnso-rds-pdp-wg] Fwd: Equifax hack worse than
>     previously thought: Biz kissed goodbye to card expiry dates, tax
>     IDs etc
>
>     Let's be honest here, we're talking about phone numbers and email
>     addresses. The threat model is RADICALLY different with the data
>     we are talking about.
>
>
>     On 2/13/2018 10:45 AM, Stephanie Perrin wrote:
>
>         Undeterred by the fact that noone has responded to my last
>         post, I offer the following update to the Equifax breach to
>         further illustrate my point.  As many companies have found
>         out, you don't find out what you've got till it's gone.....a
>         further reason for data minimization and short retention periods.
>
>
>         	
>
>         	
>
>         	
>
>         	
>         To: 	
>
>
>         http://www.theregister.co.uk/2018/02/13/equifax_security_breach_bad/
>
>
>         *Equifax hack worse than previously thought: Biz kissed
>         goodbye to card expiry dates, tax IDs etc*
>         Pwned credit-score biz quietly admits more info lost
>         By Iain Thomson in San Francisco 13 Feb 2018 at 02:13
>
>         Last year, Equifax admitted
>         https://www.theregister.co.uk/2017/09/07/143m_american_equifax_customers_exposed/
>         hackers stole sensitive personal records on 145 million
>         Americans and hundreds of thousands in the UK
>         https://www.theregister.co.uk/2017/10/10/equifax_uk_records_update/
>         and Canada.
>
>         The outfit already said cyber-crooks "primarily" took names,
>         social security numbers, birth dates, home addresses,
>         credit-score dispute forms, and, in some instances, credit
>         card numbers and driver license numbers. Now the
>         credit-checking giant reckons the intruders snatched even more
>         information from its databases.
>
>         According to documents provided by Equifax to the US Senate
>         Banking Committee,
>         and revealed this month by Senator Elizabeth Warren (D-MA),
>         https://apnews.com/2a51e3e5f9a945978df4ad96246b8ecc
>         the attackers also grabbed taxpayer identification numbers,
>         phone numbers, email addresses, and credit card expiry dates
>         belonging to some Equifax customers.
>
>         Like social security numbers, taxpayer ID numbers are useful
>         for fraudsters seeking to steal people's identities or their
>         tax rebates, and the expiry dates are similarly useful for
>         online crooks when linked with credit card numbers and other
>         personal information.
>
>
>         *Contradictory*
>
>         "As your company continues to issue incomplete, confusing and
>         contradictory statements and hide information from Congress
>         and the public, it is clear that five months after the breach
>         was publicly announced, Equifax has yet to answer this simple
>         question in full: what was the precise extent of the breach?"
>         Warren fumed in a missive late last week.
>         https://www.warren.senate.gov/?p=press_release&id=2317
>
>         Equifax spokeswoman Meredith Griffanti stressed to The
>         Register today that the extra information snatched by hackers,
>         as revealed by Senator Warren, belonged to "some" Equifax
>         customers. In other words, not everyone had their phone
>         numbers, email addresses, and so on, slurped by crooks just
>         some. How much is some? Equifax isn't saying, hence Warren's
>         (and everyone else's) growing frustration.
>
>         The senator is a cosponsor of the proposed Data Breach
>         Prevention and Compensation Act,
>         https://www.theregister.co.uk/2018/01/10/credit_reporting_agencies_fines/
>         which, if passed, would impose computer security regulations
>         on credit reporting agencies, with mandatory fines that would
>         have led to Equifax coughing up $1.5bn for its IT blunder.
>
>         Some regulation or punishment is obviously needed.
>
>         No senior Equifax executives were fired over the attack
>         instead the CEO, CSO and CIO were all allowed to retire with
>         multi-million dollar golden parachutes. The US government's
>         Consumer Financial Protection Bureau promised a full
>         investigation into the Equifax affair, and then gave up. On
>         February 7, an open letter [PDF]
>         https://www.schatz.senate.gov/imo/media/doc/CFPB%20Equifax%20Letter%202-7-18.pdf
>         from 32 senators to the bureau asked why the probe was
>         dropped, and the gang has yet to receive a response. ®
>
>
>         _______________________________________________
>         gnso-rds-pdp-wg mailing list
>         gnso-rds-pdp-wg at icann.org
>         https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>     -- 
>     --
>
>     John Bambenek
>
>
>     _______________________________________________
>     gnso-rds-pdp-wg mailing list
>     gnso-rds-pdp-wg at icann.org
>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> -- 
> --
>
> John Bambenek
>

-- 
--

John Bambenek

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180213/29e31f7b/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list