Equifax Breach Was Worse Than Originally Told

Last September, the credit bureau Equifax announced that their database of consumer information had been breached, exposing about 145 million records, including names, birthdays, Social Security numbers, and some drivers licenses. Most of this information doesn’t change, meaning that the data will stay valid for years, so the thieves can take their time selling off the information to the highest bidder. 

As bad as this was, Equifax has just announced that the breach was broader in scope than originally disclosed. While the number of stolen records has not changed, Equifax now reveals that the data points include tax identification numbers, email addresses, phone numbers, the expiration dates for credit cards, and issuing states for driver's licenses. (Tax Identification numbers, or TINs, are used by non-US residents to report income from earning accounts.)

This announcement reveals the extent of information held by the credit bureaus that, at least to me, seems unnecessary for them to keep. 

I hope the other two credit bureaus take note and purge their databases of superfluous information, in case they get hacked at some point. 

Related articles:


Comments

Post a Comment

Popular posts from this blog

Equifax Provides More Details of Hacked Data

In a recent letter to several congressional committees, Equifax shared that out of the 146+ million records that were hacked in last year's breach: all contained consumers' dates of birth,  nearly all contained Social Security Numbers,  99 million had address information,  209,000 contained credit card data including expiration dates,  38,000 contained driver's license info, 3,200 contained passport information. While some identity fraud incidents have been traced back to the Equifax breach, most of these records have not yet been used in a fraud.  However, since the data is not likely to change (other than credit card info), it is assumed that eventually the stolen information will be sold in the dark web and misused.  Just a matter of time.  My advice: do what you can to minimize your exposure and certainly stay on top of your credit reports, but since things like passports, driver's licenses, and Social Security Numbers can be used in non-financial identity
Read more

Orbitz Reveals Breach Of 880,000

Orbitz, a division of Expedia, has announced it was hacked last October, 2017, revealing credit card information of 880,000 customers, including names, birth dates, mailing and email addresses, dated between January and June, 2016. The current Orbitz website was not hacked, according to the company. One article on the breach: http://www.zdnet.com/article/orbitz-says-hacker-stole-customer-data/
Read more

Should I Be Concerned About Criminal Identity Theft?

As I mentioned in a previous post, I've found that most people equate ID theft only with their finances -- their bank and credit accounts.  They don't see a need for paid protection services, relying instead on bank- or card- or insurance-provided free services.  Or they put fraud alerts on their credit report every three months. While useful, these free services rarely look beyond the finances or offer much in the way of restoration.  I advise people to get all of the reliable free coverage they can, but recognize their limitations, and understand that real identity theft is much more than their finances. Take for example something called criminal identity theft.  This is where someone pretends to be someone else, hiding their own identity, when caught in the act of a crime, such as illicit drug dealing or breaking and entering.  Often this is pulled off by first obtaining driver's license info either through direct theft or through a breach and then modifying it with
Read more