![]() Fees previously varied by state, and in ones in which a charge was allowed, it could be $5 to $10 per freeze or thaw for each credit bureau. The freeze prevents access to a credit file, which deters identity thieves from opening new accounts in someone’s name. In Alabama, a breach must be reported with 60 days or a company faces a fine of up to $10,000 per violation in North Dakota, it’s 45 days and up to $5,000 each.Īt the federal level, the president signed a bill in May that includes a free “credit freeze” and “thaws” at the three largest credit-reporting agencies: that’s TransUnion and Experian in addition to Equifax. 1, 2020.Īlabama and North Dakota passed laws forcing notification about reporting breaches with penalties for delays. California passed a law earlier this year that forces disclosures about the collection of personal data, and imposes significant fines for data breaches-up to $750 per violation. In a statement, Equifax said that it has made comprehensive changes.Įight state banking regulators imposed a consent order on Equifax in June, requiring security improvement, auditing, and reporting. The company said today it has budgeted to spend an additional $200 million this year for security and technology, though it didn’t provide context for past or current spending. And attackers accessed a database that contained unencrypted credentials that they used to access other internal databases. It hadn’t worked for 10 months before staff noticed. Attackers made 9,000 queries that were unnoticed due to a failure to keep a network-data inspection system up to date. The GAO report confirms that a single Internet-facing web server with out-of-date software led to the breach, which went undetected for 76 days. Records varyingly included credit-card, driver’s license, and Social Security numbers, date of birth, phone numbers, and email addresses. The company waited six weeks to disclose the breach. The total number grew through March 2018 to over 148 million affected. 7, 2017, Equifax revealed that months-long illegitimate access to its credit-report databases had led to the breach of personally identifiable information of over 143 million people, nearly all in the U.S. Equifax itself has suffered minimal consequences and continues to do business more or less as before.” It continued to receive large government contracts.Ĭonsumer Union, publishers of Consumer Reports noted in an editorial on its site today, “Americans remain largely in the dark about the practices of the credit reporting industry-and, more generally, largely unable to control the use of their personal information. Equifax’s stock took an initial hit, but it has largely recovered. Instead, almost nothing of substance has occurred since the unprecedented breach. Predictions following the breach were that regulators and consumer outrage would force major changes to the credit-reporting industry. It breaks little new ground, but summarizes an array of errors inside the company, largely relating to a failure to use well-known security best practices and a lack of internal controls and routine security reviews.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |