Equifax Web Application Flaw Leaked 143M Customer Records.

Equifax data breach

Equifax Web Application Flaw Leaked 143M Customer Records.

Credit reporting agency Equifax said Thursday a web application flaw exposed 143 million customer records to hackers. This is a startling breach for a company that ironically offers identity theft protection services.

The information exposed includes names, Social Security numbers, birth dates, addresses and in some cases, driver’s license numbers, according to a news release. Although most of those affected are U.S. consumers, Equifax says some “limited personal” information for U.K. and Canadian residents was affected.

Equifax also says the breach exposed credit card numbers for 209,000 U.S. consumers. The hackers also accessed what Equifax described as “dispute documents” containing personal information for 182,000 U.S. consumers.
While not the largest breach on record, it’s certainly one of most sensitive. Equifax is one of the largest aggregators of financial data related to U.S. consumers, and its records are used by a variety of other businesses to gauge a person’s creditworthiness.

“On a scale of one to 10 in terms of risk to consumers, this is a 10,” says Avivah Litan, a vice president with the analyst Gartner. “Equifax holds consumers’ most personally sensitive financial information.”

The type of information leaked is a perfect package for a fraudster looking to impersonate someone else.
In the news release, Equifax Chairman and CEO Richard F. Smith says, “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do.”

While not the largest breach on record, it’s certainly one of most sensitive.

“I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”

Although major data breaches have become nearly routine, Equifax’s lapse is “especially alarming and serious,” says Atiq Raza, CEO of the web application security company Virsec. Of particular concern is the static nature of data, such as birth dates.

“Almost all the data that credit reporting companies like Equifax hold is sensitive, and much of it is used to establish identity – birth dates, addresses, drivers licenses, and other data types are routinely used to verify identity,” Raza says. “It’s one thing to ask a consumer to change a password, but how do you change your birth date?”

Equifax says it will only send notifications by direct mail to the 209,000 people whose payment card information was leaked and the 182,000 consumers whose dispute documents were exposed.
For everyone else, Equifax has set up a web-based tool for people to check if their data is in the breach.

More Than 198 Million US citizens Political Data Exposed By Marketing Group

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server.
The data leak contains a wealth of personal information on roughly 61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation, and ethnicity. Deep Root Analytics, a conservative data firm that identifies audiences for political ads, confirmed ownership of the data to Gizmodo on Friday.

UpGuard cyber risk analyst Chris Vickery discovered Deep Root’s data online last week. More than a terabyte was stored on the cloud server without the protection of a password and could be accessed by anyone who found the URL. Many of the files did not originate at Deep Root, but are instead the aggregate of outside data firms and Republican super PACs, shedding light onto the increasingly advanced data ecosystem that helped propel President Donald Trump’s slim margins in key swing states.Although files possessed by Deep Root would be typical in any campaign, Republican or Democratic, experts say its exposure in a single open database raises significant privacy concerns. “This is valuable for people who have nefarious purposes,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, said of the data.

The RNC paid Deep Root $983,000 last year, according to Federal Election Commission reports, but its server contained records from a variety of other conservative sources paid millions more, including The Data Trust (also known as GOP Data Trust), the Republican party’s primary voter file provider. Data Trust received over $6.7 million from the RNC during the 2016 cycle, according to OpenSecrets.org, and its president, Johnny DeStefano, now serves as Trump’s director of presidential personnel.

The Koch brothers’ political group Americans for Prosperity, which had a data-swapping agreement with Data Trust during the 2016 election cycle, contributed heavily to the exposed files, as did the market research firm TargetPoint, whose co-founder previously served as director of Mitt Romney’s strategy team. (The Koch brothers also subsidized a data company known as i360, which began exchanging voter files with Data Trust in 2014.) Furthermore, the files provided by Rove’s American Crossroads contain strategic voter data used to target, among others, disaffected Democrats and undecideds in Nevada, New Hampshire, Ohio, and other key battleground states.

Deep Root further obtained hundreds of files (at least) from The Kantar Group, a leading media and market research company with offices in New York, Beijing, Moscow, and more than a hundred other cities on six continents. Each file offers rich details about political ads—estimated cost, audience demographics, reach, and more—by and about figures and groups spanning the political spectrum. There are files on the Democratic Senatorial Campaign Committee, Planned Parenthood, and the American Civil Liberties Union, as well as files on every 2016 presidential candidate, Republicans included.
What’s more, the Kantar files each contain video links to related political ads stored on Kantar’s servers.