jump to navigation

Equifax’s History of Hacks and Music Majors September 19, 2017

Posted by Chris Mark in Data Breach, Uncategorized.
Tags: , , , , , , ,
add a comment

EquifaxMain.pngLet me get this out there first.  People are making a lot of noise about Equifax’s (no former) CISO (Susan Maulden) being a Music Major in college.  So what?  Information Security really has only been a ‘profession’ since about 1998 or so.  I know MANY CSOs and CISOs that do not have technical degrees.  While I am currently working on a Doctorate in CyberSecurity my undergrad was political science and I have an MBA.  I think I am a fairly capable security professional.  I think Equifax threw Ms. Maulden under the bus by trying to scrub her information from the Internet.  Given her prior employment (First Data, SunTrust, etc.) I cannot imagine she would have been given such a role without the requisite experience or knowledge.   Until we know more...harping on her college major is simply fishing and projecting blame in the wrong area.  What we do know is that Equifax has a history of being breached and has apparently done little to stem the flow of information being stolen.

Next…in keeping with Equifax’s proclivity for telling half truths while selling their own stock, it looks like there was a breach the March prior to the one in July (announced in September 2017).  That particular hack included employee tax records.  No doubt those execs who dumped their stock were also unaware of that breach (cough, cough).

Interestingly, Equifax provided a cryptic statement that reads: “The criminal hacking that was discovered on July 29 did not affect the customer databases hosted by the Equifax business unit that was the subject of the March event,” ..using my powers of reading comprehension it appears that they are saying that the July 29th “hacking” did not affect the SAME “customer databases” (plural) that were hacked in March.  So are we to assume that in both cases customer data was compromised?  According to Brian Krebs, well known security expert and researcher, the answer appears to be ‘yes’.

Adding to the fun, according to Forbes: “In one case, it had to change its ways following a class action lawsuit over an alleged lapse in security. That suit related to a May 2016 incident in which Equifax’s W-2 Express website had suffered an attack that resulted in the leak of 430,000 names, addresses, social security numbers and other personal information of retail firm Kroger. Lawyers for the class action plaintiffs argued Equifax had “wilfully ignored known weaknesses in its data security, including prior hacks into its information systems.”

I am sure we will continue to learn more about this breach and others.  Stay tuned!

Marine Snipers Issued Muskets, Told To ‘Do More With Less’ September 18, 2017

Posted by Chris Mark in Uncategorized.
add a comment

Brilliantly funny!!!

The Tater Blog

Quantico, VA —
Headquarters Marine Corps announced a decision last week to change the caliber of rifle used by the Scout Sniper community, after service-wide requests were finally noticed for a weapon system capable of longer ranges.

The decision was announced by a Pentagon official on Friday, who said, “Following the Marine Corps’ proud tradition of issuing outdated bullshit to our infantry, we’ve decided that the skills of our snipers would be best matched with the ‘Brown Bess’ flintlock musket first utilized in 1768. It has a timeless design, as well the need for a skilled operator to fire it. Marines have long been doing more with less than the Army, and we believe that the ability to hit a man at 50 yards with a 250 year old 40 pound gun is in keeping with the customs of our Corps.”

Generals had recently learned that Scout Snipers had been…

View original post 146 more words

Equifax – Protecting themselves while exposing your data and Identity! September 11, 2017

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
add a comment

BoldStrategyAs an update to my last Equifax post a number of stories had circulated regarding Equifax’s Terms of Use in which they attempt to prevent lawsuits related to their own incompetence that resulted in the exposure of nearly 150 million consumer records.  As stated on their Terms of Use:Terms of Use:


So here is what the noble and caring Equifax has done to the public.  First, they had a data breach in 2015.  Then their CEO offers the obligatory public apology where he emphasizes the ‘importance of protecting data. etc. etc.  Then Equifax magnanimously offers consumers free credit monitoring…in the Equifax TrustedID Premier service.  It should be noted that IF you do enroll in the Equifax TrustedID Premier you are agreeing to the Terms of Use listed above…in short, should your information be exposed and used to say…steal your identity you cannot sue them nor can you engage in a class action lawsuit.  You are (according to the Terms of Use) bound by Equifax’ arbitration clause.  For those who are fans of the Oscar Winning film Dodgeball, I quote: “That’s a bold strategy Cotton. Let’s see if it pays off!”

To add fuel to the proverbial fire.  Equifax did not disclose the data breach for a full month while 3 executives sold millions of dollars of company stock within days of identifying the breach!  Now..to be fair, Equifax stated (ahem, cough, cough) “…the executives “had no knowledge that an intrusion had occurred at the time they sold their shares.”” Chief Financial Officer John Gamble, U.S. Information Solutions President Joseph Loughran and Workforce Solutions President Rodolfo Ploder — completed stock sales on Aug. 1 and 2.  So let me get this straight…the Information Solutions President and CFO did not know there was a breach?  To quote the incomparable George Straight: “I’ve got some oceanfront property in Arizona.  From the front porch you can see the sea.  If you’ll buy that I’ll throw the Golden Gate in free!”




Equifax Data Theft -“Doctor Heal Thyself!” September 8, 2017

Posted by Chris Mark in Uncategorized.
1 comment so far

EquifaxI woke up this morning to the news that Equifax had experienced a data breach from Mid May through July of 2017 and affected data of 143 million customers.  The data exposed includes: “…names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers…”  You know…the type of data someone can use to actually commit identity theft.

I used the handy “Equifax tool” (you should use it!) to find whether my information or my wife’s information had been exposed.  Surprise!  It had!…now, as a consolation prize I do get a free year of credit monitoring from (cough, cough) Equifax.  The irony of this statement is palpable…Equifax has also provided “…additional information on steps consumers can take to protect their personal information.”   This is akin to someone giving you Ebola and then saying: “Hey…I know I gave you Ebola but here are some things you should do to keep from…catching Ebola…”  Thanks Equifax!

To make us feel better the CEO of Equifax (Rick Smith) stated: “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.” …What about the incident in 2015?  Shouldn’t that have been a wakeup call?

If you are concerned that you might be a victim, please use this link to check.  Then…ensure you ‘lock’ your credit reports so someone cannot open accounts in your name.  This is much, much, mUCH, MUCH, worse than a payment card theft.  With your social and other identifying info, someone can ‘steal’ your identity.

Thanks Equifax!!


RIP Sgt. Steve Perez…a true hero. August 29, 2017

Posted by Chris Mark in Uncategorized.
add a comment

PerezAs a Texan in the greater Houston area I have been dealing with Hurricane Harvey for the past few days. I have seen amazing generosity from Texans and other Americans and, unfortunately,  I have seen some who want to take advantage of those in need. Overall, I have witnessed amazing charity.  I learned today that Sgt. Steve Perez of the Houston Police Department lost his life while trying to go to work in early Sunday morning.  He was a victim of floodwaters.  Sgt. Perez was a veteran of the HPD for 34 years and was heading into the storm as he said (according to his wife) “I have work to do…”  Sgt. Perez tried for 2.5 hours to get to his location until he was overtaken by flood waters.  I want to thank Sgt. Perez for his service and sacrifice.  Our Heroes don’t always wear capes.  Sometimes they quietly do their jobs for many years and are taken too soon.  Thank you Sgt. Perez!!  No doubt Heaven is a much safer place with you on patrol!

%d bloggers like this: