The credit-reporting service said late Thursday in a statement that it discovered the intrusion on July 29. Regulatory filings show that three days later, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 pre-scheduled trading plans.
I cannot recall a previous data breach in which the breached company's public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans.WEB SITE WOESAs noted in yesterday's breaking story on this breach, the Web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach -- equifaxsecurity2017.com --is completely broken at best, and little more than a stalling tactic or sham at worst.In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones.Others (myself included) received not a yes or no answer to the question of whether we were impacted, but instead a message that credit monitoring services we were eligible for were not available and to check back later in the month. The site asked users to enter their last name and last six digits of their SSN, but at the prompting of a reader's comment I confirmed that just entering gibberish names and numbers produced the same result as the one I saw when I entered my real information: Come back on Sept. 13.Who's responsible for this debacle? Well, Equifax of course. But most large companies that can afford to do so hire outside public relations or disaster response firms to walk them through the safest ways to notify affected consumers. In this case, Equifax appears to have hired global PR firm Edelman PR.What gives me this idea? Until just a couple of hours ago, the copy of WordPress installed at equifaxsecurity2017.com included a publicly accessible user database entry showing a user named "Edelman" was the first (and only?) user registered on the site.[Code that was publicly available on equifaxsecurity2017.com until very recently showed account information for an outside PR firm.]I reached out to Edelman for more information and will update this story when I hear from them.EARLY WARNING?In its breach disclosure Thursday, Equifax said it hired an outside computer security forensic firm to investigate as soon as it discovered unauthorized access to its Web site. ZDNet published a story Thursday saying that the outside firm was Alexandria, Va.-based Mandiant -- a security firm bought by FireEye in 2014.Interestingly, anyone who happened to have been monitoring look-alike domains for Equifax.com prior to yesterday's breach announcement may have had an early clue about the upcoming announcement. One interesting domain that was registered on Sept. 5, 2017 is "equihax.com," which according to domain registration records was purchased by an Alexandria, Va. resident named Brandan Schondorfer.A quick Google search shows that Schondorfer works for Mandiant. Ray Watson, a cybersecurity researcher who messaged me this morning on Twitter about this curiosity, said it is likely that Mandiant has been registering domains that might be attractive to phishers hoping to take advantage of public attention to the breach and spoof Equifax's domain.Watson said it's equally likely the equihax.com domain was registered to keep it out of the hands of people who may be looking for domain names they can use to lampoon Equifax for its breach. Schondorfer has not yet returned calls seeking comment.
First off, know that the primary function of this site is to get you enrolled in a one-year free trial of Equifax's Trusted ID services. Using these services requires forking over even more personal data to Equifax, which seems like rather a lot to ask considering the poor digital security that got us here.And if you do enroll in their free trial, it's on you to remember that you signed up for the service. Because in a year you can bet your bottom dollar that Equifax is going to bill you. The free year of Trusted ID isn't some magnanimous enterprise; it isn't even a consolatory gesture. What it is is a shameless way to get more people to pay Equifax for their services in the wake of a disaster Equifax created.Next, the site has some really weird behavior that has made a lot of people wonder if it even does the one job it's supposed to do in the first place.Here's what I mean: in order to check if your personal data was compromised, the site asks for two pieces of data: your last name and the last six digits of your Social Security number. So, I went ahead and entered some made up information (Last name: Smith, SSN: 123456), and the site returned a positive result.That's right, it told me that the fake personal information I entered had been compromised in the breach.
That's insider trading and is a crime