Security News

The UK's Financial Conduct Authority has fined Equifax a smidge over £11 million for severe failings that put millions of consumers at risk of financial crime.The two companies involved here are Equifax Ltd and Equifax Inc. There are key differences between the two that are important in fully understanding the case.

Neustar and Equifax released Financial Spectrum, an audience segmentation and media activation solution designed to meet the unique demands of financial services marketers. Financial Spectrum offers asset-based customer segmentation to financial services marketers, reducing compliance risk by leveraging actual, direct-measured financial data and no protected-class demographic variables like age or marital status.

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month. "Using payroll data from government agencies and thousands of employers - including a vast majority of Fortune 500 companies - Equifax has cultivated a database of 300 million current and historic employment records, according to regulatory filings."

Equifax on Friday announced plans to shell out $640 million to acquire Kount, a company that sells e-commerce retail fraud protection. The Atlanta, Ga.-based Equifax said the deal would expand its worldwide footprint in digital identity and fraud prevention solutions.

Massachusetts and Indiana, the only two U.S. states that independently sued Equifax over the massive data breach that occurred in 2017, have settled with the credit reporting agency for a total of close to $40 million. The Equifax data breach affected roughly 147 million people.

The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also featured: Advice on implementing...

Time for a fresh edition of "Learn from how others get breached" focusing on Equifax. If there's one thing that every organization should learn from the Equifax breach, it's about patching.

The US has charged the Chinese military with plundering Equifax in 2017. According to the indictment, the four allegedly pried open Equifax by exploiting a vulnerability in the Apache Struts Web Framework software used by the credit reporting agency's online dispute portal.

The latest in a string of China-linked hacking incidents came with the Monday indictment of four members of the Chinese military for breaking into the credit-reporting agency Equifax in 2017. The motives, as with several others hacks that preceded it, appear to be more about espionage than stealing trade secrets, cybersecurity experts say.

The takedown of Equifax begs the question of whether attackers might also have been camping out in the networks of other consumer credit reporting agencies - Experian, TransUnion and others - as well as other data brokers. Interesting overlay: In 2015, President Barack Obama threatened China with severe sanctions if it didn't cease its hack attack ways, and in September of that year, he reached a landmark agreement with Chinese President Xi Jinping, which aimed to put intellectual property off limits for nation-state espionage operators.