Ars Technica, with a side of eyeroll: Equifax claims administrator says victims must provide more info to claim cash. “If you’re one of the millions of Americans who received an email this weekend from the Equifax breach settlement administrator, you’re not alone. Nor are you alone if you were surprised or confused by the message, as more than a half-dozen Ars readers who forwarded theirs were. The message, however, is entirely legitimate, and the information it seeks is part of the claims process.”
USA Today: Equifax data breach settlement: How to file a claim for $125 or free credit reporting. “If you were affected by the 2017 Equifax data breach, you can now file a claim for a piece of the settlement. The credit-reporting company has agreed to pay between $575 million and $700 million to settle state and federal investigations related to a massive security incident that exposed the personal information of more than 147 million Americans two years ago.” The site includes a form where you can enter your last name and the last six digits of your social to see if you are entitled to claim. I looked myself up and GUESS WHAT….
CNET: Equifax will pay $700 million for data breach, report says. “Equifax is reportedly close to reaching a $700 million settlement with the US Federal Trade Commission and other government agencies over its massive data breach in 2017. The money would also go towards resolving a consumer class-action lawsuit against the company, The Wall Street Journal reported Friday afternoon.”
The Verge: Former Equifax executive sentenced to prison for insider trading prior to data breach. “The Security and Exchanges Commission charged [Jun] Ying with insider trading last year. The Department of Justice says that in August 2017, after learning about the breach, he began researching the impact that a similar breach had on another company’s stock price. Later that morning, he promptly exercised and sold all of his stock options, earning nearly a million dollars from the sale. In doing so, he avoided a loss of $117,000 that he otherwise would have incurred when the company’s stock price dropped after the disclosure.”
Krebs on Security: MyEquifax.com Bypasses Credit Freeze PIN. “Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.”
The Register: And it’s go, go, go for class-action lawsuits against Equifax after 148m personal records spilled in that mega-hack. “In a series of orders handed down in a Georgia federal district court on Monday, the evocatively named Judge Thomas Thrash Jr said that legal challenges from payment card issuers and ordinary citizens can proceed against Equifax. A class-action lawsuit brought by ten ‘small businesses’ – which included corporations and limited liability companies – was denied, though. The small biz owners can join in with the consumers.”
The Register: Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory . “A US Congressional report outlining the breakdowns that led to the 2017 theft of 148 million personal records from Equifax has revealed a stunning catalog of failure. The 96-page report (PDF) from the Committee of Oversight and Government Reform found that the 2017 network breach could have easily been prevented had the company taken basic security precautions.”