Equifax has lost the keys to the kingdom in the latest security breach.

Today, it came out that “Equifax Says Cyberattack May Have Affected 143 Million Customers” in the latest Equifax security breach. While the number alone falls well short of some other recent hacks, the potential for damage makes it even more serious than both Yahoo! breaches combined. The Yahoo! breaches were serious enough because password resets usually take place via email, but at least that requires the data thieves to work harder to get more information. Since Equifax has all credit data, including Social Security numbers, it is a one-stop shop for hackers. It is sufficient information for identity thieves to present to creditors, lenders and other service providers, to include information that identifies a person as the legitimate account holder.

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

While there is no evidence that “core … reporting databases” were breached, the potential exists, and, as a result, Equifax has set up a website Cybersecurity Incident & Important Consumer Information where you can put in your last name and last six of your SSN to check whether or not you qualify for free credit monitoring.

Sadly, that falls far flat from a real solution, because once the information is out there, it is out there, and it can impact someone years from now. It really is time that companies that are negligent with personal identifying data be legally liable for their lack of safeguards.

 

WordFence recently posted about a “highly effective Gmail phishing” campaign that has fooled or almost fooled several technically savvy people. It just goes to show that you can never allow yourself to become too complacent.

A new phishing technique that affects GMail and other services and how to protect yourself.>

~Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited

Some scary stuff that affects all versions of Windows since at least XP!

This week there has been a lot of news about a flaw in Windows that could be used by web sites to easily gain access to a visitor’s Windows login name and password. This article explains how this flaw works and how you can prevent it.

Source: Understanding the Windows Credential Leak Flaw and How to Prevent It