Coming soon: Equifax Part 3
-
You have to be fist-fucking me?
http://www.politico.com/story/2017/10/03/equifax-irs-fraud-protection-contract-243419
The IRS will pay Equifax $7.25 million to verify taxpayer identities and help prevent fraud under a no-bid contract issued last week, even as lawmakers lash the embattled company about a massive security breach that exposed personal information of as many as 145.5 million Americans.
A contract award for Equifax's data services was posted to the Federal Business Opportunities database Sept. 30 โ the final day of the fiscal year. The credit agency will "verify taxpayer identity" and "assist in ongoing identity verification and validations" at the IRS, according to the award.
Well, it's official. We are fucked.
-
-
-
Was Bernard Madoff unavailable to take the role? I hear he's got some time on his hands.
-
@the_quiet_one said in Coming soon: Equifax Part 3:
Was Bernard Madoff unavailable to take the role? I hear he's got some time on his hands.
They are going to let him manage the Social Security administration. It's a sure thing. Just trust him.
-
@karla said in Coming soon: Equifax Part 3:
@hardwaregeek said in Coming soon: Equifax Part 3:
@Polygeekery likes to steal all my ideas.
You're just lucky that i like you and that you don't live in a house... Or else:
-
@polygeekery said in Coming soon: Equifax Part 3:
@karla said in Coming soon: Equifax Part 3:
@hardwaregeek said in Coming soon: Equifax Part 3:
@Polygeekery likes to steal all my ideas.
You're just lucky that i like you and that you don't live in a house... Or else:
With the lemons
-
Finally, Part 3 is here:
-
@timebandit There are not enough s in the interwebz to properly describe Equifax.
-
Once again, rule #1 of data breaches: It's always worse than they admit at first. (It's usually worse than they know about at first. These two are frequently not the same thing.)
-
At this point Equifax should just admit defeat and cease operations. The only reason they haven't yet is because they don't really have customers, yet somehow they've been allowed to aggregate data on everyone without their permission and without any kind of federal oversight (in any country). Amazeballs.
-
@aapis said in Coming soon: Equifax Part 3:
somehow they've been allowed to aggregate data on everyone without their permission
That's not true.
-
@aapis said in Coming soon: Equifax Part 3:
The only reason they haven't yet is because they don't really have customers
You want a loan?
Let me pay Equifax to tell me if I should give you one.
@aapis said in Coming soon: Equifax Part 3:
without their permission
If you accept this loan, you also accept the following: We will report the status of your loan to credit bureaus.
-
@polygeekery said in Coming soon: Equifax Part 3:
@aapis said in Coming soon: Equifax Part 3:
somehow they've been allowed to aggregate data on everyone without their permission
That's not true.
It's not the giving of permission that's the problem.
Relating it to home ownership.
I don't like HOAs. Somehow I live in a community with a HOA. How did that happen?
-
https://news.ycombinator.com/item?id=15456221
Equifax was loading this script: https://aa.econsumer.equifax.com/aad/uib/js/fireclick.js
This script, from Fireclick Web Analytics, then loaded a script via Akami CDN that was hosted for a Fireclick domain, netflame.cc: a248.e.akamai.net/f/248/5462/3h/hints.netflame.cc/service/script/www.annualcreditreport.com
So this package was not coming from Equifax, but was being injected by a compromised analytics provider.
-
@aapis said in Coming soon: Equifax Part 3:
The only reason they haven't yet is because they don't really have customers,
Yes they do. The US Government. Unless that contract was cancelled?
-
@polygeekery said in Coming soon: Equifax Part 3:
@aapis said in Coming soon: Equifax Part 3:
somehow they've been allowed to aggregate data on everyone without their permission
That's not true.
What part of it is not true? I never consented to Equifax collecting information on me, but they have it. And now, so does some hacker.
-
@aapis said in Coming soon: Equifax Part 3:
At this point Equifax should just admit defeat and cease operations. The only reason they haven't yet is because they don't really have customers
They had $3.1 Billion in revenue last year. Where did that come from?
-
@masonwheeler said in Coming soon: Equifax Part 3:
I never consented to Equifax collecting information on me, but they have it.
You did.
Small print.
For example:
-
@xaade said in Coming soon: Equifax Part 3:
to one or more of the credit bureaus.
We just need to convince all those lenders to just stop reporting to Equifax. Starve them out of business!
-
@xaade said in Coming soon: Equifax Part 3:
You did.
Small print.There is a difference (although not in the legal system i guess) between actively expressing consent, and being tricked or forced to sign a contract.
-
@adynathos said in Coming soon: Equifax Part 3:
@xaade said in Coming soon: Equifax Part 3:
You did.
Small print.There is a difference (although not in the legal system i guess) between actively expressing consent, and being tricked or forced to sign a contract.
No one tricked you. It's plainly there.
I'm sorry, I actually read the contracts I sign.
The actual problem is that you can't find a lender that doesn't report to credit bureaus, and thus don't have a real choice.
-
@xaade said in Coming soon: Equifax Part 3:
The actual problem is that you can't find a lender that doesn't report to credit bureaus, and thus don't have a real choice.
What's really frustrating is that often companies like municipal water or electricity providers will report to the credit bureaus too.
So you're "free" to not do business with them, as long as you:
- Never need to borrow money
- Never need to spend money electronically (debit card)
- Never subscribe to TV or phone service
- Never use municipal water or sewer or electricity
- Are a hermit living in a cave
But you're "free" to not do business with them!
-
@masonwheeler said in Coming soon: Equifax Part 3:
I never consented to Equifax collecting information on me
Yes you did.
-
@adynathos said in Coming soon: Equifax Part 3:
@xaade said in Coming soon: Equifax Part 3:
You did.
Small print.There is a difference (although not in the legal system i guess) between actively expressing consent, and being tricked or forced to sign a contract.
That second thing did not happen. Not if you have lived on your own.
-
@xaade said in Coming soon: Equifax Part 3:
@adynathos said in Coming soon: Equifax Part 3:
@xaade said in Coming soon: Equifax Part 3:
You did.
Small print.There is a difference (although not in the legal system i guess) between actively expressing consent, and being tricked or forced to sign a contract.
No one tricked you. It's plainly there.
I'm sorry, I actually read the contracts I sign.
The actual problem is that you can't find a lender that doesn't report to credit bureaus, and thus don't have a real choice.
Also, utilities.
-
@polygeekery said in Coming soon: Equifax Part 3:
@xaade said in Coming soon: Equifax Part 3:
@adynathos said in Coming soon: Equifax Part 3:
@xaade said in Coming soon: Equifax Part 3:
You did.
Small print.There is a difference (although not in the legal system i guess) between actively expressing consent, and being tricked or forced to sign a contract.
No one tricked you. It's plainly there.
I'm sorry, I actually read the contracts I sign.
The actual problem is that you can't find a lender that doesn't report to credit bureaus, and thus don't have a real choice.
Also, utilities.
https://what.thedailywtf.com/topic/24010/coming-soon-equifax-part-3/23
-
@blakeyrat said in Coming soon: Equifax Part 3:
Are a hermit living in a cave
Can't do that either.
They will come and prosecute you for going off grid. :P
-
@xaade said in Coming soon: Equifax Part 3:
@blakeyrat said in Coming soon: Equifax Part 3:
Are a hermit living in a cave
Can't do that either.
They will come and prosecute you for going off grid. :P
Not as long as your cave complies with building codes :P
-
@el_heffe said in Coming soon: Equifax Part 3:
https://news.ycombinator.com/item?id=15456221
Equifax was loading this script: https://aa.econsumer.equifax.com/aad/uib/js/fireclick.js
This script, from Fireclick Web Analytics, then loaded a script via Akami CDN that was hosted for a Fireclick domain, netflame.cc: a248.e.akamai.net/f/248/5462/3h/hints.netflame.cc/service/script/www.annualcreditreport.com
So this package was not coming from Equifax, but was being injected by a compromised analytics provider.
tyingq 3 hours ago [-]
After poking around a bit, the "netflame.cc" domain may be where this was compromised. It used to be a Fireclick owned domain, but the current ownership might not be Fireclick.
It's registered to a Thailand national using a personal gmail account.
Can't prove it, but I have a suspicion Fireclick let the domain lapse/expire, and some bad actor registered itshallot_router 3 hours ago [-]
WHOIS history on that domain shows the registration changed hands on November 15, 2016. Before that, it was owned by "Digital River, Inc."
tyingq 2 hours ago [-]
Digital river was the parent company of fireclick.
It's unclear how and why the ownership was transferredceejayoz 7 hours ago [-]
We were just talking about the potential dangers of these third-party analytics scripts the other day.
-
@el_heffe said in Coming soon: Equifax Part 3:
Digital River, Inc
Hmm, that's the company that handles payment processing for Guild Wars 2.
-
Hence why I've never taken out a loan. What a scam.
-
@dcon Depends if you think their customers are the people whose data they own or the government of a country that some of those people live in? I can't think of any reason the US gov't would need anything provided by Equifax, don't they already have the IRS for that?
-
@aapis said in Coming soon: Equifax Part 3:
@dcon Depends if you think their customers are the people whose data they own or the government of a country that some of those people live in? I can't think of any reason the US gov't would need anything provided by Equifax, don't they already have the IRS for that?
Guess you missed this discussion: https://what.thedailywtf.com/topic/24009/irs-awards-multimillion-dollar-fraud-prevention-contract-to-equifax/9
-
But wait, if you order now you also get:
-
@swayde said in Coming soon: Equifax Part 3:
But wait, if you order now you also get:
It appears that Equifax and TransOnion suffer from the same problem -- blindly pulling in Javascipt from a variety of third parties, some of which have been compromised.
-
@dcon said in Coming soon: Equifax Part 3:
@aapis said in Coming soon: Equifax Part 3:
@dcon Depends if you think their customers are the people whose data they own or the government of a country that some of those people live in? I can't think of any reason the US gov't would need anything provided by Equifax, don't they already have the IRS for that?
Guess you missed this discussion: https://what.thedailywtf.com/topic/24009/irs-awards-multimillion-dollar-fraud-prevention-contract-to-equifax/9
Or...this thread.
-
@aapis said in Coming soon: Equifax Part 3:
Hence why I've never taken out a loan. What a scam.
Have you ever had a utility in your name? Signed a cell phone contract? Rented an apartment? If you answered yes to any of the above then you have given them permission to aggregate information on you.
Hell, tax liens will show up on a credit bureau report. I would not be terribly surprised to find that if you have ever paid taxes you have given them permission.
I am not defending them. I see credit bureaus as Super Double Cyborg Hitler. They can all FOAD. But to say you never gave them permission to aggregate your information is just wrong.
-
@polygeekery said in Coming soon: Equifax Part 3:
I see credit bureaus as Super Double Cyborg Hitler.
Maybe.
I don't see the idea of businesses being able to find out about you as bad, but more the way they've handled it.
It should be treated as a background check, as in they have to actively go out and call businesses, rather than just hold data in one place.
That way people don't get to have your information for cheap and for just any old reason.
-
@xaade said in Coming soon: Equifax Part 3:
Let me charge you to pay Equifax to tell me if I should give you one.
You don't think the money they're paying to Equifax is coming out of their own pocket, do you?
-
@hardwaregeek said in Coming soon: Equifax Part 3:
@xaade said in Coming soon: Equifax Part 3:
Let me charge you to pay Equifax to tell me if I should give you one.
You don't think the money they're paying to Equifax is coming out of their own pocket, do you?
There's actually a fee that gets charged by credit card companies every time you buy something. You don't see it because the store pays it. However, you don't think the money they're paying the credit companies is coming out of their own pocket, do you?
They just get a small bonus if you pay cash.
So, you can phrase it however you want. Either way, the loan companies are the customers of credit bureaus.
-
@xaade said in Coming soon: Equifax Part 3:
@hardwaregeek said in Coming soon: Equifax Part 3:
@xaade said in Coming soon: Equifax Part 3:
Let me charge you to pay Equifax to tell me if I should give you one.
You don't think the money they're paying to Equifax is coming out of their own pocket, do you?
There's actually a fee that gets charged by credit card companies every time you buy something. You don't see it because the store pays it. However, you don't think the money they're paying the credit companies is coming out of their own pocket, do you?
They just get a small bonus if you pay cash.
So, you can phrase it however you want. Either way, the loan companies are the customers of credit bureaus.
Sometimes it is rather more explicit. For example, when renting a house or apartment, there is typically an application fee to cover the cost of the credit/background check.
-
@xaade said in Coming soon: Equifax Part 3:
@polygeekery said in Coming soon: Equifax Part 3:
I see credit bureaus as Super Double Cyborg Hitler.
Maybe.
I don't see the idea of businesses being able to find out about you as bad, but more the way they've handled it.
It should be treated as a background check, as in they have to actively go out and call businesses, rather than just hold data in one place.
That way people don't get to have your information for cheap and for just any old reason.
Well, and a high percentage of the data is incorrect.
-
@hardwaregeek said in Coming soon: Equifax Part 3:
Sometimes it is rather more explicit. For example, when renting a house or apartment, there is typically an application fee to cover the cost of the credit/background check.
Only because it became necessary to explain why the charge is there.
My electric company doesn't have a base charge, they roll it into the per kilowatt charge. I thought that meant I might pay more, but it turns out I don't, because the other companies raise the per kilowatt after a certain amount.
-
@polygeekery said in Coming soon: Equifax Part 3:
Well, and a high percentage of the data is incorrect.
Only 5%? ISTR hearing it was closer to 20. I'd have to go look up the source for that again, though...
-
@masonwheeler I thought it was higher also. That was the first relevant link I could find. The well is currently pretty poisoned for "credit bureau data incorrect". Most of the results are for the data breach.
-
@polygeekery The last 2, yes. But I'm not American (or British), so the chances are lower. I don't even know if they operate in my country.
And yes I can, as I had never heard of Equifax before this breach yet you're still claiming that I gave them permission. I gave no such explicit permission to Equifax, ever. Promise. You're trying to make the argument that because some other company says "we may check your credit..." in one of their many long form fine print documents that I have given them permission to know everything about me, but this argument is wrong. You're arguing from a legal perspective (which I don't care about, obviously this company was operating legally - my point has nothing to do with that) while I am arguing from the POV of the average consumer.
If my data ends up on the dark web because this company did not protect it properly, that is wrong. If they got that data without asking me personally for my explicit permission, that is wrong squared. Yes, it may be legal. Lots of things are legal right now. Your pedantry is irrelevant.
-
@adynathos said in Coming soon: Equifax Part 3:
@xaade said in Coming soon: Equifax Part 3:
You did.
Small print.There is a difference (although not in the legal system i guess) between actively expressing consent, and being tricked or forced to sign a contract.
You could also go for the duress angle given the ubiquity of transactions that end up on one's credit history, and the necessity of most of those transactions to function in modern society.
-
@aapis said in Coming soon: Equifax Part 3:
@polygeekery The last 2, yes. But I'm not American (or British), so the chances are lower. I don't even know if they operate in my country.
And yes I can, as I had never heard of Equifax before this breach yet you're still claiming that I gave them permission. I gave no such explicit permission to Equifax, ever. Promise. You're trying to make the argument that because some other company says "we may check your credit..." in one of their many long form fine print documents that I have given them permission to know everything about me, but this argument is wrong. You're arguing from a legal perspective (which I don't care about, obviously this company was operating legally - my point has nothing to do with that) while I am arguing from the POV of the average consumer.
If my data ends up on the dark web because this company did not protect it properly, that is wrong. If they got that data without asking me personally for my explicit permission, that is wrong squared. Yes, it may be legal. Lots of things are legal right now. Your pedantry is irrelevant.
They do not say that they will check your credit. They say that they will report the status of your account to the credit bureaus.
-