Tag Archives: Equifax

How Congress should respond to the Equifax breach

 How Congress should respond to the Equifax breach

There is very little doubt that Equifax’s negligent security practices were a major contributing factor in the massive breach of 145.5-million Americans’ most sensitive information. In the wake of the breach, EFF has spent a lot of time thinking through how to ensure that such a catastrophic breach doesn’t happen again and, just as importantly, what Congress can do to ensure that victims of massive data breaches are compensated fairly when a company is negligent with their sensitive data. In this post, we offer up some suggestions that will go a long way in accomplishing those goals.

A Federal Victims Advocate to Research and Report on Data Breaches

When almost half of the country has been affected by a data breach, it’s time for Congress to create a support structure for victims at the federal level.

Once a consumer’s information is compromised, there is a complex process to wade through to figure out who to call, what kind of protections to place on one’s credit information, and what legal remedies are available to hold those responsible accountable. To make it easier for consumers, a position should be created within the executive branch and given dedicated resources to support data breach victims.

This executive branch official, or even department, would be charged with producing rigorous research reports on the harm caused by data breaches. This is important because the federal courts have made it very hard to sue companies like Equifax. The judiciary has effectively blocked litigation by setting too high a standard for plaintiffs to prove they were harmed by a data breach. Federal research and data analyzing the financial harm Americans have faced will help bridge that gap. If attorneys can point to authoritative empirical data demonstrating that their clients have been harmed, they can make companies like Equifax accountable for their failures to secure data.

Federal Trade Commission Needs to Have Rule-making Authority

Speaking of the executive branch, the Federal Trade Commission (FTC) has a crucial role to play in dealing with data breaches. As it stands now, federal regulators have little power to ensure that entities like Equifax aren’t negligent in their security practices. Though Americans rely on credit agencies to get essential services—apartments, mortgages, credit cards, just to name a few—there isn’t enough oversight and accountability to protect our sensitive information, and that’s concerning.

Equifax could have easily prevented this catastrophic breach, but it didn’t take steps to do so. The company failed to patch its servers against a vulnerability that was being actively exploited, and on top of that, Equifax bungled its response to the data breach by launching a new site that could be easily imitated.

To ensure strong security, Congress needs to empower an expert agency like the FTC, which has a history and expertise in data security. This can be accomplished, by restoring the FTC’s rule-making authority to set security standards and enforce them. The FTC is currently limited to only intervening in matters of unfair and deceptive business practices, and this authority is inadequate for addressing the increasingly sophisticated technological landscape and collection of personal data by third parties.

Congress Should Not Preempt State Data Breach Laws

While empowering executive agencies to address data breaches, Congress should take care in ensuring that states don’t lose their own laws dealing with data breaches. Any federal law passed in response to the data breach should be the foundation—not the ceiling—upon which states can build according to their needs.

States are generally more capable of quickly responding to changing data collection practices. For example, California has one of the strongest laws when it comes to notifying people that their information was compromised in a data breach. Among other things, it prescribes a timeline to notify victims and the manner in which it should be done. By the time a company has to comply with California’s laws, the company has infrastructure in place to notify the rest of the country. Given this, Congress should not pass a law that would gut states’ ability to have strong consumer friendly data breach laws.

Create a Fiduciary Duty for Credit Bureaus to Protect Information

Congress must also acknowledge the special nature of credit bureaus. Very few of us chose for our most sensitive information to be hoarded by an entity like Equifax that we have no control over. Yet the country’s financial infrastructure relies on them to execute even the most basic transactions. Since credit bureaus occupy a privileged position in our society’s economic system, Congress needs to establish that credit bureaus have a special obligation and a fiduciary duty to protect our data.

Ultimately, companies like Equifax, Experian, and Transunion serve a purpose, but they lack a duty of care towards the individuals whose data they have harvested and sell because they are not the bureaus’ customers. Without obligations to adequately protect consumer data, we will likely see lax security that will lead to more breaches on the scale of Equifax.

Give People their Day in Court

The first big problem for those seeking a remedy for data breaches is just getting into court at all, especially in sufficient numbers to make a company take notice. For too many people impacted by data breaches, they learn to their great dismay that somewhere in the fine print they agreed to a mandatory arbitration clause. This means that they cannot go to court at all or must engage in singular arbitration, rather than a class-action lawsuit.

After the Equifax breach, a lot of the focus has been on binding arbitration clauses because of the company’s egregious attempt to use it to deny people their day in court. Companies like Equifax shouldn’t be able to prevent people from going to court in exchange for weak assistance like credit-monitoring services given the scale of the breach and harm

As Congress debates how to protect Americans’ legal rights after a breach, the focus should go beyond just prohibiting mandatory arbitration clauses. Congress should preserve, protect, and create an unwaiveable private right of action for Americans to sue companies that are negligent with sensitive data.

We Don’t Need Additional Criminal Laws

A knee-jerk reaction to a significant breach like Equifax is to suggest that we need additional criminal laws aimed at those who are responsible. The reality is, we don’t know who was behind the Equifax breach to hold them accountable. More significantly, knowing their identity does nothing to ensure that Equifax actually applies crucial security patches when they are available. We don’t need increased criminal penalties—we need to incentivize protecting the data in the first place.

Another good reason for this is that these additional criminal anti-hacking laws more often end up hurting security researchers and hackers who want to do good. For instance in Equifax’s case, a security researcher had warned the company about its security vulnerabilities months before the actual breach happened; yet the company seemed to have done nothing to fix them. The security researcher couldn’t go public with the findings without risking significant jail time and other penalties.

Without a meaningful way for security testers to raise problems in a public setting, companies have little reason to keep up with the latest security practices and fearing the resulting negative publicity. If Congress uses the Equifax breach to enhance or expand criminal penalties for unauthorized access under laws like the Computer Fraud and Abuse Act (CFAA), we’d all be worse for it. Laws shouldn’t impede security testing and make it harder to discover and report vulnerabilities.

Free Credit Freezes, Not Credit Monitoring Services

Lastly, Congress needs to provide guidance on the immediate aftermath of a data breach. It’s become almost standard practice to offer credit-monitoring services to data breach victims. In reality, these services offer little protection to victims of data breaches. Many of them are inadequate in the alerts they send consumers, and more fundamentally, there’s little utility in being informed of improper usage of one’s credit information after it’s alreadybeen exploited. Consumers will still potentially have to spend hours to get their information cleared up with the various credit bureaus and entities where the information was used fraudulently.

Instead, Congress should legislate that victims of data breaches get access to free credit freezes, which are much more effective in preventing financial harm to victims of data breaches, at all major credit bureaus. There are proposals in Congress along these lines and we are glad to see that.

There’s no question that the Equifax breach has been a disaster. We at EFF are working with congressional offices to pass sensible reforms to ensure that it doesn’t happen again.

This story originally appeared on the EFF’s blog.

Let’s block ads! (Why?)

Big Data – VentureBeat

Will the Equifax data breach finally spur lawmakers to recognize data harms?

 Will the Equifax data breach finally spur lawmakers to recognize data harms?

This summer 143 million Americans had their most sensitive information breached, including their name, addresses, social security numbers (SSNs), and date of birth. The breach occurred at Equifax, one of the three major credit reporting agencies that conducts the credit checks relied on by many industries, including landlords, car lenders, phone and cable service providers, and banks that offer credits cards, checking accounts and mortgages. Misuse of this information can be financially devastating. Worse still, if a criminal uses stolen information to commit fraud, it can lead to the arrest and even prosecution of an innocent data breach victim.

Given the scope and seriousness of the risk that the Equifax breach poses to innocent people, and the anxiety that these breaches cause, you might assume that legal remedies would be readily available to compensate those affected. You’d be wrong.

While there are already several lawsuits filed against Equifax, the pathway for those cases to provide real help to victims is far from clear. That’s because even as the number and severity of data breaches increases, the law remains too narrowly focused on people who have suffered financial losses directly traceable to a breach.

The law consistently fails to recognize other sorts of harms to victims. In some cases this arises in the context of threshold “standing” to sue, a legal requirement that requires proof of harm (lawyers call it “injury in fact”) to even get into the door in federal courts. In other cases the problem arises within the claim itself, where “harm” is a legal element that must be proven for a plaintiff to win the case. Regardless of how the issue of “harm” comes up, judges are too often failing to ensure that data breach victims have legal remedies.

The consequences of this failure are two-fold. First, there’s the direct problem that the courthouse door is closed to hundreds of millions of people who face real risk and the accompanying reasonable fears about the misuse of their information. Second, but perhaps even more important, the lack of legal accountability means that the companies that hold our sensitive data continue to have insufficient incentives to take the steps necessary to protect us against the next breach.

Effective computer security is hard, and no system will be free of bugs and errors.

But in the Equifax hack, as in so many others, the breach resulted from a known security vulnerability. A patch to fix the vulnerability had been available for two months, but Equifax failed to implement it even though the vulnerability was being actively exploited. This wasn’t the first time that Equifax has failed to take computer security seriously.

Even if increasing liability only accomplished an increased incentive to patch known security problems, that alone would protect millions of people.

The High Bar to Harm

While there are exceptions, too often courts dismiss data breach lawsuits based on a cramped view of what constitutes “harm.” These courts mistakenly require actual or imminent loss of money due to the misuse of information that is directly traceable to a single security breach.

Yet outside of data breach cases, courts routinely handle cases where damages aren’t just a current loss of money or property.The law has long recognized harms such as the infliction of emotional distress, assault, damage to reputation and future business dealings.1 Victims of medical malpractice and toxic exposures can receive current compensation for potential for future pain and suffering. As two law professors, EFF Advisory Board member Daniel J. Solove and Danielle Keats Citron, noted in comparing data breach cases to the recent claims of emotional distress brought by Terry Bollea (Hulk Hogan) against Gawker: “Why does the embarrassment over a sex video amount to $ 115 million worth of harm but the anxiety over the loss of personal data (such as a Social Security number and financial information) amount to no harm?” “Why does the embarrassment over a sex video amount to $ 115 million worth of harm but the anxiety over the loss of personal data (such as a Social Security number and financial information) amount to no harm?”

For harms that can be difficult to quantify, some specific laws (e.g. copyright, wiretapping) provide for “statutory damages,” which sets an amount per infraction.2

The recent decision dismissing the cases arising from the 2014-2015 Office of Personnel Management (OPM) hack is a good example of these “data breach blinders.” The court required that the plaintiffs—mostly government employees—demonstrate that they faced a certain, impending, and substantial risk that the stolen information would be misused against them, and that they be able to trace any harm they alleged to the actual breach. The fact that the data sufficient to impersonate was stolen, and stolen due to negligence of OPM, was not sufficient. The court then disappointingly found that the fact that the Chinese government—as opposed to ordinary criminals—are suspected of having stolen the information counted against the plaintiffs in demonstrating likely misuse.

The ruling is especially troubling because we know that it can take years before the harms of a breach are realized. Criminals often trade our information back and forth before acting on it; indeed there are entire online forums devoted to this exchange. Stolen credentials can be used to set up a separate persona that incurs debts, commits crimes, and more for quite a long time before the victim is aware of it. And it can be difficult if not impossible to trace a problem with credit or criminal activity misuse back to any particular breach.

How are you to prove that the bad data that torpedoed your mortgage application came from the breaches at Equifax as opposed to the OPM, Target, Anthem, or Yahoo breaches, just to name a few?

What the Future Holds

When data is being declared the ‘oil of the digital era’ and millions in venture capital funding await those who can exploit it, it’s time to reevaluate how to think of data breaches and misuse, and how we restore access to the courts for those impacted by them.

When data is being declared the ‘oil of the digital era’ and millions in venture capital funding await those who can exploit it, it’s time to reevaluate how to think of data breaches and misuse, and how we restore access to the courts for those impacted by them.

Simply shrugging shoulders, as the OPM judge did, is not sufficient. Courts need to start applying what they already know in awarding emotional distress damages, reputational damages, and prospective business advantage damages to data breach cases, along with the recognition of current harm due to future risks, as in medical malpractice and pollution cases. If the fear caused by an assault can be actionable, so should the fear caused by the loss of enough personal data for a criminal to take out a mortgage in your name. These lessons can and should be brought to bear to help data breach victims get into the courthouse door and all the way to the end of the case.

If the political will is there, legislatures, both federal and state, can step up and create incentives for greater security and a much steeper downside for companies that fail to take the necessary steps to protect our data.

The standing problem requires innovation in crafting claims, but even the Supreme Court in the recent Spokeo decision recognized that intangible harms can still be harms under the Constitution and Congress can make that intention even more clear with proper legislative language. Alternately, as in copyright or wiretapping cases where the damages are hard to quantify, Congress can use techniques like statutory damages to ensure that those harmed receive compensation. Making such remedies clearly available in data misuse and breach cases is worthy of careful consideration. So far, the federal bills being floated in response to the Equifax breach and earlier breaches do not remove these obstacles to victims bringing legal claims and ensure a private right of action.

Similarly, outside of the shadow of federal standing requirements, state legislatures can consider models of specific state law protections like California’s Lemon Law, formally known as the Song-Beverly Consumer Warranty Act. The Lemon Law provides specific extra remedies for those purchasing a new car that needs significant repairs. States should be able to recognize that data breach situations are special and may similarly require special remedies. Things to consider are giving victims easier (and free) ways to clean up their credit rather than just the standard insufficient credit monitoring schemes.

By looking at various options, Congress and state legislatures could spur a race to the top on computer security and create real consequences for those who choose to linger on the bottom.

Of course, shoring up our legal remedies isn’t the only avenue for incentivizing companies to protect our data better. Government agencies like the Federal Trade Commission and state attorneys general have a role to play, as does public pressure and media attention.

One thing is for sure: as long as the consequences for neglecting to protect user data are weak, data breaches like the Equifax breach will continue to occur. Worse, it will become increasingly difficult for victims to demonstrate which breach caused their credit rate to drop, their job prospects to dim, or their hopes for a mortgage to be dashed. It’s long past time for us to rethink the approach to harm in data breach cases.

This story originally appeared on the EFF’s blog.

Let’s block ads! (Why?)

Big Data – VentureBeat

Equifax says server first compromised on March 10

 Equifax says server first compromised on March 10

(Reuters) — Equifax Inc said on Wednesday that investigators had determined that an online dispute website at the heart of the theft of some 143 million consumer records was initially compromised by hackers on March 10, four months before the company noticed any suspicious activity.

It disclosed the findings after details of a report by cyber-security firm FireEye Inc that was sent to some Equifax customers were reported by the Wall Street Journal earlier on Wednesday.

The report, which was obtained by Reuters, described the techniques that the unknown attackers used to compromise Equifax, including exploitation of a vulnerability in a software known as Apache Struts that was used to build the online dispute website.

It is not clear whether the March hackers were the same ones who later stole the vast cache of personal information. Equifax also said a previously reported incident in which some W-2 forms were compromised, also in March, was entirely unrelated.

The FireEye report said the firm was unable to determine who was behind the attack, and that it had never seen a hacking group employ the same tools, techniques and procedures as those used against Equifax.

A FireEye spokesman declined to comment on the report.

Equifax said in a statement to Reuters that a hacker “interacted with” the server on March 10, but that there was no evidence that the incident was related to the theft of sensitive consumer data that began in May.

The Wall Street Journal report said that hackers had roamed undetected inside Equifax’s network for four months before the massive breach was detected in July by the company’s security team. Equifax disputed that claim.

“There is no evidence that this probing or any other probing was related to the access to sensitive personal information” in the massive breach disclosed on Sept. 7, the company said in its statement.

Equifax shares have shed almost a third of their value since the disclosure of the breach. Critics have questioned why Equifax took so long to discover and disclose the breach.

One security expert who reviewed the FireEye report said that it was too soon to say whether the March 10 incident was related to the massive hack.

“They’ve had so much overlapping activity that it’s difficult to pick a single thread out of the noise,” said the expert, who was not authorized to discuss details of the confidential report.

Let’s block ads! (Why?)

Big Data – VentureBeat

Equifax announces Chief Security Officer and Chief Information Officer have left

 Equifax announces Chief Security Officer and Chief Information Officer have left

(Reuters) — Equifax said on Friday that it made changes in its top management as part of its review of a massive data breach, with two technology and security executives leaving the company “effective immediately.”

The credit-monitoring company announced the changes in a press release that gave its most detailed public response to date of the discovery of the data breach on July 29 and the actions it has since taken.

The statement came on a day when Equifax’s share price continued to slide following a week of relentless criticism over its response to the data breach,

Lawmakers, regulators and consumers have complained that Equifax’s response to the breach, which exposed sensitive data like Social Security numbers of up to 143 million people, had been slow, inadequate and confusing.

Equifax on Friday said that Susan Mauldin, chief security officer, and David Webb, chief information officer, were retiring.

The company named Mark Rohrwasser as interim chief information office and Russ Ayres as interim chief security officer, saying in its statement, “The personnel changes are effective immediately.”

Rohrwasser has led the company’s international IT operations, and Ayres was a vice president in the IT organization.

The company also confirmed that Mandiant, the threat intelligence arm of the cyber firm FireEye, has been brought on to help investigate the breach. It said Mandiant was brought in on Aug. 2 after Equifax’s security team initially observed “suspicious network traffic” on July 29.

The company has hired public relations companies DJE Holdings and McGinn and Company to manage its response to the hack, PR Week reported. Equifax and the two PR firms declined to comment on the report.

Equifax’s share prices has fallen by more than a third since the company disclosed the hack on Sept. 7. Shares shed 3.8 percent on Friday to close at $ 92.98.

U.S. Senator Elizabeth Warren, who has built a reputation as a fierce consumer champion, kicked off a new round of attacks on Equifax on Friday by introducing a bill along with 11 other senators to allow consumers to freeze their credit for free. A credit freeze prevents thieves from applying for a loan using another person’s information.

Warren also signaled in a letter to the Consumer Financial Protection Bureau, the agency she helped create in the wake of the 2007-2009 financial crisis, that it may require extra powers to ensure closer federal oversight of credit reporting agencies.

Warren also wrote letters to Equifax and rival credit monitoring agencies TransUnion and Experian, federal regulators and the Government Accountability Office to see if new federal legislation was needed to protect consumers.

Connecticut Attorney General George Jepsen and more than 30 others in a state group investigating the breach acknowledged that Equifax has agreed to give free credit monitoring to hack victims but pressed the company to stop collecting any money to monitor or freeze credit.

“Selling a fee-based product that competes with Equifax’s own free offer of credit monitoring services to victims of Equifax’s own data breach is unfair,” Jepsen said.

Also on Friday, the chairman and ranking member of the Senate subcommittee on Social Security urged Social Security Administration to consider nullifying its contract with Equifax and consider making the company ineligible for future government contracts.

The two senators, Republican Bill Cassidy and Democrat Sherrod Brown, said they were concerned that personal information maintained by the Social Security Administration may also be at risk because the agency worked with Equifax to build its E-Authentication security platform.

Equifax has reported that for 2016, state and federal governments accounted for 5 percent of its total revenue of $ 3.1 billion.

400,000 Britons affected

Equifax, which disclosed the breach more than a month after it learned of it on July 29, said at the time that thieves may have stolen the personal information of 143 million Americans in one of the largest hacks ever.

The problem is not restricted to the United States.

Equifax said on Friday that data on up to 400,000 Britons was stolen in the hack because it was stored in the United States. The data included names, email addresses and telephone numbers but not street addresses or financial data, Equifax said.

Canada’s privacy commissioner said on Friday that it has launched an investigation into the data breach. Equifax is still working to determine the number of Canadians affected, the Office of the Privacy Commissioner of Canada said in a statement.

Let’s block ads! (Why?)

Big Data – VentureBeat

MORE ON THE EQUIFAX BREECH

blank MORE ON THE EQUIFAX BREECH

I took one very important thing out of this article and will be doing it Friday:

Dixon suggests creating an account at the Social Security Administration website before anyone else does.

(Important: if you’ve already placed a fraud alert or security freeze on your credit report(s), you won’t be able to do this online and you’ll have to either remove the freeze or go into your local Social Security office, according to the SSA.) This way, you can at least check your Social Security earnings to see if anything looks off. You’ll need to have some information on hand, as the site will ask you about specific accounts you have open to verify your identity, and if you provide a wrong answer, you’ll be locked out for 24 hours.

FTC is investigating the Equifax hack

 FTC is investigating the Equifax hack

(Reuters) — The U.S. Federal Trade Commission said on Thursday it was investigating Equifax Inc’s massive data breach, a rare public confirmation, as a top Democrat suggested the credit-monitoring company’s corporate leaders might need to resign.

Senate Democratic Leader Chuck Schumer also compared Equifax to Enron, a U.S. energy company that was consumed in scandal after revealing in 2001 that it engaged in widespread accounting fraud.

“It’s one of the most egregious examples of corporate malfeasances since Enron,” Schumer said, calling Equifax’s treatment of consumers afterward “disgusting” and its inability to protect data “deeply troubling.”

Shares of Equifax have lost nearly a third of their value in the week since the breach was disclosed. They tumbled to a more than two-year low on Thursday after the company confirmed a fixable web server vulnerability was exploited in the hack, but the stock later recovered somewhat.

“The FTC typically does not comment on ongoing investigations,” spokesman Peter Kaplan said in a brief email statement. “However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”

Schumer said Equifax’s chief executive officer and board might need to resign if the company does not take concrete steps within the next week to protect consumers and agree to testify before lawmakers and federal regulators.

“We need to get to the bottom of this — the very bottom, the murky bottom, the dirty bottom,” he added.

Equifax CEO Richard Smith has agreed to testify on Oct. 3 before a U.S. House of Representatives panel, the company said Thursday.

Confirming what many cyber security experts expected, Equifax said late on Wednesday that hackers used a flaw in its open-source Struts software, distributed by the nonprofit Apache Software Foundation, to break into its systems. A patch for the vulnerability was issued in March, two months before Equifax said hackers began siphoning data.

Equifax representatives did not immediately respond to requests for comment on the FTC probe.

The company disclosed the breach on Sept. 7, saying thieves may have stolen the personal information of 143 million Americans in one of the largest hacks ever. It learned of the hacking on July 29.

Nearly 40 states have joined a probe of Equifax’s handling of the breach.

Let’s block ads! (Why?)

Big Data – VentureBeat

Equifax reveals hack that exposed data of 143 million customers, stock tanks

 Equifax reveals hack that exposed data of 143 million customers, stock tanks

(Reuters) — Equifax Inc, a provider of consumer credit scores, said on Thursday that personal details of as many as 143 million U.S. consumers were accessed by hackers between mid-May and July, in what could be one of the largest data breaches in the United States.

The company’s shares fell nearly 19 percent in after-market trading as investors reacted to possible consequences of the exposure of sensitive data of nearly half of the U.S. population.

Atlanta-based Equifax said in a statement that it discovered the breach on July 29. It said criminals exploited a U.S. website application vulnerability to gain access to certain files that included names, Social Security numbers and driver’s license numbers.

In addition, credit card numbers of around 209,000 U.S. consumers and certain dispute documents with personal identifying information of around 182,000 U.S. consumers were accessed. Information of some UK and Canadian residents was also gained in the hack, Equifax said.

Equifax said in its statement that it was working with law enforcement agencies and has hired a cyber-security firm to investigate the breach. It said its investigation is “substantially complete,” and expects it will be completed in the coming weeks.

The company declined to comment beyond its statement.

The Federal Bureau of Investigation is tracking the situation, a spokeswoman for the agency said.

U.S. Senator Mark Warner, vice chairman of the Senate Select Committee on Intelligence, said in a statement that it would not be an “exaggeration to suggest that a breach such as this represents a real threat to the economic security of Americans.”

Equifax’s breach follows rival Experian Plc’s breach two years ago that exposed sensitive personal data of some 15 million people who applied for service with T-Mobile US Inc.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax Chief Executive Richard Smith said in a statement, adding that the company is conducting “a thorough review of our overall security operations.”

Likelihood for phishing seen high

Cybersecurity experts said the breach was very serious.

“On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data,” said Avivah Litan, a Gartner Inc analyst who tracks identity theft and fraud.

Equifax handles data on more than 820 million consumers and more than 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers, according to its website.

Ryan Kalember, senior vice president of cyber security firm Proofpoint, said the hack was “especially troubling” because companies typically offer free credit monitoring services from firms such as Equifax, which has now itself suffered a huge cyber attack.

“The information is very personal — the likelihood that it could be used for phishing is very high,” said Matt Tait, a former analyst at the British intelligence service GCHQ and a cyber security researcher.

Equifax said consumers could check if their information had been impacted at www.equifaxsecurity2017.com.

Representative Maxine Waters, a member of the House of Representatives Financial Services Committee, said in a statement that she would reintroduce legislation to “enhance consumer protection tools available to minimize harm caused by identity theft.”

Three days after Equifax discovered the breach, three top Equifax executives, including Chief Financial Officer John Gamble and a president of a unit, sold Equifax shares or exercised options to dispose off stock worth about $ 1.8 million, regulatory filings show. It was not clear whether these transactions were part of a pre-arranged sales plan.

Equifax said in a statement that the executives were not aware that an intrusion had occurred when they sold their shares.

Let’s block ads! (Why?)

Big Data – VentureBeat

Equifax Credits Insights and Transformation to Spotfire

equifax Equifax Credits Insights and Transformation to Spotfire

Equifax powers the financial future of individuals and organizations around the world. Using the combined strength of unique and trusted data, technology, and innovative analytics, it has grown from a consumer credit company into a leading provider of insights and knowledge that help its customers make informed decisions. 

One of Equifax’s main goals was to blend business and technology in a way that both its business users and decision-makers could access analytical insights without needing technical skills. In particular, sales consultants needed fast access to the latest intelligence so they could provide more value to customers.

The main challenge was that the company’s multiple data sources were not linked. It needed to connect these sources to an Hadoop environment, handle large amounts of data, and provide easy exploratory analysis. It also needed to enable report customization for designing reports for groups from the C-level to sales, and provide analytics to those who didn’t have technology expertise. In addition, Equifax wanted to establish a partnership with a stable vendor it could trust. Failing to meet these challenges meant risking market share and not being able to provide the most value to customers.

Read about what Equifax did to attain access to all its data, reduce time to market for analytics insights, differentiate, and start gaining market share to become a true thought leader in its industry.

Join the TIBCO customer reference program to have your business transformation story shared globally with the technology industry, and trade and business press. Your story in print, web, and video format can boost your status as a thought leader and increase awareness with technology leaders, helping you raise your company visibility and attract and retain top talent. Email customermarketing@tibco.com today!

Let’s block ads! (Why?)

The TIBCO Blog