Don't Get Screwed Out of Your Equifax Settlement Money

Don't Get Screwed Out of Your Equifax Settlement Money

The Equifax settlement has a provision through which victims can claim a cash payment for "time spent."If you spent hours researching what to do about the breach, setting up credit freezes, hopping on the phone with your bank, or doing anything else remotely relevant, you can claim up to $250 for that time without needing to show any specific evidence.

You'll Get Your Equifax Money. It Just Might Take a While

You'll Get Your Equifax Money. It Just Might Take a While

But Rotenberg notes that without a comprehensive data breach response plan within the federal government, a settlement like Equifax's may not have been much more effective even with an FTC fine.

Equifax Might Owe You $125. Here's How to Get It

Equifax Might Owe You $125. Here's How to Get It

They've negotiated a settlement with Equifax that entitles all victims to 10 years of free credit monitoring, or $125. This (unfortunately) could actually come in handy, given that Social Security numbers taken from Equifax are starting to show up on the dark web, and consumers have already suffered identity theft related to the breach, according to Pennsylvania attorney general Josh Shapiro.

$700 Million Equifax Fine Is Still Too Little, Too Late

$700 Million Equifax Fine Is Still Too Little, Too Late

The state and federal groups that investigated Equifax touted the payout as an important wake-up call for all US corporations—especially since Equifax will also be required to make hundreds of millions of dollars of additional internal cybersecurity improvements on top of the fines.

Hackers Stole a Border Agency Database of Traveler Photos

Hackers Stole a Border Agency Database of Traveler Photos

While CBP says "none of the image data has been identified on the Dark Web or internet,” the dump of hacked Perceptics data just a few short weeks ago doesn’t give much confidence that this breach is contained, or will stay that way.

Indictment Alleges Who Hacked Anthem, but Not Why

Indictment Alleges Who Hacked Anthem, but Not Why

“More than 90 percent of the department’s cases alleging economic espionage over the past seven years involve China,” then-deputy attorney general Rod Rosenstein said in a December press conference announcing a wave of indictments that specifically tied hackers to the Chinese government.

Security News This Week: Julian Assange Faces Extradition to the US

Security News This Week: Julian Assange Faces Extradition to the US

As Motherboard points out, WIRED included Dread Pirate Roberts 2 on a list of Dark Web drug lords who got away in 2015, but it turns out that he was arrested in November 2014; the case just didn't attract notice because UK media law prevented reporting on it before its conclusion.

An Astonishing 773 Million Records Exposed in Monster Breach

An Astonishing 773 Million Records Exposed in Monster Breach

The data set was first reported by security researcher Troy Hunt , who maintains Have I Been Pwned , a way to search whether your own email or password has been compromised by a breach at any point.

The Worst Hacks of 2018

The Worst Hacks of 2018

But between the company's increasingly dismal track record on third-party access limits and a recent incident in which a bug exposed 6.8 million users' photos to third-party developers, it's hard to feel like things are going as well as they could on the user privacy and data management front.Atlanta RansomwareIn March, a ransomware attack locked down the City of Atlanta's digital systems, destabilizing municipal operations.

The WIRED Guide to Data Breaches

The WIRED Guide to Data Breaches

The site the company set up for victims was itself vulnerable to attack, and it asked for the last six digits of people's Social Security numbers to check if their data had been impacted by the breach.

How to Protect Yourself From the Giant Marriott Hack

How to Protect Yourself From the Giant Marriott Hack

But the bulk of the victims—currently thought to be 327 million people—had different combinations of name, address, phone number, email address, date of birth, gender, trip and reservation information, passport number, and Starwood Preferred Guest account information all stolen."Four years is an eternity when it comes to breaches."David Kennedy, TrustedSecSome credit card numbers were also stolen as part of the breach, Marriott says, but the company did not provide an initial estimate of how many were taken.

How Hackers Slipped by British Airways' Defenses

How Hackers Slipped by British Airways' Defenses

But the company later clarified that the compromised data included payment card expiration dates and Card Verification Value codes—the extra three or four-digit numbers that authenticate a card—even though British Airways has said it does not store CVVs. British Airways further noted that the breach only impacted customers who completed transactions during a specific timeframe—22:58 BST on August 21 through 21:45 BST on September 5.These details served as clues, leading analysts at RiskIQ and elsewhere to suspect that the British Airways hackers likely used a "cross-site scripting" attack, in which bad actors identify a poorly secured web page component and inject their own code into it to alter a victim site's behavior.

Security News This Week: Hackers Hit The Oatmeal, and It Wasn't Funny

Security News This Week: Hackers Hit The Oatmeal, and It Wasn't Funny

Newman reported on how a T-Mobile data breach last week exposed personal information, like phone numbers, and why that matters so much.Another major security story this week came out of California, which is trying to pass a comprehensive digital privacy law to give residents control over their data.

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Phone Numbers Were Never Meant as ID. Now We’re All At Risk

Companies don't seem interested in catching up.'If it’s not a secret, then you can’t use it as an authenticator.'Jeremy Grant, Better Identity CoalitionIdentity management experts have warned for years about over-reliance on phone numbers.