Skip to main content
Updated:
Original:

Equifax has become a giant dumpster fire

The credit reporting agency has yet another security blunder on its hands.
Author:

It's not been a week since Equifax revealed the details of 143 million American consumers had been compromised in a data breach, and the dumpster fire continues.

The credit reporting agency, which holds some of your most precious personal data (despite never having gained your consent to hold this information) has stumbled from shambolic mess to shambolic mess since disclosing the breach last Friday.

This latest revelation might just take the cake, however, with cybersecurity expert Brian Krebs revealing on his blog a rather gigantic security flaw in Equifax's Argentinian operations.

A Wisconsin-based security firm examining Equifax's South American operations found an online portal designed for use by employees in Argentina, which could be accessed in the following way:

Username: admin

Password: admin

Krebs, who revealed the 2013 Target data breach, says that using this password, hackers could eventually gain access to the personal details of some 14,000 people who made complaints to Equifax – including the Argentinian equivalent of their social security number.

Now this doesn't affect American consumers in any way, but it serves to highlight the astonishing ease with which Equifax, which holds highly sensitive information including SSNs, credit card numbers, names and addresses, could be compromised.

Equifax told Cnet that it had learned of a "potential vulnerability in an internal portal in Argentina" and acted immediately to "remediate the situation," saying there's no evidence consumers or customers were affected.

It's been a bad week for Equifax

As Cnet explains, Equifax has seriously fumbled the response to its American hack, first by failing to disclose it for six weeks, and then by creating a tool to check whether you've been affected by the breach that produced seemingly random results.

It then encouraged people to sign up for a free year of its TrustedID protection service, which featured small print that very much made it seem like anyone who signed up would be waiving their right to sue Equifax for the data breach.

Equifax eventually clarified this week that nobody who joins it is signing away any rights to legal action.

And finally, in the wake of the breach, consumers concerned about their identities being stolen were encouraged to freeze or set up fraud alerts on their credit reports held by Equifax, Experian and TransUnion.

But ZDNet reports that Equifax's own fraud alert page is also vulnerable to hacking, with security experts noting it can be easily "spoofed" to allow hackers to siphon off even more personal information.

Like we said, dumpster fire.

The FTC has just released new guidance on whether you should get a credit freeze or fraud alert in the wake of the Equifax breach, which you can find here.

Next Up

Chris Finch

Hawks bury Timberwolves in 3-point barrage

Without D'Angelo Russell, the Wolves couldn't keep up with the Hawks.

P.J. Fleck, Gophers football

Kirk Ciarocca returning to Gophers as offensive coordinator

The architect of the 2019 offense will look to revive the Gophers.

Klobuchar - MTP - NBC screengrab

Klobuchar says Congress should pass law to protect abortion rights

Her comments came as the Supreme Court appears poised to weaken — or gut — Roe v. Wade

MPD missing Heard - crop 1_

Police ask for public's help finding Mpls. woman missing a week

The 36-year-old hasn't been seen or heard from recently.

unsplash cold winter breath dark

Hello, winter: List of the coldest wind chills in MN Monday morning

The state went from a relatively mild start of the season, to downright frigid wind chills.

deer

1 CWD-positive deer in Brainerd Lakes area, so surveillance will continue

The CWD monitoring measures were supposed to end after this year.

unsplash - visitor patient doctor hospital emergency - crop

MN program will train, hire 1,000 nursing assistants for long-term care

The facilities are facing a severe staffing shortage.

Minnesota State Fair - main gate day 2021

Minnesota State Fair reestablishes a police department

The fair had been contracting with the Ramsey County Sheriff's Office.

teacher, covid, masks, school

Minnetonka to consider removing middle school mask requirement

The school board has been impressed by vaccination rates among middle school students.

snow, plow

Friday winter storm could hit Twin Cities, southern Minnesota

Meteorologist Sven Sundgaard is already monitoring the forecast.

Sauk Rapids Middle School street view, Minnesota - November 2018_

Teen student arrested for threats toward MN middle school

The Sauk Rapids middle school and high school were closed Monday.

_DSC0318

Rally for trans child outed during Hastings school board race draws big crowd

Hastings has been in the spotlight since the child's family was featured in a CNN story.

Related

Is Equifax going to get away with compromising all our data?

The investigation into the credit-monitoring agency is being scaled back.

The Equifax data breach: What do you do next?

143 million consumers had their information compromised.

Equifax may have had another cyber attack

Come on now, this is getting ridiculous.

Monopoly man crashes ex-Equifax CEO's Senate hearing

Rich Uncle Moneybags was in da house ... erm, senate.

The Tip Jar: Should you accept Equifax's free credit lock offer?

A credit freeze or a fraud alert looks like a better bet.

First Delta, now Best Buy caught up in data breach

The Richfield company confirmed its customers are affected by the hack.

Social security numbers stolen from Equifax, and you're probably affected

The huge data breach was discovered in July and confirmed on Thursday.