Equifax has become a giant dumpster fire

The credit reporting agency has yet another security blunder on its hands.
Author:
Updated:
Original:

It's not been a week since Equifax revealed the details of 143 million American consumers had been compromised in a data breach, and the dumpster fire continues.

The credit reporting agency, which holds some of your most precious personal data (despite never having gained your consent to hold this information) has stumbled from shambolic mess to shambolic mess since disclosing the breach last Friday.

This latest revelation might just take the cake, however, with cybersecurity expert Brian Krebs revealing on his blog a rather gigantic security flaw in Equifax's Argentinian operations.

A Wisconsin-based security firm examining Equifax's South American operations found an online portal designed for use by employees in Argentina, which could be accessed in the following way:

Username: admin

Password: admin

Krebs, who revealed the 2013 Target data breach, says that using this password, hackers could eventually gain access to the personal details of some 14,000 people who made complaints to Equifax – including the Argentinian equivalent of their social security number.

Now this doesn't affect American consumers in any way, but it serves to highlight the astonishing ease with which Equifax, which holds highly sensitive information including SSNs, credit card numbers, names and addresses, could be compromised.

Equifax told Cnet that it had learned of a "potential vulnerability in an internal portal in Argentina" and acted immediately to "remediate the situation," saying there's no evidence consumers or customers were affected.

It's been a bad week for Equifax

As Cnet explains, Equifax has seriously fumbled the response to its American hack, first by failing to disclose it for six weeks, and then by creating a tool to check whether you've been affected by the breach that produced seemingly random results.

It then encouraged people to sign up for a free year of its TrustedID protection service, which featured small print that very much made it seem like anyone who signed up would be waiving their right to sue Equifax for the data breach.

Equifax eventually clarified this week that nobody who joins it is signing away any rights to legal action.

And finally, in the wake of the breach, consumers concerned about their identities being stolen were encouraged to freeze or set up fraud alerts on their credit reports held by Equifax, Experian and TransUnion.

But ZDNet reports that Equifax's own fraud alert page is also vulnerable to hacking, with security experts noting it can be easily "spoofed" to allow hackers to siphon off even more personal information.

Like we said, dumpster fire.

The FTC has just released new guidance on whether you should get a credit freeze or fraud alert in the wake of the Equifax breach, which you can find here.

Next Up

court gavel

Minneapolis man sentenced to 30 years for death in robbery gone wrong

James Moore was sentenced in the death of Malik Smith.

Em1jOWyWEAwspXK (1)

St. Paul homicide suspect arrested by FBI in Chicago

A 34-year-old Minneapolis man was killed in the Nov. 14 shooting.

Sanford Health

Sanford Health 'parts ways' with CEO after his face mask comments

Kelby Krabbenhoft had been with the company since 1996.

closed sign

What's open and closed in Minnesota on Thanksgiving Day 2020?

Most services will not be running on Thursday and unlike most years, many stores will be closed, too.

PennyMomentos

How a turkey's brush with celebrity in Bloomington came to a tragic end

DNR: if you care about wild animals, stop feeding them

TCF Bank Stadium

Saturday's Gophers/Badgers football game canceled due to COVID-19 issues

The Battle for Paul Bunyan's Axe will not take place for the first time since 1906.

coronavirus, Iowa

MN health officials don't think downside of COVID-19 peak has arrived

We could be in a trough between a series of waves, Jan Malcolm said.

covid-19, coronavirus

Wisconsin reports record 104 deaths from COVID-19 Tuesday

That's roughly 10% of the total in the nation in a 24-hour period.

Drywall

Husband and wife sentenced for fraud scheme through their drywall firm

The Annandale pair bilked an insurance company out of more than $300,000.

ambulance

4 pedestrians suffer life-threatening injuries after being struck by vehicle

Two vehicles crashed into a car that was on the side of the road after striking a deer.

Related

Is Equifax going to get away with compromising all our data?

The investigation into the credit-monitoring agency is being scaled back.

The Equifax data breach: What do you do next?

143 million consumers had their information compromised.

Equifax may have had another cyber attack

Come on now, this is getting ridiculous.

The Tip Jar: Should you accept Equifax's free credit lock offer?

A credit freeze or a fraud alert looks like a better bet.

Monopoly man crashes ex-Equifax CEO's Senate hearing

Rich Uncle Moneybags was in da house ... erm, senate.

Things somehow keep getting worse for Equifax

The credit agency had been hacked in March, in a separate breach.

Social security numbers stolen from Equifax, and you're probably affected

The huge data breach was discovered in July and confirmed on Thursday.