I know this is old news but from what I read online this recent hack is the third time since 2015. What are these IT people doing over there?

Now we have to monitor our credit report for any suspicious activities in these next few months or more. What a bumper...

In the Enterprise, aside from the computer enterprise, security is often an afterthought. "First to market," "sales," and "gross receipts" take precedence over security.

I found this particularly irritating: http://www.npr.org/sections/thetwo-w...ed-for-a-month

If that isn't "insider trading," I don't know what is.

This post from Bob Cesca may be germane: https://thedailybanter.com/2017/09/h...inancial-life/

My father was a banker and he was a good and honest man. Today he would be ashamed to admit that he was in any way associated with the financial industry.

I'll stop now, for all I have left is profanity.

The need for 2 factor authentication is a must in today's world. Anyone having access to such data should require 2 factor at a minimum.

I casually noticed the word "opensource" in my FoxNews app story.
Then I websearched: opensource equifax
Sad. Even before I saw that word, my exaggerating imagination was saying:

It used to be Customers first, Employees second & Stock holders third. Today it is Stockholders first, Customers second and Employees third.

A.G. Edwards of A.G. Edwards & Sons, now Wachovia Investments.

And that is a very recent notion. Although it's repeated as revealed truth these days, it dates from the 1970s and became popular in the 1980s and is a creation of the Chicago School of Economists, who unfortunately were not around when Mrs. O'Leary's cow did her thing or perhaps we would have all been saved a lot of trouble . . . .

Historically, the first responsibility of management has been to the sustainability and well-being of the business, not to the quick buck.

Today's New York Times had an article about victims of identity theft, including one poor schmo whose identity has been stolen multiple times.

In cases like these, I openly suspect that they will prove to be inside jobs.

Right now, in the State of Georgia (USA), you have to have a license to install low-voltage wiring around a rich man's yard. But you need no professional license at all to be a computer programmer. Furthermore, companies are quite happy to "import" non-immigrant workers from anywhere that labor is cheap, and/or to "export" their entire data-centers there, as part of "the Happy Little Cloud.™" No one stops to ask questions: "we're saving money, aren't we?"

Someone, who doesn't get paid much and who doesn't give a damn about Equifax because (s)he knows that the feelings are mutual, figures out how to make a lot of money while doing a lot of damage. Sweet Revenge. Companies are marveling at the breach – "how did those pesky Russian (of course ...) Hackers do this?" But of course what they're really doing is deflecting blame and attention away from their own questionable labor practices.

With absolutely no justification for doing so, they happily trust any employee contractor with the keys to their entire kingdom.

When companies and governments finally get tired of losing billions of dollars with no satisfactory explanation, government regulation will come to the data-processing industry. Just as it already did to low-voltage wiring, plumbing, air conditioning, electricity, civil engineering . . .

https://arstechnica.com/information-...month-old-bug/
https://arstechnica.com/information-...-impact-sites/

Not only website bloatware, but difficult to maintain/update:

EDIT:

Never mind. Carry on.

Have a video: https://youtu.be/96u15E0kLv8

The problem for me is, "it's a lon-n-n-ng way between 'a flaw in Apache Struts' and a total compromise of millions of accounts."

Successful compromise of any large data system, I would argue, is nearly impossible to mount "from the outside," with absolutely no knowledge of the systems that you are penetrating. I think that you have to have thorough knowledge of them ... inside knowledge of them.

Thus far, we have paid no attention to who we actually hired, nor to where our data centers were located. If labor is cheap and electrical power is cheaper, "we're there!" But it seems that we have an increasing number of billion-dollar breaches that we "simply can't explain," and most importantly, no one seems to be accountable.

Maybe we need to pass a law that says that any employee who works on a financial data system used in the United States must be a United States Citizen who holds such-and-such grade of a license issued by the Federal Department of Information Security, has cleared so-many background checks, and has appropriate training certified by the US-FDIS.

After all, we have been doing very similar things for many decades with regard to every other form of professional engineering ... except software engineering.

If you did that with software engineers and packages your software industry would collapse, and most of your financial industries would go into meltdown.

Personally, I don't think so. Every roadway is built according to designs bearing the official red stamp of a civil engineer. Every aspect of a building is designed by licensed architects and constructed by licensed professionals. But in this case I am also speaking of internal processes, and the [present lack of ...] accountability therefor. "Knowledge Is Power."

"Who could have done this?" Why, he might be back in Bangladesh by now, his two-year visa time being up. And you'll never be able to go over there and find him. I think that we need to have legal regulation of many things which, in the first heady twenty-odd years of all this wunnerful Internet stuff, has been utterly "loosey goosey." These billion-dollar breaches are not taking place from half-a-planet away. They're not exploiting our software: they're exploiting our [lack of] human process.

What alternative reality are you living in?

And yet I don't think I ever asked them to have my information.

Latest news is they posted wrong site to check.

They won't be able to survive the lawsuits. Consumers will have to worry even after they die that they won't be scammed.