Connect with us

Technology

Equifax To Pay $700M Or More For 2017 Data Breach

The credit reporting company has finally settled a deal with the Federal Trade Commission.

Photo: GotCredit | Flickr.com | CC By 2.0

Published

on

ad1

Equifax has reached a deal with the Federal Trade Commission (FTC) to pay up to $700 million due to the data breach last July 2017. The data breach resulted in the leakage of personal information of 143 million Americans.

The credit reporting agency will set up a $300 to $425 million in compensation for the affected consumers. It may still increase depending on the number of users that continues to file claims. Another $175 million will be paid to the 48 states, including the district of Columbia and Puerto Rico, and $100 million will go to Consumer Financial Protection Bureau (CFPB).

Aside from the fines, Equifax will implement changes on how it handles its users’ data. Information security protocols will be revised in compliance with the FTC’s standards. There will also be an annual assessment of the company’s security risks that requires passing a board certification.

FTC Chairman Joe Simons emphasized the need for “extra responsibility” of securing personal data from companies that build businesses involving personal information. He said in a statement, “Equifax failed to take basic steps that may have prevented the breach.”

In July 2017, personal data such as names, addresses, credit card numbers, and social security numbers were hacked from Equifax’s systems.

Equifax is considered as one of the three largest credit-reporting companies that track the financial history of consumers. The company collects data on financial transactions such as loans, credit card payments, child support payments, rent and utility payment, and credit limits. Aside from financial records, additional personal data such as employment history and valid ID numbers are also collected. Using this data, the company computes each’s credit scores.

When the company shared about the incident on September 2017, they identified that 209,000 U.S. consumers had their credit card numbers stolen. About 182,000 people have already reported credit card disputes.

After a thorough investigation, it was found out that 143 million users were affected. Most of which were residents of the United States, the United Kingdom, and Canada.

Unfortunately, not all 143 million consumers know that their information was given to Equifax. The credit reporting company collects data from credit card companies, banks, stores, and lending agencies.

Since the incident, the company has mailed notices to identified affected consumers.

Aside from the notices, users can check if they were affected by the hack through a website set up by Equifax. In the website, a user can check their status by clicking the “Check Potential Impact” link and submit their name and the last six digits of their Social Security number.

The user will then receive an email notifying whether their information was included in the hack. Aside from the notification, Equifax is also offering a security option called Trusted ID Premier.

The user can enroll in the TrustedID Premier, which provides free credit file monitoring and identity theft protection for a whole year. Users had until January 31, 2018, to enroll themselves on the program.

Initially, anyone who enrolls may be limiting themselves to participate in class-action suits or any lawsuit against the company. However, due to the backlash, the company had to remove it from their terms and conditions.

Equifax learned about the hack on July 2017, but only disclosed to the public after three months. Their info-sharing with the affected people were also criticized. Instead of calming the consumers, the threat of possible identity theft grew as consumers are left clueless about what has happened.

Hackers were able to gain access to personal data through a security flaw in a tool for building web applications called Apache Struts. Equifax used this tool as a support for its online dispute portal.

Equifax has admitted that its security department was aware of the security flaw months before hackers targeted their apps. The company was working on patches for the security flaw but was not able to deploy it on time.

Aside from the lapse of judgment, when a data breach was discovered on July 29, the company waited a day before taking the web application offline. Based on the company’s statement, the delay was purposely done to “observe additional suspicious activity.”

The company outsourced the help of Mandiant, a cybersecurity firm, to assess the damage done by the hacking incident. It was then revealed that a series of data breaches have already occurred since May 13 until June 30.

Many criticized Equifax’s delayed responses to the vulnerability discovered months before the hacking incident happened. Jon Hendren, director of security firm UpGuard, said, “There’s really no excuse whether it’s a difficult patch or not, for an organization of that size with that kind of magnitude of data.”

Due to the breach and the disappointing crisis and public relations management, the company’s CEO Richard Smith retired last September 2017, effective immediately. The company also announced retirements of its top security and information executives during that time.

Hi! I'm a contributing writer who loves tech, pop culture, and food. I'm also an ESL Teacher and a Photography Enthusiast.

Gadgets

Apple iPhone 11 rumored to unveil on September 10

A13 chips?

Published

on

ad1

The announcement date for the iPhone 11 is said to be found on the beta version of its new operating system. This news follows Apple’s release of iOS 13’s beta version to developers last August 15.

Within the seventh beta version of iOS 13, there is an asset labeled “HoldForRelease” that suggests the latest iPhone models could be announced on September 10. The image found in the systems files indicating the said date was first spotted by iHelpBR.

In 2018, just before the official event date for the iPhone was revealed, a similar leak happened to Apple. The leak indicated that the launch of the iPhone XS, iPhone XS Max, and iPhone XR would fall on September 12. The prediction proved to be correct.

Apart from the announcement date, there have been rumors that the newest iPhone line would be released on September 20. The president of Japan’s Softbank Ken Miyauchi implied that the new iPhones would be unveiled during the Apple keynote event on September 10, and they will be released to the market ten days after.

In the past four years, Apple has scheduled the release event in September. The Cupertino-based tech giant has been holding its iPhone event either on the second Tuesday or Wednesday of the month.

It is unlikely that Apple would be hosting the said event on September 11. This makes September 10 as the most probable date. If the rumor proves to be accurate, pre-ordering would most likely start on September 13, and shipping would begin a week after.

While Apple’s announcement is only a few weeks away, there have been leaks and tips regarding the names of the latest iPhones. According to phone case company, ESR, the newest phones would be called iPhone 11, iPhone 11 Pro, and the iPhone 11 Pro Max.

With the growing anticipation for the release of the 2019 Apple iPhone models, the question of what these smartphones can offer is brewing. Apple has recently experienced a 12% decrease in iPhone sales, and it has reported a dip in its quarterly profit as well.

Its rivals — Samsung, Google, and Huawei — recently released their latest smartphones, and they are priced cheaper compared to Apple’s recently released iPhones. With these issues at hand, Apple is expected to deliver a product that can attract new customers and keep its current users.

According to analysts, they don’t see major changes in the iPhone 11. The more extensive changes would be happening in 2020. This might include features like 5G support and 120Hz OLED Retina display.

One of the biggest changes being anticipated with the release of iPhone 11 is its camera set-up. In a Bloomberg report made in January 2019, it seems Apple would be giving at least one of the 2019 iPhone models three rear-facing lenses. This feature would allow the phone to take greater and better wide-angle shots.

The iPhone 11 is rumored to come in four different colors — gold, white, black, and dark green. There are also reports saying that Apple will be dropping the 3D Touch feature this year. Apple might be incorporating a new Haptic Touch technology dubbed as “leap haptics.”

If your other Apple device is running out of battery, the iPhone 11 might be able to give it some juice through its bilateral charging feature. Similar to Samsung’s Galaxy 10 phones, and their ability to power the Galaxy Watch Active and Galaxy Buds, you can use the iPhone 11 to charge the 2019 Apple AirPods or other iPhones.

There is a prediction going around that the 2019 iPhone models would include larger batteries. This means that there is a possibility that their battery life would be much better compared to the older iPhone models.

When it comes to the phone display, Apple is likely offering another LCD phone this year. In last year’s release, the iPhone XR had an LCD display while the iPhone XS and XS Max had high-resolution OLED displays.

With last year’s iPhone releases, the smartphones were equipped with the highly-powerful A12 Bionic chip. Rumors are saying that the iPhone 11 might be powered by a processor that’s quite similar to the one found in the iPad Pros called the A12X. Apple could also be using the new A13 chip.

Continue Reading

Cybersecurity

Kaspersky Antivirus zero-day could ironically allow hackers to track users

Kaspersky has already issued a patch to resolve the vulnerability.

Published

on

Photo: David Orban | Flickr | CC BY 2.0
ad1

A German journalist discovered a flaw in the system of Kaspersky Lab’s antivirus that led to a significant security risk which allowed cybercriminals to track Kaspersky customer without their knowledge.

This all started when Ronald Eikenberg began testing antivirus programs for his own publication. A few months later he discovered that on a website, Kaspersky’s antivirus has been injecting some code. Eikenberg said that it seems that Kaspersky is trying to find ways in interacting with the site even though there is no browser extension on the system.

“One of the purposes of the script is to evaluate Google search results displayed in the user’s browser. If a link is safe, the Kaspersky software will display a green shield behind it,” he added.

In this era, most of the companies and websites would require tracking users across the internet to identify them and learn their interest to provide the target advertisements to be shown to them. Usually, this would require 3rd-party cookies, and this would allow even Facebook or Google to track your movement throughout multiple websites.

The problem however when using Kaspersky Antivirus is that it exposes a user by tagging them with a unique identifier that will record and keep track of what you visited in the past four years, which would allow some sites and third-party services to track them even though users have already blocked them. This will be putting the users at risk since everything that the user does is being monitored or kept track of.

“That’s a bad idea because other scripts that run in the context of the website domain can access the HTML code at any time—and thus the injected Kaspersky ID. This means in plain language that any website can simply read the Kaspersky ID of the user and misuse it for tracking,” the researcher says.

Instead of using unique identifiers, they were given a specific ID assigned to a particular computer; thus, it does not change after several days.

This attack could lead to scamming people by either asking their personal information or bank account information through the form of a payment system. One good example would be that a pop-up will show up and say ‘your license has expired, please enter your credit card information to renew your subscription.’

This process would affect multiple users that are using Kaspersky Antivirus. 

There was a patch that was issued last month to update all Kaspersky antivirus program for all the user of a specific version. However, there is still a version of the security tool that still allows a malicious hacker to know that antivirus software is installed on the machine.

Another way to somehow mitigate the problem is to manually uncheck in the software settings depending on the situation that you feel you are being spied on.

Kaspersky has already removed the unique identifiers for the GET request to enhance somehow the process of checking web pages when it comes to malicious activity. The change was provoked by Eikenberg after he notified Kaspersky about the possible risk of personal information disclosure when using unique identifiers for the GET request.

A statement released by Kaspersky revealed that based on their research, there is a minimal chance that this could be carried out in practice, but it is theoretically possible to happen. The complexity of the program would help fend off the leak of private information and also its low profitability would somehow be a discouragement for the hacker. 

Nevertheless, the company would still need to improve their system in order to prevent further mishaps, the private information that should be protected by the company is a due responsibility that should not be taken short for. Thus it is a severe issue if Kaspersky does not resolve the problem at hand right away. 

On a brighter note, if users want to disable tracking altogether, they can manually disable the URL advisor feature from the settings – additional – network- uncheck traffic processing box. This procedure will allow the user to be safe and not be monitored for the meantime while using the said application.

Users of specific tools that sole purpose is to protect our information and protect the user, having this kind of issue will bring distraught to the public in trusting some of the protection programs to install on their devices.

Continue Reading

Gadgets

Huawei warns Trump of disrupting the dominance of Apple, Google

Huawei CEO said that if the U.S. government continues to deny them of using Android, they will be forced to use HongMeng OS on their new smartphones, disrupting the dominance of Google and Android.

Published

on

Photo by Kamil Kot on Unsplash
ad1

Huawei is poised to take over and disrupt the dominance of two long-standing tech giants in the smartphone industry, Google and Apple, and when pushed by the U.S. government to their last recourse if Washington continues denying the Chinese company access to the Android operating systems for their future smartphone products, it will have no choice but to fight against Google and Apple, which is bad for the U.S., Huawei CEO Ren Zhengfei warned.

Ren stated in an interview that if Google strips them from the Android operating system, then the world will know a third operating system. Ren also claimed that releasing a third operating system will not be the best choice for the two major companies since there will be more competition.

The blacklisting was announced last May, and since then, Huawei has been claiming to launch a new smartphone with a new operating system. The operating system, named HongMeng or Harmony OS, will be better than both the current operating system available, the tech giant said.

People have been wanting a better version of the smartphones that we are using now, instead what we got instead are clever phones that have low-latency, better smart-TVs and even watches that are able to connect to the internet.

Huawei claimed that they don’t have a “plan-B” if ever the banning of Google would happen, according to Ren. If ever Google is not used, they plan to shift HarmonyOS to be viable to smartphones, but it would take some time since the shift would require them to create a whole new system that would be on par when it comes to its performance.

The problem all started when there were claims that due to the coziness of Huawei with the Chinese government, it is feared that the devices would be used as a tool to spy on other countries. This was all the reason that caused the U.S. to ban companies from using equipment from Huawei way back in 2012.

An executive order from President Donald Trump placed Huawei on the list of the U.S. Department of Commerce’s Bureau of Industry and Security on May 15. However, Trump agreed to be more lenient on the restriction as a part of a deal to resume business trade talks with China in June.

If the U.S. really does deny access to Google’s operating system, then Huawei has no choice but to create an alternative, and it will be backed up by China for Huawei to create this alternative.

Ren warned Google, “you cannot rule out the chance that the third operating system might outrun them someday.”

The U.K. can’t practically decide on what to do right now as other major telcos still work hand in hand with Huawei by continuing to sign agreements with them. While the U.S. still is still tangled in trade talks with agriculture, so the cycle of their industry is still the same, fast-moving and no change. 

Supplying ‘authoritarian regimes’

In an interview, Ren also admitted that Huawei supplies “authoritarian regimes.”

“I actually do not make any prejudgement of a government first before we sell to our customers. Because every country has a sovereign system, it’s not in our position to interfere with the sovereignty of other states. If we did, then we would be playing the game of politics, right? And that’s a matter for sovereign states.”

The situation where Huawei is on right now might be a little difficult since it will require a gamble if ever they were denied access with Google’s operating system. Right now, Huawei still does not have any ‘plan-b’ course of action, but they will have to make an alternative when the time comes. They also plan to compete with the two biggest Operating system provider (Google and Apple). 

The U.S. is still pondering on whether to continue the relationships with Huawei or to completely ban them and make them a permanent blacklist on U.S. Department of Commerce’s Bureau of Industry and Security, halting any form of trade with Huawei and demolishing the support that they are still currently having with Google.

The long term plan is still hazy, but if ever the U.S. does force China into a full-scale Android alternative, others will jump on board. And, despite the rhetoric, the U.S. really does not want that.

Continue Reading

Trending