[KMORGSM5]

That's fucking bullshit and no way should this have happened.

[KillBill999]

Don't sign up for anything with Equifax. Go to Transunion and pay the monthly fee...this allows you to "lock" or "freeze" your credit with both Transunion and Equifax. This is $20.00 a month and is the best way to protect yourself. If you need to apply for credit, you simply unlock your accounts with the app and then lock back up. You have to go to the internet to sign up.

[zx10guy]

No. The best way is to start making noise with your local congressional representatives to put a law in the books that hold these companies accountable for these gross security breaches. By sucking up the status quo and paying into these credit protection services is going along with the scam these companies are pushing on us. When you look at it, why do WE have to pay extra money to protect data which we are not in control of. Data these companies should be spending money to protect.

As I said, HIPAA laws dramatically changed how IT/data is being handled in health care. And I will repeat again, when was the last time you saw a major breach in health care where patient information was leaked out? Even with the recent slew of ransomware attacks suffered by some hospitals, there has been no mention of any data being compromised in being leaked out.

[TXSTYLE]

As put by another...

Its Just another demonstration of the greedy greasy corporations focus on profits, financial corporations attitude is profit at no cost, due diligence and responsibility can take a hike. We can see this all over western economies, the banking and finance industry is rotten and has been for generations.

[NEFARIOUS]

I hate to play devil's advocate, but as someone who worked both medical offices and dabbling in IT security, especially after the big cyberattack in late June where I had to un-fuck WPP's infrastructure (ad agency conglomerate, which includes Grey, the former advertiser for BMW):

Hackers go after what can do the most damage, "#streetcred", or make the most money, which is why ransomware is popular (because there's always going to be someone that's willing to try to pay to get their data back), how PCs have more viruses than Macs (Windows takes 83.5% of the market compared to 12% marketshare so it's more enticing to go with the bigger number), and why the government (Wikileaks), the bank, and now the credit reporting agencies (because there's financial information) is often the bigger target... What can a hacker do with "Mr. So-and-so has AIDS, but we know that his medical bills has been paid off"?

Even with all the safeguards HIPAA takes, the chances of financial data getting hacked may be drastically reduced, but certainly not impossible... Not to mention there usually isn't anything that can really ruin things for patients too far even if you hacked into a typical medical record; an increasing amount of health insurance companies are transitioning away from using your SSN as an identifier (you can still look up patients by social but submitting an insurance claim often requires an ID number), and in most cases, nothing other than the fact that the bill is paid is kept on file.

However, we're entrusting everything that can fuck with our finances to companies like this, but it's not to say that there's no HIPAA equivalent for financial data... There is Gramm-Leach-Bliley Act and Federal Regulation P, but again, hackers realize that you can really fuck people up if you hacked a credit bureau since it often contains the information required to fuck someone's finances up for life.

[zx10guy]

I agree no system is 100% hack proof. But we're not talking about a minor breach here. The scale of this breach indicates gross incompetence, don't give a F' attitude of maintaining proper INFOSEC, or a combination of both. While I understand your argument about going after the core entree but not the appetizer, you have to wonder why the health care industry (being prodded by HIPAA laws) have taken data security so seriously while time and time again the commercial/financial sector has done nothing to improve things.

I do some consulting work with NIH currently. You have to wonder why the IT staff I deal with there when discussing PII information treat it like it's TS/SCI data. I see a lot of parallels in how these organizations are handling this sensitive data as I've worked for many many years in the classified arena. Some have gone as far as air gapping systems to decrease external exposure. You don't see this other than in classified IT systems. I've had many discussions where encryption at rest systems are brought up constantly along with keeping the data encrypted in flight. I've heard nothing of the sort being discussed with these financial institutions. Why? Because it costs money both in the actual software/hardware and the expertise needed to implement these systems properly. Some system can be a royal pain in the rear to configure as I know personally having spent 2 weeks nonstop trying to get a Datafort Decru encryption at rest system up and operational.

Here's more info about Equifax to fan the flames of anger:

https://www.forbes.com/sites/thomasb.../#5f8409a677c0