Re: Equifax Canada

["Adrian Grigorof" <adi () grigorof com>]

Apparently this was caused by "improper use of a customer's access codes and
security password". Can Equifax force its customers (basically all the
credit institutions and many others) to use a method of authentication
stronger than a user id/password combination? To quote a recent post from
Marcus J. Ranum:

> How many of you could tell your customers *that*?!   People scream
> and whine over the idea of putting firewalls in (still) - now, attempting
> to enforce a local policy against a business partner - that's patently
> ridiculous. Right? Well, technically it's NOT ridiculous, but everyone
> has basically blown it off.

It is surely cheaper to call 600 customers once a year (ok, make that twice
a year) than enforcing an expensive authentication infrastructure. Is it not
a basic principle in IT security that the cost of securing same data should
be less than what that data is worth? It is true, they loose some
credibility but since they have almost monopoly on the credit checking
business (there is only one other company) that's still cheaper than
changing the authentication process. Some heads will probably roll but I
doubt there will be any major changes and I expect they will be in the news
again sometime in the future... Besides, compared to 40 million credit
cards, 600 credit reports are not that bad, eh? Go Canada ;)

If I am not mistaken, the previous incident (March 2004) was a case of
"criminals masquerading as credit grantors" but I bet the firewall guy(s)
were again the scapegoats:(

Regards,

Adrian Grigorof
www.firegen.com

----- Original Message ----- 
From: "Paul D. Robertson" <paul () compuwar net>
To: <firewall-wizards () honor icsalabs com>
Sent: Sunday, June 19, 2005 9:33 PM
Subject: [fw-wiz] Equifax Canada


> "For the second time in about a year, the credit reporting company Equifax
> Canada Inc. has suffered a security breach that has given criminals access
> to personal financial information of hundreds of Canadians.
> The latest case came to Equifax Canada's attention several months ago, but
> was made public only yesterday.
> Criminals that breached the firewall gained access to 605 consumer files,
> which contain personal information ranging from names and addresses to
> type of bank loans and credit cards, payment obligations and social
> insurance numbers."
>
> 605 Canadians, that's like 300 Americans, right?  ;)
>
> Sounds like someone needs remedial INFOSEC training- sheesh 2nd time in a
> year?
>
> Paul
> --------------------------------------------------------------------------
---
> Paul D. Robertson      "My statements in this message are personal
opinions
> paul () compuwar net       which may have no basis whatsoever in fact."
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards