Start When online dating turns dangerous

When online dating turns dangerous

Ray Watson, a cybersecurity researcher who messaged me this morning on Twitter about this curiosity, said it is likely that Mandiant has been registering domains that might be attractive to phishers hoping to take advantage of public attention to the breach and spoof Equifax’s domain.

Speaking of Experian, the company is now taking advantage of public fear over the breach — via hashtag #equifaxbreach, for example — to sign people up for their cleverly-named “Credit Lock” subscription service (again, hat tip to @rayjwatson).

In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat.

In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones. But most large companies that can afford to do so hire outside public relations or disaster response firms to walk them through the safest ways to notify affected consumers.

One interesting domain that was registered on Sept.

5, 2017 is “equihax.com,” which according to domain registration records was purchased by an Alexandria, Va. A quick Google search shows that Schondorfer works for Mandiant.

Several readers have written in to point out some legalese in the terms of service the Equifax requires all users to acknowledge before signing up for the service seems to include legal verbiage suggesting that those who do sign up for the free service will waive their rights to participate in future class action lawsuits against the company.

Krebs On Security is still awaiting word from an actual lawyer who’s looking at this contract, but let me offer my own two cents on this. ET: Equifax has updated their breach alert page to include the following response in regard to the unclear legalese: “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and Trusted ID Premier terms of use does not apply to this cybersecurity incident.” Equifax will almost certainly see itself the target of multiple class action lawsuits as a result of this breach, but there is no guarantee those lawsuits will go the distance and result in a monetary windfall for affected consumers.

I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans.