An anonymous reader quotes security researcher Brian Krebs: The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach — equifaxsecurity2017.com — is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones. TechCrunch has concluded that “the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach.” One user reports that entering the same information twice produced two different answers. And ZDNet’s security editor reports that even if you just enter Test or 123456, “it says your data has been breached.” TechCrunch writes: The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted. It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID. Meanwhile, one web engineer claims the secret 10-digit “security freeze” PIN being issued by Equifax “is just a timestamp of when you made the freeze.” Read more of this story at Slashdot.
More:
TechCrunch: Equifax Hack-Checking Web Site Is Returning Random Results
In America the Internal Revenue Service used to pick who got audited based on math mistakes or discrepancies with W-2 forms — but not any more. schwit1 shares an article from the Vanderbilt Journal of Entertainment and Technology Law describing their new technique: The IRS is now engaging in data mining of public and commercial data pools (including social media) and creating highly detailed profiles of taxpayers upon which to run data analytics. This article argues that current IRS practices, mostly unknown to the general public, are violating fair information practices. This lack of transparency and accountability not only violates federal law regarding the government’s data collection activities and use of predictive algorithms, but may also result in discrimination. While the potential efficiencies that big data analytics provides may appear to be a panacea for the IRS’s budget woes, unchecked these activities are a significant threat to privacy [PDF]. Other concerns regarding the IRS’s entrée into big data are raised including the potential for political targeting, data breaches, and the misuse of such information. While tax evasion cost the U.S.$3 trillion between 2000 and 2009, one of the report’s authors argues that people should be aware âoethat what they say and do onlineâ could be used against them. Read more of this story at Slashdot.