Equifax hacked, executives dump shares - LOCK 'EM UP!

[Skjellyfetti]

Equifax's data was breached on July 29.

Executives dump $2,000,000 in shares right after the fact... before it was public. How fucking brazen can you be?

Credit reporting firm Equifax says data breach could potentially affect 143 million US consumers

Equifax says data breach could potentially affect 143 million US consumers Equifax says data breach could potentially affect 143 million US consumers
1 Hour Ago | 00:57
Equifax, which supplies credit information and other information services, said Thursday that a data breach could have potentially affected 143 million consumers in the United States.

The population of the U.S. was about 324 million in 2017, according to Census Bureau estimates, which means the Equifax incident affects a huge portion of the country.

Equifax said it discovered the breach on July 29. "Criminals exploited a U.S. website application vulnerability to gain access to certain files," the company said.

SEC filings show that three Equifax executives – Chief Financial Officer John Gamble Jr., workforce solutions president Rodolfo Ploder and U.S. information solutions president Joseph Loughran – sold nearly $2 million in shares in the company days after the cyberattack was discovered. It was unclear whether their share sales had anything to do with the breach. An Equifax spokeswoman didn't immediately respond to a request for comment.

Shares of Equifax fell more than 12 percent in after-hours trading.

The company said the exposed data include names, birth dates, Social Security numbers, addresses and some driver's license numbers, all of which Equifax aims to protect for its customers.

Equifax added that 209,000 U.S. credit card numbers were obtained, in addition to "certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers."

https://www.cnbc.com/2017/09/07/credit- ... umers.html

[93henfan]

I agree. Hang 'em high.

143 million has to be 75%+ of all US citizens with credit information on file. The more interesting number would be to see how many people were not breached.

[Col Hogan]

I'm not a lawyer, and I'm not staying in a Holiday Inn Express tonight, but could that not be insider trading?

[hitchinaride]

Welcome to the Trump ERROR boys and girls.

[93henfan]

Welcome to the Trump ERROR boys and girls.

asphinctersayswhat

[Pwns]

Why do the computers that have all this stuff on it have to be physically connected to the rest of the world?

And why does it seem like 400 pound hackers are always 2 steps ahead of IT people?

[Skjellyfetti]

Why do the computers that have all this stuff on it have to be physically connected to the rest of the world?

So other businesses can pay them money to give them your credit information... as close to instantaneous as possible. If you're sitting at the car dealership ready to buy a car... pending credit check... the salesperson is going to be pissed if he can't work out your financing pretty fucking fast. "Sorry, come back next week when we get your credit score back" would be death for car salesmen.

It's how their business model works. Yeah, credit agencies could keep it on paper files like in the olden days of yore.... but, their clients aren't going to want to wait around for a couple of weeks for every credit score to come in. They want it NOW! Even keeping all the day on air gapped computers will still slow your business down and no one would use you in favor of your competitors that can send it instantly.

And why does it seem like 400 pound hackers are always 2 steps ahead of IT people?

Computer whiz kids in this country get paid the big bucks by big companies like Google, Facebook, Microsoft, etc. to work on products, develop algorithms, etc.

Information security doesn't pay as well for the most part. The top BS, MS, PhD students are going to massive tech firms and getting rich. It's even worse for the public sector because the background checks, drug tests, etc. that are associated with government information security jobs. They are scraping the barrel for tech talent.

Places like Eastern European shitholes... that have a disproportionate number of computer whiz kids... have no Google, Facebook, Microsoft to work for. It's a breeding ground for hackers, bitcoin farmers, etc.

It's also why if some huge cyber war ever breaks out - we're fucked. We're far more vulnerable and our competition is likely better equipped.

[HI54UNI]

And why does it seem like 400 pound hackers are always 2 steps ahead of IT people?

The security people have a much harder job. They have to be right every time. The hackers only have to be right once.

[andy7171]

My online bank statements are my deterrent against getting hacked.

[Ibanez]

Why do the computers that have all this stuff on it have to be physically connected to the rest of the world?

So other businesses can pay them money to give them your credit information... as close to instantaneous as possible. If you're sitting at the car dealership ready to buy a car... pending credit check... the salesperson is going to be pissed if he can't work out your financing pretty fucking fast. "Sorry, come back next week when we get your credit score back" would be death for car salesmen.

It's how their business model works. Yeah, credit agencies could keep it on paper files like in the olden days of yore.... but, their clients aren't going to want to wait around for a couple of weeks for every credit score to come in. They want it NOW! Even keeping all the day on air gapped computers will still slow your business down and no one would use you in favor of your competitors that can send it instantly.

And why does it seem like 400 pound hackers are always 2 steps ahead of IT people?

Computer whiz kids in this country get paid the big bucks by big companies like Google, Facebook, Microsoft, etc. to work on products, develop algorithms, etc.

Information security doesn't pay as well for the most part. The top BS, MS, PhD students are going to massive tech firms and getting rich. It's even worse for the public sector because the background checks, drug tests, etc. that are associated with government information security jobs. They are scraping the barrel for tech talent.

Places like Eastern European shitholes... that have a disproportionate number of computer whiz kids... have no Google, Facebook, Microsoft to work for. It's a breeding ground for hackers, bitcoin farmers, etc.

It's also why if some huge cyber war ever breaks out - we're fucked. We're far more vulnerable and our competition is likely better equipped.

I've worked in InfoSec for 10 years....and it pays pretty damn well once you have a few years and some certifications. Entry level, yeah, you're maybe looking at $30-40K. But you get some certifications, you can easily go to any tech firm, defense contractor, major bank and make 6 figures or close to it. InfoSec guys that were civilian DoD, back when I was a defense contractor, were making approx. $80k or more.

The Ukraine is Russia's proving grounds for hacking. Fortunately, we've noticed and I know some firms are advising utilities and major companies on what they are learning about the attacks and how to confront them. A lot of these hacks, phishing attempts...are based in old school tactics which we've largely gotten away from. Seriously, we've advanced so much from the simple phishing attempt or worm that many company's aren't even looking for those attacks.


Red teams are getting paid top dollar right now. I know our red team is getting beefed up, primarily to what our Cyber Threat Intel is saying about the threats coming from Asia. North Korea is getting sophisticated in its attacks....as is Russia (no surprise)

[Skjellyfetti]

I've worked in InfoSec for 10 years....and it pays pretty damn well once you have a few years and some certifications. Entry level, yeah, you're maybe looking at $30-40K. But you get some certifications, you can easily go to any tech firm, defense contractor, major bank and make 6 figures or close to it. InfoSec guys that were civilian DoD, back when I was a defense contractor, were making approx. $80k or more.

$30-40k isn't enough to attract top tech talent. I should have said that InfoSec doesn't pay "relatively well." I didn't mean to make it sound like a terrible salary. But, compared to top software firms, it is not even close.

Entry level salary for a developer at Google is over $100k + stock options, etc. It's nuts. And Google isn't alone, just about every major tech company is similar.

There isn't the same incentive for the best CS students to go into InfoSec.

[Ibanez]

I've worked in InfoSec for 10 years....and it pays pretty damn well once you have a few years and some certifications. Entry level, yeah, you're maybe looking at $30-40K. But you get some certifications, you can easily go to any tech firm, defense contractor, major bank and make 6 figures or close to it. InfoSec guys that were civilian DoD, back when I was a defense contractor, were making approx. $80k or more.

$30-40k isn't enough to attract top tech talent. I should have said that InfoSec doesn't pay "relatively well." I didn't mean to make it sound like a terrible salary. But, compared to top software firms, it is not even close.

Entry level salary for a developer at Google is over $100k + stock options, etc. It's nuts. And Google isn't alone, just about every major tech company is similar.

There isn't the same incentive for the best CS students to go into InfoSec.

I see where you say, "relatively well"...and i agree. Entry level software engineers will make more than someone going entry level Cyber Security. But the two are different animlas. SW engineers,for the most part, do a shit town of coding. Cyber Security, does coding, etc... but there's more to it. There is more vulnerability analysis, ethical hacking, red team, etc...

Social Media companies pay ridiculous amounts of money, for sure. And most companies aren't going to compete with those perks. Places like BenefitFocus, SPark (now Booz Allen), Blackbaud, Google, have an almost - frat party atmosphere. Tshirt and Jeans, keggers, ping pong parties, bring your dog to work, etc... That attracts someone that isn't looking to work at the DoD or Wells Fargo where all of those perks are non-existent.

But I said entry level for $30-40k. That's not top talent, that's entry level analysts and the sort. And not all developers are InfoSec, you have to be careful with that. Web, app, architecture developers are in high demand but they might do absolutely zero when it comes to cyber security. From what I've seen (and from what i've recently offered to the 2 people we've hired) is $60-$90k. THat includes no experience and someone with 10 yrs and a CISSP. I found this online and it's close to what i've seen - https://www.glassdoor.com/Salaries/info ... KO0,28.htm


Btw, one of the biggest problems with developers is that they are a dime a dozen. The expensive ones are easily dismissed for new, cheaper talent. Tech recruiting is huge in cities like NYC, San Fran, Charlotte, Richmond, etc.. and it's b/c it's cheaper and easier to hire developers for 18 months, pay them a huge salary ( no benefits) and then cut them loose.

[Col Hogan]

I've worked in InfoSec for 10 years....and it pays pretty damn well once you have a few years and some certifications. Entry level, yeah, you're maybe looking at $30-40K. But you get some certifications, you can easily go to any tech firm, defense contractor, major bank and make 6 figures or close to it. InfoSec guys that were civilian DoD, back when I was a defense contractor, were making approx. $80k or more.

$30-40k isn't enough to attract top tech talent. I should have said that InfoSec doesn't pay "relatively well." I didn't mean to make it sound like a terrible salary. But, compared to top software firms, it is not even close.

Entry level salary for a developer at Google is over $100k + stock options, etc. It's nuts. And Google isn't alone, just about every major tech company is similar.

There isn't the same incentive for the best CS students to go into InfoSec.

Is enty level at Google like the major leagues...you only get there after gaining experience somewhere else(the minor leagues)? Or is entry level at Google just graduating from an appropriate school?

[CAA Flagship]

I'm not a lawyer, and I'm not staying in a Holiday Inn Express tonight, but could that not be insider trading?

Yes it's insider trading but not in the illegal sense. Of course company execs have a better idea of the future of their company, but there is no way to prevent that. If the information is transmitted outside of the company, and is acted upon before being made public, then those outsiders are in violation of insider trading. And insiders leaking the news would be subject to penalties. But trades by insiders are watched very closely and often considered a leading indicator of stock moves. As long as the appropriate forms are filed, and filed in a timely manner, it is legal as far as I know.

But from what I can tell, the number of shares that were sold by a couple of insiders were a small percentage of what they owned and were sold about a week after the quarterly earnings report (3.8% and 13.4% of holdings). Not enough for the markets to react to.

[Skjellyfetti]

Is enty level at Google like the major leagues...you only get there after gaining experience somewhere else(the minor leagues)? Or is entry level at Google just graduating from an appropriate school?

Minor leagues are often time internships. My understanding is they like to hire fresh grads from top tier schools and train them, rather than retrain them. Median age at Google is in the 20s.

[Ibanez]

Is enty level at Google like the major leagues...you only get there after gaining experience somewhere else(the minor leagues)? Or is entry level at Google just graduating from an appropriate school?

Minor leagues are often time internships. My understanding is they like to hire fresh grads from top tier schools and train them, rather than retrain them. Median age at Google is in the 20s.

That's my understanding with them as well. Same goes for Facebook. Get them young and dumb.

[Grizalltheway]

Minor leagues are often time internships. My understanding is they like to hire fresh grads from top tier schools and train them, rather than retrain them. Median age at Google is in the 20s.

That's my understanding with them as well. Same goes for Facebook. Get them young and dumb.

*and full of cum

[Skjellyfetti]

[andy7171]

That's my understanding with them as well. Same goes for Facebook. Get them young and dumb.

*and full of cum

You know Raul was thinking that.

[Grizalltheway]

*and full of cum

You know Raul was thinking that.

Only about the female ones!

[Ibanez]

Professional what?

[Grizalltheway]

Professional what?

Leaker

[93henfan]

I bet their muzak server never got hacked.

[Ivytalk]

Be careful before you take up Equifax's "offer" to tell you whether your info was hacked. They try to get you to sign up for a "service" that contains a hidden waiver of your right to sue Equifax relating to the hack.

[93henfan]

Be careful before you take up Equifax's "offer" to tell you whether your info was hacked. They try to get you to sign up for a "service" that contains a hidden waiver of your right to sue Equifax relating to the hack.

Yep. Guarding against the inevitable class action (of which a tidy chunk will go to the attorneys). The rest of us will probably get free credit reporting for life and a check for 99 cents.