Skip to content

September 12, 2017

Equifax’s data breach response has its own security flaw

by John_A

The Equifax data breach is already unnerving thanks to the sheer scale of sensitive data involved, but it’s not helped by the credit reporting agency’s initial response. Clients have discovered that the PIN codes Equifax is handing out to help lock your credit report (so a thief can’t open a line of credit in your name) are generated by the date and time you made the request. An attacker could determine your code simply through brute force, especially if they have an idea as to when you locked your report.

For its part, Equifax is improving its approach relatively quickly. The company tells Ars Technica that it’s moving to a randomized PIN generation system within a day of this writing (no later than September 12th), and that you can always change your existing PIN. We’ve asked the company for more details as well. However, it’s safe to say that the security flaw is more than a little embarrassing for Equifax. Right now, the company is scrambling to limit the damage to 143 million Americans — the last thing it needs is to create another opportunity for identity theft.

OMG, Equifax security freeze PINs are worse than I thought. If you froze your credit today 2:15pm ET for example, you’d get PIN 0908171415.

— Tony Webster (@webster) September 9, 2017

Via: Ars Technica

Source: Tony Webster (Twitter)

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: