IRS suspends contract with Equifax after malware discovered

Posted on

Read Article at MSN

The IRS said late Thursday that it has temporarily suspended the agency’s $7.1 million data security contract with Equifax (EFX) after malware found on the credit bureau’s website again called its security systems into question.

Equifax, now notorious for exposing more than half of all adult Americans to identify theft, maintained the latest security breach was not officially a hack.

An Equifax vendor was “running code that was serving malicious content” on the Equifax site, the company said in a statement. “Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis.”

However, consumers who were using the site could easily have been tricked into downloading malware when visiting the Equifax help page, an oversight that experts said put people further at risk. The nation’s largest information technology trade group is urging the government to cancel Equifax’s now suspended contract with the IRS.

“Equifax is known publicly to have security breaches, and they are not correcting them,” said Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers, which represents 50,000 IT managers in 126 countries. “Why are we spending all this money to give our data to a company that has clear problems with the technology?”

Equifax’s latest problem was discovered Wednesday by a private security consultant who realized the company’s consumer help page was serving up malware that aimed to get unsuspecting consumers to download fraudulent Adobe updates.

In September, Equifax revealed that it had exposed 143 million consumer files — containing names, addresses, Social Security numbers and even bank account information — to hackers in an unprecedented security lapse. The number of consumer potentially affect by the data breach was later raised to 145.5 million.

The company’s former CEO blamed a single careless employee for the entire snafu. But even as he was getting grilled in Congress earlier this month, the IRS was awarding the company with a no-bid contract to provide “fraud prevention and taxpayer identification services.”

“On the very day that Equifax’s former chief executive misled Congress by scapegoating a single employee for their second major data breach in four years, the IRS announced that it was awarding the company with a contract which will allow it to leak out even more personally identifiable information about taxpayers,” Rembiesa said.

“The prospect of this happening should horrify any elected official who is charged with looking out for the welfare of American consumers,” she added. “Congress needs to slam on the brakes here and kill this IRS contract.”

The tax agency stopped short of that, at least for the moment.

“Following new information available today, the IRS temporarily suspended its short-term contract with Equifax for identity proofing services,” the agency said in a statement. “During this suspension, the IRS will continue its review of Equifax systems and security.”

The agency does not believe that any data the IRS has shared with Equifax to date has been compromised, but the suspension was taken as “a precautionary step.”

In the meantime, the IRS will be unable to create new “Secure Access” accounts, which can be used to order tax court transcripts online. Although people can’t create new accounts, current Secure Access users aren’t affected by this contract change and will continue to have access to their accounts, the agency said. And these transcripts can still be ordered by mail.

Other IRS services are unaffected.

Update – Equifax Says Vendor Responsible for Malicious Content on Website

Read Article at MSN

Equifax Inc. said it was a third-party vendor that served malicious content on its website and it has taken the page offline to conduct further analysis.

“Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal,” Wyatt Jefferies, a spokesman for Equifax said in an email.

The unidentified third-party vendor was responsible for collecting website performance data and had code running on Equifax’s website, Jefferies said. An independent security analyst found on Thursday that the removed page had been altered to trick visitors into installing malware, according to a report on technology news website Ars Technica.

Equifax shares had dropped as much as 3.6 percent, the most intraday since Sept. 15, after the company said its security team was investigating reports of another possible cyber attack. The company is still reeling from the massive data breach it disclosed last month that compromised the private data of more than 145 million Americans.

Equifax says it might have been breached again

Posted on

Richard Smith, former chairman and CEO of Equifax Inc., testifies before House Energy and Commerce hearing on “Oversight of the Equifax Data Breach: Answers for Consumers” on Capitol Hill in Washington, October 3, 2017.

  • Equifax has taken one of its web pages down.
  • The company recently disclosed a hack that compromised the sensitive information of 145.5 million people.

Published 36 Mins Ago Updated 29 Mins Ago | Read Article at CNBC

Equifax said on Thursday it has taken one of its customer help web pages offline as its security team looks into reports of another potential cyber breach at the credit reporting company, which recently disclosed a hack that compromised the sensitive information of 145.5 million people.

The move came after an independent security analyst on Wednesday found part of Equifax’s website was under the control of attackers trying to trick visitors into installing fraudulent Adobe Flash updates that could infect computers with malware, the technology news website Ars Technica reported.

“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” Equifax spokesman Wyatt Jefferies said in an email. “Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”

The Atlanta-based company, which has faced seething criticism from consumers, regulators and lawmakers over its handling of the earlier breach, said it would provide more information as it becomes available.

Equifax disclosed on Sept. 7 that its systems had been breached between mid-May and late July. In the fallout, the company has parted ways with its chief executive, chief information officer and chief security officer.

The breach has prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice.

As a credit reporting agency, Equifax keeps vast amounts of consumer data for banks and other creditors to use to determine the chances of their customers’ defaulting.

Deloitte hack hit server containing emails from across US government

Posted on

Read Article at MSN

The hack into the accountancy giant Deloitte compromised a server that contained the emails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals, the Guardian has been told.

Sources with knowledge of the hack say the incident was potentially more widespread than Deloitte has been prepared to acknowledge and that the company cannot be 100% sure what was taken.

Deloitte said it believed the hack had only “impacted” six clients, and that it was confident it knew where the hackers had been. It said it believed the attack on its systems, which began a year ago, was now over.

However, sources who have spoken to the Guardian, on condition of anonymity, say the company red-flagged, and has been reviewing, a cache of emails and attachments that may have been compromised from a host of other entities.

The Guardian has established that a host of clients had material that was made vulnerable by the hack, including:

  • The US departments of state, energy, homeland security and defence.
  • The US Postal Service.
  • The National Institutes of Health.
  • “Fannie Mae” and “Freddie Mac”, the housing giants that fund and guarantee mortgages in the US.

Football’s world governing body, Fifa, had emails in the server that was breached, along with four global banks, three airlines, two multinational car manufacturers, energy giants and big pharmaceutical companies.

The Guardian has been given the names of more than 30 blue-chip businesses whose data was vulnerable to attack, with sources saying the list “is far from exhaustive”.

Deloitte did not deny any of these clients had information in the system that was the target of the hack, but it said none of the companies or government departments had been “impacted”. It said “the number of email messages targeted by the attacker was a small fraction of those stored on the platform”.

This assurance has been contested by sources that spoke to the Guardian. They said Deloitte’s public position belied concern within the company about exactly what had happened and why.

The Guardian first revealed the existence of the hack on 25 September.

Since then, the Guardian has been provided with further details of the attack, which seems to have started in autumn last year at a time Deloitte was migrating and updating its email from an in-house system to Microsoft’s cloud-based Office 365 service.

The work was being undertaken at Deloitte’s Hermitage office in Nashville, Tennessee.

The hackers got into the system using an administrator’s account that, theoretically, gave them access to the entire email database, which included Deloitte’s US staff and their correspondence with clients.

Deloitte realized it had a substantial problem in spring this year, when it retained the Washington-based law firm, Hogan Lovells, on “special assignment” to review and advise about what it called “a possible cyber-security incident”.

In addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

It is also thought that some emails had attachments with sensitive security and design details.

Deloitte has insisted its internal inquiry, code-named Windham, found that only six clients had information that had been compromised. The review had also been able to establish “precisely what information was at risk”, the company said.

However, that analysis has been contested by informed sources that have spoken to the Guardian. They say the investigation has not been able to establish definitively when the hackers got in and where they went; nor can they be completely sure that the electronic trail they left is complete.

“The hackers had free rein in the network for a long time and nobody knows the amount of the data taken,” said one source.

“A large amount of data was extracted, not the small amount reported. The hacker accessed the entire email database.”

Another source added: “There is an ongoing effort to determine the damage. There is a team looking at records that have been tagged for further analysis. It is all deeply embarrassing.”

The Guardian has been told Deloitte did not at the time have multi-factor authentication as standard on the server that was breached. A cybersecurity specialist told the Guardian this was “astonishing”.

The expert said the migration to the new email system would have “utterly complicated the kind of forensic investigation required to see what had happened”.

“A hacker has got into Deloitte’s email system and been undetected for months, and only six clients have been compromised? That does not sound right. If the hackers had been in there that long, they would have covered their tracks.”

When the Guardian put all these points to Deloitte, it declined to answer specific questions, but a spokesman said: “We dispute in the strongest terms that Deloitte is ‘downplaying’ the breach. We take any attack on our systems very seriously.

“We are confident that we know what information was targeted and what the hacker actually did. Very few clients were impacted, although we want to stress that even when one client is impacted, that is one client too many.

“We have concluded that the attacker is no longer in Deloitte’s systems and haven’t seen any signs of any subsequent activities.

“Our review determined what the hacker actually did. The attacker accessed data from an email platform. The review of that platform is complete.”

In recent months, Deloitte has introduced multi-factor authentication and encryption software to try to stop further hacks.

Dmitri Sirota, co-founder and CEO of the cyber-security firm BigID, warned that many companies had failed to use such methods because they were inconvenient and complex.

“Privileged accounts are like keys that unlock everything, from the castle to the treasury. They provide unfettered access to all systems, which is why they are so valuable.

“Organizations are monitoring databases, not the data in it. It’s hard to detect changes, prevent incidents or compare your data to notice breached information unless you have an inventory of what you have.”

Equifax says 15.2 million UK records accessed in cyber breach

Posted on

Equifax’s massive cyber attack it disclosed in September compromised the sensitive personal details of nearly 700,000 consumers in the UK – Reuters

Equifax said on Tuesday that the massive cyber attack it disclosed in September compromised the sensitive personal details of nearly 700,000 consumers in the UK.

Equifax said that 15.2 million UK records dating from 2011 to 2016 were exposed in the incident, which affected 145.5 million people overall, but that 14.5 million of the exposed UK records did not contain information that put consumers at risk.

Developing Story

AOL’s AIM sets its away message… permanently

Posted on

Now known as Oath, AOL says it will shut down its instant messenger service on Dec. 15 after 20 years.

by Roger Cheng October 6, 2017 7:42 AM PDT | Read Article at CNET

Farewell, AIM.

AOL Instant Messenger, a popular form of communication in the early days of the internet, goes dark on Dec. 15, AOL, now a unit of Verizon’s Oath, said on Friday.

AIM was once one of the dominant instant-messaging platforms on the internet, helped by the massive number of dialup subscribers using AOL internet service. After launching in 1997, it enjoyed its peak in the late ’90s and early 2000s.

But newer services offered by Google and others displaced AIM, and it lost most of its relevancy when users increasingly turned to their smartphones, which brought the rise of WhatsApp, Line, Facebook Messenger and a myriad of other services.

Oath, which also now controls Yahoo, another star of the era when consumers were discovering the internet, said that it’s shutting AIM down to focus on new products and that there would be no replacement for AIM.

The aim.com e-mail domain will still work, Oath said.