Most corporations and people are very complacent when it comes to privacy and security. Even with all the breaches and hackings lately, people continue use easy passwords and corporations don’t increase their security protocols until it happens to them. Equifax should have the best security protocols (constantly updated) in place due to the nature of the information they consolidate and compile. Although, it appears their system was lacking and now 143 million people are vulnerable. Good to know that the executives at Equifax will make millions.
It will be interesting to hear what their security protocols were/are. They can’t claim it wil jeopardize their info…that horse has left the barn.
It would not shock me a bit if it was Russian. Identity Theft is the cyber crime that country leads the world in. China has industrial espionage.
Maybe. The country of origin, or supposed origin, isn’t as telling as the person or persons. This strikes me more as an identity theft thing than a governmental intrusion but of course I don’t know. I’m no expert and I can make myself appear to be from anywhere. I think some of these are inside jobs, or assisted by insiders more often than we are told. It will be interesting to see how this unfolds. Credit reporting agencies make great political footballs.
So… Is SmartThings above or below “average”? 
When it comes to the arena of information security, average is a low low bar. I promise you.
In terms of engineering talent and consciousness of these kinds of issues I’d say above average. (And strongly agree with JH1, average in terms of security would be a total failure in my eyes… Can you tell I have a degree in security? 
) Policies around handling sensitive data are also pretty strong as well, especially with Samsung now in the mix (has anyone here ever been to Samsung HQ and experienced their security team?? 
)
You joined this site just to create a post to promote a company? This was your 1st post on this site. I am not going to some site to get ID protection based on some random guy’s tip.
It took five weeks to tell us. I have no affiliation with this show BTW.
Leo has been around for decades.
After the shows commercials, the breach is the first story.
Nothing surprises me with them. We are going to feel the result of this for ever.
I was close. I said 12345.
user ID: userid
password: P@ssw0rd
I make my password incorrect. That way when I forget it my computer will tell me my password is incorrect.–Mitch Hedberg
Short story: Equifax reportedly had a patch for the vuln 60 days before the breach.
Now is the time to slip that noose around the neck.
That said, these types of decisions on risk vs operational expense/impact are made every day. Organizations roll the dice.
I’ve been told by devs on this community they discovered security issues and have made ST aware of them, ST declined to mitigate immediately - it could still be in that situation, I don’t know details and this has been at least a year since I heard of it so i don’t know current status.
Just pointing out this happens all the time.
The Wall Street Journal reports that in the months leading up to the attack, that Equifax spent at least $500,000 lobbying federal regulators and Congress to relax regulation of credit-reporting companies. Among the focus of its requests? “Data security and breach notification,” “cyber security threat information sharing,” and the coup de grace: “limiting the legal liability of credit-reporting companies.”
Makes you wonder how far back the breaches actually go and when they found out.
These guys haven’t sent letters to anyone as far as I know. People have to initiate an inquiry to learn if they were impacted. At least when this usually happens they tell you and you don’t have to ask. Aren’t they legally obligated to notify individuals? Or did they find some loopholes?
Section 2.c of Code 52a4: “If you manage to expose everyone’s personal information you don’t have to notify anyone”