Blogs

Data Breach – Equifax to Pay at least $575 Million for 2017 Data Breach
Settlement Includes fund to help consumers recover from data breach
Post from Federal Trade Commission: July 22, 2019 Equifax Inc. has agreed to pay at least $575 million, and potentially up to $700 million, as part of a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB), and 50 U.S. states and territories, which alleged that the credit reporting company’s failure to take reasonable steps to secure its network led to a data breach in 2017 that affected approximately 147 million people.
In its complaint, the FTC alleges that Equifax failed to secure the massive amount of personal information stored on its network, leading to a breach that exposed millions of names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.
As part of the proposed settlement, Equifax will pay $300 million to a fund that will provide affected consumers with credit monitoring services. The fund will also compensate consumers who bought credit or identity monitoring services from Equifax and paid other out-of-pocket expenses as a result of the 2017 data breach. Equifax will add up to $125 million to the fund if the initial payment is not enough to compensate consumers for their losses. In addition, beginning in January 2020, Equifax will provide all U.S. consumers with six free credit reports each year for seven years—in addition to the one free annual credit report that Equifax and the two other nationwide credit reporting agencies currently provide.
The company also has agreed to pay $175 million to 48 states, the District of Columbia and Puerto Rico, as well as $100 million to the CFPB in civil penalties.
“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
Consumers impacted by the breach to submit their claims in order to receive free credit monitoring or cash reimbursements.
“Today’s announcement is not the end of our efforts to make sure consumers’ sensitive personal information is safe and secure. The incident at Equifax underscores the evolving cyber security threats confronting both private and government computer systems and actions they must take to shield the personal information of consumers. Too much is at stake for the financial security of the American people to make these protections anything less than a top priority. For consumers impacted by the Equifax breach, today’s settlement will make available up to $425 million for time and money they spent to protect themselves from potential threats of identity theft or addressing incidents of identity theft as a result of the breach. We encourage consumers impacted by the breach to submit their claims in order to receive free credit monitoring or cash reimbursements,” said Consumer Financial Protection Bureau Director Kathleen L. Kraninger.
Equifax failed to patch its network after being alerted in March 2017 to a critical security vulnerability
The FTC alleges that Equifax failed to patch its network after being alerted in March 2017 to a critical security vulnerability affecting its ACIS database, which handles inquiries from consumers about their personal credit data. Even though Equifax’s security team ordered that each of the company’s vulnerable systems be patched within 48 hours after receiving the alert, Equifax did not follow up to ensure the order was carried out by the responsible employees.
Hackers operated undetected on Equifax’s network for months.
In fact, Equifax did not discover that its ACIS database was unpatched until July 2017, when its security team detected suspicious traffic on its network. A company investigation revealed that multiple hackers were able to exploit the ACIS vulnerability to gain entry to Equifax’s network, where they accessed an unsecured file that included administrative credentials stored in plain text. These credentials allowed the hackers to gain access to vast amounts of consumers’ personally identifiable information and to operate undetected on Equifax’s network for months.
Hackers had Social Security Numbers, dates of birth, plus much more
The hackers targeted Social Security numbers, dates of birth, and other sensitive information, mostly from consumers who had purchased products from Equifax such as credit scores, credit monitoring, or identity theft prevention services. For example, hackers stole at least 147 million names and dates of birth, 145.5 million Social Security numbers, and 209,000 payment card numbers and expiration dates.
Hackers were able to access a staggering amount of data because Equifax failed to implement basic security measures, according to the complaint. This includes failing to implement a policy to ensure that security vulnerabilities were patched; failing to segment its database servers to block access to other parts of the network once one database was breached; and failing to install robust intrusion detection protections for its legacy databases. In addition, the FTC also alleges that Equifax stored network credentials and passwords, as well as Social Security numbers and other sensitive consumer information, in plain text.
Settlement Requirements
In addition to the monetary relief to consumers, Equifax is also required to implement a comprehensive information security program requiring the company to take several measures including:

• Designating an employee to oversee the information security program;
• Conducting annual assessments of internal and external security risks and implementing safeguards to address potential risks, such as patch management and security remediation policies, network intrusion mechanisms, and other protections;
• Obtaining annual certifications from the Equifax board of directors or relevant subcommittee attesting that the company has complied with the order, including its information security requirements;
• Testing and monitoring the effectiveness of the security safeguards; and
• Ensuring service providers that access personal information stored by Equifax also implement adequate safeguards to protect such data.

The proposed settlement also requires the company to obtain third-party assessments of its information security program every two years. Under the order, the assessor must specify the evidence that supports its conclusions and conduct independent sampling, employee interviews, and document reviews. The order grants the Commission the authority to approve the assessor for each two-year assessment period. The order also requires Equifax to provide an annual update to the FTC about the status of the consumer claims process.
Encourages Equifax employees to contact Federal Trade Commission
Finally, the FTC encourages Equifax employees who believe the company is failing to adhere to its data security promises to email the FTC at [email protected]. Consumers can find out more about the settlement at ftc.gov/Equifax.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs, and subscribe to press releases for the latest FTC news and resources.
Contact Information
CONTACT FOR CONSUMERS:
Settlement Administrator, 1-833-759-2982
Related Case
Equifax, Inc.
Related Refunds
Equifax Data Breach Settlement

v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman",serif;}

MUSINGS FROM DIANE:
Equifax was aware of the breach, yet failed to take immediate steps to protect consumers.  Why, oh why, does a company (or person) have to be publicly exposed in order to get them to do what is right?  It is painfully obvious that large companies view us as endless piggy banks.  They can do anything they want to us and then pay a few bucks when they are caught.  Does anyone remember the vehicle manufacturers who sold vehicles knowing they had faulty mechanics.  The company big wigs decided our lives were worth less than their fancy houses or expensive vacations.  I can only hope what goes around, comes around.

How Can I Help You?
The post Equifax to Pay $575 Million++ For Data Breach of 147 Million People appeared first on Diane L. Drain - Phoenix Bankruptcy & Foreclosure Attorney.

You or one of your closest neighbors have debt in collection
More than One in Four Consumers Have a Debt in Collection with a Debt Collector
7/18/19 The Consumer Financial Protection Bureau (CFPB) just released a report that found that more than one in four consumers with a credit report have at least one debt in collection by third-party debt collectors.  The report covers 2004 to 2018 from approximately 5 million credit records maintained by one of the three nationwide credit reporting companies.
Close to 900 third-party debt collectors furnished collection information, including account balance, payment history and status of the account.
Almost 60 percent are medical debts
The study also found that more than three out of four third-party collections are for non-financial debt – such as medical debt.
Almost 20 percent are for phone or utility bills
20 percent are for telecommunications or utilities debt. Positive payment information is generally not furnished for medical or telecommunications debt.
Approximately 9,330 debt collectors and debt buyers in the U.S.
Banks and other original creditors may collect their own debts or hire third-party debt collectors. In some instances, the original creditors may sell the debts to debt buyers. The buyers may try to collect on these debts, or hire other third-party debt collectors.
Read the full report.

MUSINGS FROM DIANE:

Are we teaching our children wise financial choices?  The answer is ‘no’ if we feel it necessary to buy the latest cell phone or clothing.  Or “need” to drive the newest vehicle or live in the fanciest house.  No, we don’t “need” any of these items, instead we should strive to live within our means and plan for the future.  This may seem to be weird for a bankruptcy attorney to say, because I make my living from people who are in financial distress.

What you may not understand is that most of my clients were making great financial decisions, but life happened.  They lost their good paying job, they had disastrous medical expenses or they were faced with a divorce or failing business.  Even someone with the best financial plan cannot survive these unexpected expenses.

How Can I Help You?
The post You or a close neighbor has debt in collection appeared first on Diane L. Drain - Phoenix Bankruptcy & Foreclosure Attorney.

When a legal issue arises out of a real estate transaction, it often involves the title. Wynn at Law, LLC won’t let you go to closing without a title in good order or “clean title”, regardless of whether you’re the seller or the buyer about to get the title.
Backtracking a little bit… the title is also called the deed. It’s proof of ownership of and right to sell a piece of property. Just like the title to your car. The bank holds the car title until you pay off your car loan, then transfers the title to you when you pay off the car. In property, however, a title is going to have a much longer history than a car that might be junked in 10 years or less. And that’s how some common title issues arise.
Liens can scuttle a transaction
Liens against the property prevent a property owner from having a ‘clean’ title. A property owner has to ‘cure’ or fix the title before selling rights to the house, building, or land. If there is a first or second mortgage on the property, the bank is a lienholder, but not always the only one. The courts can put a lien on a property as a result of litigation, such as being sued for back taxes or other civil judgments, usually past-due credit or medical bills. Homeowner associations can put a lien on the property if the association dues aren’t paid, too.
Wynn at Law, LLC reivews the title before you get to the closing table to ensure there aren’t liens. We also check to see if the person who owns the house is actually the seller. Common sense says you can’t sell something you don’t own. In some real estate deals, this might not be the case. For example, the owner of a family home might have it held in a trust, or put into a limited liability company, to protect it from creditors (liens). Our title review reveals this as well.
It runs in the family
One thing that can arise with a property that has been in the family for years is that the title could have passed informally – handed down – without a legal recording of the change and chain of custody. We can see that with summer homes that have remained in families for generations, and farms/farmland that also has stayed within the family for years after the original owner passed away.
Additional, and more rare, problems that arise are that a title is not accurately prepared and/or filed following a divorce decree or a bank neglects to satisfy a mortgage once it’s paid off. Nobody needs any of these sorts of headaches during what is, for most, the largest financial transaction of a lifetime. That’s why you really need an experienced real estate attorney.
The post The real estate transaction, Part I: The property title appeared first on Wynn at Law, LLC.

https://nextcity.org/daily/entry/the-road-to-justice-for-new-york-city-yellow-cab-drivers