"We're Just Trying To Feed Our Families" - Equifax Hackers Demand $2.6 Million Ransom In Bitcoin
by Tyler Durden
Sep 9, 2017 2:10 PM
Two days after credit-monitoring company Equifax revealed that,
because of its staggering negligence, hackers had managed to penetrate
the company’s meager cybersecurity defenses and abscond with up to 143
million social security numbers and a trove of other personal data -
including names, addresses, driver’s license data, birth dates and
credit-card numbers - the cyberthieves responsible are threatening to
sell the data to the highest bidders unless they receive a ransom
payment of 600 bitcoin – worth about $2.6 million, according to CoinTelegraph.
In the ransom note, which was published on the dark web, the hackers said they were just two regular people trying to get by – and that, while they don’t want to hurt anybody, they need to monetize the information as soon as possible. They promised to delete the data as soon as the ransom was received.
The demand said that if they do not receive the funds from Equifax by September 15th, they will publicize the data.
In the ransom note, which was published on the dark web, the hackers said they were just two regular people trying to get by – and that, while they don’t want to hurt anybody, they need to monetize the information as soon as possible. They promised to delete the data as soon as the ransom was received.
The hackers have now made a ransom demand, stating on a Darkweb site that they will delete the data for a ransom payment of 600 BTC, worth approximately $2.6 million."We are two people trying to solve our lives and those of our families.We did not expect to get as much information as we did, nor do we want to affect any citizen.But we need to monetize the information as soon as possible.”
The demand said that if they do not receive the funds from Equifax by September 15th, they will publicize the data.
Meanwhile, as we reported last night,
two plaintiffs have filed a $70 billion class-action lawsuit against
Equifax in a Portland, Ore. federal court – a case that has the
potential the crush the company with a massive payout.
In the lawsuit, lawyers from Olsen Daines PC, who filed it on behalf of plaintiffs Mary McHill and Brook Reinhard, alleged that Equifax was negligent in failing to protect consumer data, and that the company chose to save money instead of spending on technical safeguards that could have stopped the attack.
Imagine how much angrier they would be if they found that instead of "saving" the money, the company used it instead to buy back its own stock (in this case from selling executives)?
the two plaintiffs in the case filed in Portland, Ore., federal court has every single merit to ultimately crush Equifax for what is nothing less than unprecedented carelessness in handling precious information.
Of course, in what will likely be remembered as a massively stupid public relations blunder, Equifax “neglected” to specify that an arbitration waiver included in an online portal allowing customers to check on the status of their information “does not apply to this cybersecurity incident.”
…We wonder, which incident does it apply to then?
Here’s the company's full statement from the company, courtesy of the Washington Post:
In the lawsuit, lawyers from Olsen Daines PC, who filed it on behalf of plaintiffs Mary McHill and Brook Reinhard, alleged that Equifax was negligent in failing to protect consumer data, and that the company chose to save money instead of spending on technical safeguards that could have stopped the attack.
Imagine how much angrier they would be if they found that instead of "saving" the money, the company used it instead to buy back its own stock (in this case from selling executives)?
the two plaintiffs in the case filed in Portland, Ore., federal court has every single merit to ultimately crush Equifax for what is nothing less than unprecedented carelessness in handling precious information.
Of course, in what will likely be remembered as a massively stupid public relations blunder, Equifax “neglected” to specify that an arbitration waiver included in an online portal allowing customers to check on the status of their information “does not apply to this cybersecurity incident.”
…We wonder, which incident does it apply to then?
Here’s the company's full statement from the company, courtesy of the Washington Post:
Meanwhile, one reporter who was examining the company’s web portal pointed out what is either a hilarious glitch, or an ominous indication that the most troubling reveal is yet to come…Equifax issued a statement Friday evening. “In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident,” the company said.
Equifax Chief Security Officer:
No comments:
Post a Comment