The great hack: A famous fraudster explains the Equifax data breach | Frank Abagnale
Вставка
- Опубліковано 29 вер 2024
- New videos DAILY: bigth.ink
Join Big Think Edge for exclusive video lessons from top thinkers and doers: bigth.ink/Edge
----------------------------------------------------------------------------------
Legendary con-man-turned-FBI-consultant Frank W. Abagnale breaks down the 2017 Equifax data breach.Hackers were able to access the personal data of millions of Americans through faulty software - and they might wait years before using the stolen social security numbers and dates of birth.Abagnale blames Equifax for this oversight. If a company is entrusted with an individual's personal data they need to do a better job of protecting it. "Hackers don't cause breaches, people do," he says.
----------------------------------------------------------------------------------
FRANK W. ABAGNALE
Frank W. Abagnale is one of the world's most respected authorities on the subjects of forgery, embezzlement and secure documents. Mr. Abagnale has been associated with the FBI for over four decades. He lectures extensively at the FBI Academy and for the field offices of the Federal Bureau of Investigation. He is a faculty member at the National Advocacy Center (NAC) which is operated by the Department of Justice, Executive Office for United States Attorneys. More than 14,000 financial institutions, corporations and law enforcement agencies use his fraud prevention programs.
----------------------------------------------------------------------------------
TRANSCRIPT:
FRANK W. ABAGNALE: First you should always ask when someone asks you joining a gym I need your social security number. For what reason? What's the purpose of asking me for my social security number? They don't need it. Actually, by law when you look up the law involving your social security number it's limited to about as many things as you can count on one hand where you legally have to provide it for income taxes, law enforcement, things of that nature. There's no need for them to have that. They're kind of foolish taking it to begin with because then they're responsible for that information and they have to try to keep that information safe. In the case of Equifax which is a perfect example, here was a multibillion dollar company. They didn't update their software. They didn't fix their patches that Microsoft said to them and said install these security patches. Their chief information security officer had her degree in music. She really didn't know anything about keeping information safe and consequently hackers got in.
Now in my 43-year career I've dealt with every breach back to TJ Maxx 15 years ago to the recent breach of Capital One, Marriott Hotels, and Facebook. What I've realized in every single breach happens because somebody in that company did something they weren't supposed to do, or somebody in that company failed to do something they were supposed to do. Hackers don't cause breaches. People do. All hackers do is look for open doors and every day there are thousands of companies with open doors. I was asked this earlier today and I firmly believe it. If I give you my information whether you be a bank or credit bureau, a hospital, I'm entrusting you with my personal data. If something happens with that data due to your fault or your negligence in keeping it safe I should have the right to a recourse to sue you for getting my information out. Because now that they don't have that as a statute companies get away with it and they tell you I'll buy you one year of credit monitoring service, two years of credit monitoring service. That's worthless.
If I steal your name, your social security number and your date of birth you can't change your name. You can't change your social security number. You can't change your date of birth. So if I'm smart I'm going to hold that data for at least three to four years before I ever go use it. But if I steal credit card numbers and debit card numbers, I have to get rid of them right away. They have a very short shelf life. But when they do a major breach they store that data typically we find from about four to five years. So you giving me one year of credit monitoring, two years of credit monitoring, three years of credit monitoring really is not going to help me at all in the long run. They will eventually get to my data and use my data. I do think that companies need to do a better job of protecting the information that's been entrusted to them. And this is why I was so big on trying to get the ability to freeze your credit. No one in this country ever said to Equifax, you know what. You can store all my personal data and you can make billions of dollars selling it for background checks, employee checks, credit checks. No, I never said that.
What I want to say is, Equifax you can keep my d...
For the full transcript, check out bigthink.com/v...
No deep explanation needed. The Breach happened in Heredia, Costa Rica. In Heredia, Costa Rica there's a Equifax building and the co workers from EFX Costa Rica have access to consumer's SSN on their tools. Some EFX Costa Rica employees copied a lot of SSN and they sell those SSN. That's how the breach happened. Those guys are no longer working on EFX obviously and Mark Begor tried to hide this by blaming the chinese
Their CIO is a Music major? LMAO
theoneofeight shade 😂
That's how it should be, but how do we get it that way? The horse is already out of the barn. No amount of Regulation at this point is going to get that horse back where it belongs.
What the victims shall do then
ropes and millstones
CISO had her degree in music...
LOL my computer will sometimes ask me for my password on start up and sometimes wont.
Why would you say that because someone has a degree in music that they do not understand anything else? Are musicians simply one-dimensional to you, or are you a one-trick pony who assumes everyone else is too? Extremely short sighted and video went off after that myopic remark. Have a great fucking day.
Basically, Equifax didn't use an uno reverse card when the hackers started hacking
Always carry an uno reverse card
Just Some Bigfoot With Internet Access draw four... Color is green
Green 6... or 9...
Who knew someone could be labeled as a famous fraudster ?
𝕍𝕆𝕃𝔸𝕀ℝ𝔼
He’s who the movie catch me if you can was based on thats how lol
He can also be labeled as a liar. But fraudster sounds better. Somehow.
I hate hearing the companies blame hackers. It’s their own systems processes and third parties that are usually foreigner countries. Credit monitoring is a joke and the amaze players that exploit data
Gotta love Frank, he’s given his entire life to help solve and prevent fraud on nearly every front possible. Check out his new book, “Scam me if you can”. Great reading
yeah, he gave his entire life to help people. and the government gave him his entire life.
@@omg_look_behind_you yeah he got a second chance, he had served less than five years of his 12-year sentence at Federal Correctional Institution in Petersburg, Virginia, the United States federal government released him on the condition that he help the federal authorities, without pay, to investigate crimes committed by fraud and scam artists. He's worked in the FBI for the past 41 years.
The thing is, loads of services like Facebook have been cheeky to prevent you using their services unless you provide it ‘with permission’. And good luck finding out who’s responsible for it escaping, that’s the only way to even start to hold someone responsible
Excellent information. However, There is a FDIC statute: “Failure to safeguard”... Banks and Credit bureaus are held under this statue.
Unfortunately, the "courts" have determined that just because your information is lost - does not mean you have "standing" - serious blow to personal security
Frank, your overall point is dead-bang right on. But you need to correct a few details. The Equifax attackers penetrated an unpatched Apache Struts server, not a Microsoft server. Although it could just as easily have been a Microsoft server. It took a Congressional investigation to uncover the deeper management failings at Equifax and the report is in the public domain. Everyone should read it.
It's true, I don't legally have to disclose my Social Security Number to anyone but the government and my employer, but that ship sailed a generation ago when creditors demanded my SSN in return for credit. Lenders may not have legal authority to force me to reveal PII, but then they also don't need to write mortgages or car loans. If you want credit, disclose your SSN and trust a credit reporting agency with it. And to the credit reporting industry, consumers are not customers, consumers are raw material.
I put together a proposal to fix the credit reporting system back in 2017 when we first learned about the Equifax fiasco. Beyond management negligence, the core problem is, we built an entire industry around a flawed scheme to use SSNs as an authenticator. Even before the Equifax attack, our SSNs were up for sale in any number of underground forums, and if Equifax hadn't let its guard down, somebody else would have. Let's stop believing in the fiction that SSNs are private.
Here is a proposal to fix the system.
www.dgregscott.com/143-million-reasons-credit-reporting-industry-reform-part-2/
true, and the hack was of 100% of the people in their system the only thing not know is how much data on each person was taken.
We need to liquidate all credit companies like Equifax and delete all personal information they store. We never gave them permission to hold it in the first place and they have shown they can’t be trusted with it.
Thx, I've paid cash on the Barrell after living nervously well on credit growing up. And damn straight.. if it were SECURE, we would all have to play fair. The bankers don't live on this dang planet. We are to this day slaves to grateful but strict beings. Work work work.
And all will be rewarded in heaven, your 1year hiatus between lives. Lol.
That make's a whole lot of sense
Plus it's professionally good business.
cause they keep pulling money from it lol
So what "5" places require your social security?
I have 4 - IRS, government departments (health, education), law enforecement, not sure on the 5th one.
@@chasindigo I guess 5th is jobs
Unfortuneately we don't get to write data protection laws ... Business sponsored law makers do and guess who gets the easiest way out of their moral responsilities? The laws are written to protect business and not the public and their private information.
Amazing.. so good
Equifax was hacked by Microsoft
Yeah thru Microsift your data out
I pull out all my money (i dont have much) and keep it at home. My card got duped at a store (sportchek) and they tried to pull my funds but got a balance of 0 dollars lol nice try fuckwads 👍🏻👍🏻😂 Bank gets robbed but I don’t lol (im 6’10” 380lbs)
Thanks for letting us know 🤣
Thx for summary. Another of details would be cool. Thx
Just watched Catch Me If You Can directed by Steven Spielberg. Them I saw this video.
Hackers are people, too, you know.
Having a music degree has nothing to do with someone’s capability. She had 14 years of experience! That’s far more telling than what degree someone has. And nice of you to simplify the whole IT world and pretend that the security boss is responsible for patching windows machines. Companies of that size have a shitload of policies and infrastructure in place to make sure things are patched. So stop it with the scapegoating.
Install BlackBerry cyber security
Unless you totally have to do otherwise, buy your gas with cash, in daylight hours, engine turned off, doors locked, no noses buried in phones. Buying it at night with plastic is like swimming with piranhas.
Thanks for reading my comment. I may not be back again if a major oil company fire-bombs my home tonight.
Crazy idiot
Excellent
but did anyone get paid yet?
Yes. $10 compensation for potential financial fraud & identity theft
Let's just do away with the credit system altogether.
Then that would remove loans
@@R4idenXS not necessarily. Loans would be decided on other factors rather than a stupid number system.
@@Cocoabytes the number system is quantifiying those same factors...
@@R4idenXS if I paid off all debt right now my credit score would go down. What kind of system says that paying off all debt is an indication of possible delinquency.
Liar!!!😈☻☻