Equifax And FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)
Partnership is an effort to diversify beyond the nuts and bolts of credit reports and scores. Equifax And FICO Team Up To Sell Your Financial Data To Banks (#GotBitcoin?)
Two consumer-credit giants plan to start working together to sell consumers’ data to banks, the latest attempt to feed banks’ appetite for more information on customers.
Equifax Inc. and Fair Isaac Corp., creator of the widely used FICO credit score, started pitching each other’s services earlier this month, and the companies announced the partnership Wednesday. Both companies already sell their services to banks, but now their sales employees will pitch each other’s services as well. Sometimes the companies will approach clients together.
Equifax, a credit-reporting giant still trying to recover from its massive 2017 data breach, maintains extensive data on U.S. adults that often includes their income, bank account balances and whether they pay their gas and cellphone bills. FICO’s software analyzes the data to help banks get a better read on loan applicants.
The partnership is the latest effort by companies that have been the bedrock of the U.S. consumer credit system to diversify beyond the nuts and bolts of credit reports and scores.
For decades, most U.S. lenders have reviewed loan applicants’ reports and scores to determine whether to approve them and what interest rate to charge. After years of relatively cautious lending, banks and other lenders are seeking additional consumer data to help them make loans to more borrowers, including people with little credit history or with blemishes. Credit-reporting and -scoring firms have been pivoting to address the demand.
Late last year, FICO and another credit-reporting giant, Experian Plc, said they would begin factoring how consumers manage their bank accounts into credit scores. Soon after, Experian separately said it would add cellphone and utility payments into its credit reports and the FICO scores it sells to lenders. The new methodologies, which are optional for consumers, are designed to boost the number of approvals for credit cards, personal loans and other products.
Equifax and FICO argue that buying their services together will help lenders make underwriting decisions more quickly, especially for borrowers with thin credit histories. They also say that lenders will be able to make more precise decisions about what products to pitch to a customer, such as a plain vanilla credit card versus a premium rewards card, and will be able to better screen people who apply for bank accounts.
But the companies will face competition from data providers and financial technology firms that do the same, and banks’ own in-house analytics resources.
Equifax, Experian and another large competitor TransUnion have for years been amassing growing piles of data about American adults that go far beyond people’s history managing their debts. At Equifax that includes information on people’s employers, their brokerage accounts and other information. Most of that extra data hasn’t made its way into credit reports or FICO credit scores, but credit-reporting firms have been selling that data separately to lenders.
Deciding which loan applicants to approve is complex. Making risky borrowers look more creditworthy can expose lenders to default risk. Denying someone who additional data might prove creditworthy—like someone who pays their cellphone and other non-loan bills on time—would hurt revenue. Approving a consumer whose credit reports and scores look good but has other hidden red flags, such as minimal savings, would elevate the lender’s risk.
The FICO-Equifax deal was spearheaded by the companies’ chief executives. FICO CEO Will Lansing and Equifax CEO Mark Begor have known each other for decades, and Mr. Begor was a FICO board member until he took over Equifax last year.
Equifax has lost business because of the 2017 breach, but the company said it “has made enormous progress” since the hack. Mr. Begor said in an interview last week that Equifax is no longer in the “penalty box” with clients.
Equifax remains under investigation by federal and state regulators over the breach. It has said it is cooperating. Equifax And FICO Team, Equifax And FICO Team, Equifax And FICO Team, Equifax And FICO Team
Equifax To Pay Around $700 Million to Resolve Data-Breach Probes
Credit-reporting firm nears deal to settle investigations into 2017 hack that exposed millions of Americans’ personal data.
Equifax Inc. EFX -1.39% is nearing a deal to settle a slew of state and federal investigations into a 2017 data breach that exposed nearly 150 million Americans’ Social Security numbers and other sensitive personal information.
Under the agreement, the credit-reporting firm would pay around $700 million to settle with the Federal Trade Commission, the Consumer Financial Protection Bureau and most state attorneys general, according to people familiar with the matter. The deal would also resolve a nationwide consumer class-action lawsuit, they said.
The settlement could be announced as soon as Monday, the people said. The amount Equifax ultimately pays could shift based on the number of consumer claims that are eventually filed, they added.
The deal would clear a cloud that has hung over Equifax since it revealed in September 2017 that hackers had penetrated its systems and gained access to consumers’ names, Social Security numbers, birth dates and addresses.
The hack, among the biggest consumer-data breaches, exposed big security flaws at one of the nation’s largest credit-reporting firms and raised cybersecurity alarms among consumers and policy makers alike. Hackers were able to work their way into Equifax’s systems through a software flaw the company had neglected to patch. A malfunctioning scanning tool, meanwhile, allowed hackers to roam undetected in the company’s network for months.
The backlash was swift. Within weeks, the company’s long-serving chief executive retired. State and federal officials launched a spate of investigations. Lawmakers excoriated Equifax executives for waiting six weeks to disclose the hack after it detected suspicious activity and raised questions about how it handles the troves of consumer data it collects.
Equifax and the two other major credit-reporting firms, Experian Plc and TransUnion , compile lengthy financial dossiers on hundreds of millions of Americans that include their credit accounts and repayment histories.
They also have access to addresses, Social Security numbers and other information necessary to apply for credit. Those personal details are what the hackers stole.
The breach highlighted how little control consumers have over their personal data and how it is shared. Much of Equifax’s revenue comes from the credit reports and other products it sells to lenders, which use the information to evaluate potential borrowers. Unlike hacks that have affected consumers who shop at particular merchants or use certain websites, the Equifax breach affected millions of people who never dealt directly with the company.
The settlement would establish a fund to compensate consumers for harm suffered because of the breach, according to people familiar with the matter. A website and call center would be set up to handle the claims, one of the people said.
The settlement would also require Equifax to make additional changes to how it handles and protects consumer data, the people said. The company is on track to spend some $1.25 billion shoring up its security systems and upgrading technology. Regulators in several states last year ordered the company to strengthen its information-security defenses, patches and disaster-response protocols.
Equifax is still working to recover from the hack nearly two years after it was disclosed. New product sales to U.S.-based lenders are lagging, as are sales of its consumer products. The company suspended stock buybacks and froze its dividend in 2017 to prepare for a potential settlement. In a May securities filing, Equifax said it had set aside $690 million to cover expenses pertaining to investigations and lawsuits. Chief Executive Mark Begor told analysts that month that a global settlement was in the works that would cover “many of the significant issues facing the company.”
The breach heightened congressional scrutiny of the credit-reporting industry. Congress passed legislation last year barring credit-reporting firms from charging fees to freeze and unfreeze credit reports.
Some lawmakers have called for tighter requirements on credit-reporting firms to fix inaccuracies in credit reports.
At a House Financial Services Committee hearing earlier this year, Equifax Chief Executive Mr. Begor said the company has taken steps since the breach to help consumers more easily access and fix errors on their credit reports.
“Our culture is shifting,” said Mr. Begor, who testified alongside TransUnion and Experian executives.
Four Members of China’s Military Indicted Over Massive Equifax Breach
Disclosed in 2017, hack into the credit-reporting company compromised data on nearly 150 million Americans.
Four members of China’s military have been indicted by the U.S. government on charges of hacking into Equifax Inc. and plundering sensitive data on nearly 150 million Americans as part of a massive heist that officials said also stole trade secrets from the credit-reporting agency.
In an escalation of U.S. efforts to counter China’s alleged attempts to use cyber theft and other means of technology acquisition to become the world’s dominant economic power, a federal grand jury in Atlanta returned a nine-count indictment made public Monday against the four Chinese nationals working for the People’s Liberation Army. They are accused of conspiring to steal reams of data as part of a sophisticated hacking operation that exploited a major vulnerability in the software used by Equifax’s online dispute portal.
The charges for the 2017 breach came as the U.S. and China remain locked in negotiations over trade after recently hammering out the first phase of an agreement. In brief remarks on Monday, Attorney General William Barr sought to distinguish the alleged Equifax theft from accepted intelligence gathering that governments conduct.
“This was a deliberate and sweeping intrusion into the private information of the American people,” Mr. Barr said. “We collect information only for legitimate national security purposes; we don’t indiscriminately violate the privacy of ordinary citizens,” he said. China has historically denied involvement in hacks on U.S. businesses. The Chinese Embassy in Washington didn’t respond to a request for comment.
The indictment is the latest from U.S. authorities to blame China for a compromise of a massive tranche of personal data. Officials have previously blamed China for a hack of more than 20 million files on government employees and their associates at the Office of Personnel Management and a theft of tens of millions of records from the health-insurance provider Anthem Inc.
Mr. Barr also mentioned China’s alleged hacks on managed service providers—a campaign known as Cloud Hopper—that a Wall Street Journal investigation in December revealed was far larger than previously known.
Investigators have concluded that China was responsible for the hack of hundreds of millions of records from hotel company Marriott International Inc. and are working to prepare an indictment related to that breach as well, people familiar with the matter said.
In May 2014 the U.S. indicted five Chinese military officers, publicly accusing employees of a foreign power with cybercrimes against American firms for the first time.
Beijing has repeatedly denied conducting such activities and has rejected previous U.S. cybercrime prosecutions, calling them attempts to vilify China and warning that the accusations could harm relations between the two countries.
But in recent years, U.S. hacking charges against China—as well as Russia, Iran and North Korea—have grown increasingly common.
U.S. intelligence officials have warned that such large data sets like those allegedly pilfered by China can have significant counterintelligence value and can be collated with one another to create detailed dossiers on, for example, U.S. diplomats or spies working undercover.
“For years, we have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the Office of Personnel Management, the intrusion into Marriott hotels and Anthem health insurance company, and now the wholesale theft of credit and other information from Equifax,” Mr. Barr said. Mr. Barr’s mention of Marriott appeared to be the first public U.S. acknowledgment that China is believed responsible for that breach, which was disclosed in November 2018.
Officials said they didn’t know what the hackers did with the Equifax information, but said they expected Chinese intelligence could use the massive data trove—considered to be one of the largest hacks on record—to develop artificial-intelligence capabilities.
“If you get PII of people, personally identifiable information, you can do a lot with that. That can be monetized, it can be used…for targeting packages for U.S. government officials,” FBI Deputy Director David Bowdich said, adding that the agency hadn’t yet seen such activity in the Equifax case.
The breach into Equifax, publicly disclosed in September 2017, prompted prolonged public outrage and led to a series of hearings in Congress where the company came under bipartisan scrutiny, and resulted in the resignation of then-chief executive, Richard Smith. It was viewed as especially severe due to its size and the richness of data compromised, and the Atlanta-based firm sustained withering criticism for not patching a months-old known vulnerability that a congressional study later concluded could have prevented the intrusion.
Though China’s alleged involvement had been previously reported in the media, the indictment lays out details of the operation in which hackers allegedly maintained persistent access to Equifax’s systems for weeks, stole login credentials and ultimately ran about 9,000 queries for data, which were masked through encrypted channels, before being detected and booted out.
But the indictment doesn’t provide much detail on a new claim that emerged Monday: That the Equifax act also constituted economic espionage.
According to the indictment, the stolen trade secrets included information on how Equifax compiled personal data from a variety of sources “at significant effort and expense” and the use of a “proprietary database scheme” to store that information. It doesn’t state how or if that technology is being used to benefit the Chinese state.
The Trump administration has previously accused China of violating a 2015 bilateral pact to not engage in cyber theft of trade secrets. But experts who track Chinese nation-state hacking said the Equifax indictment seemed to lack strong evidence to support the claim of trade-secret theft and that the compromise of the database may have been incidental to the goal of siphoning another massive trove of data on Americans from a U.S. business.
Equifax has struggled with concerns about Chinese espionage for several years, including worries dating back to 2015 that a former employee had stolen information that could help China develop its national credit-reporting system, the Journal reported.
Last year Equifax agreed to a $700 million settlement with the Federal Trade Commission in an effort to compensate victims.
“There was a very close collaboration with the authorities,” Equifax Chief Executive Mark Begor said. “This is obviously a pretty complex situation, particularly when you’ve got a military arm of a foreign state like China doing these kind of attacks on a company like Equifax.”
The data that was stolen included Social Security and driver’s license numbers, addresses, birthdays and other information. The breach began in May 2017 at the latest and continued through July 2017. The indictment alleges that the defendants used 34 servers located in nearly 20 countries to infiltrate the company’s network.
Mr. Barr and other senior Justice Department officials sought to link the cyberattack to what they called China’s overarching goals to supplant the U.S. through a range of underhanded and illegal acts as the world’s leader in advanced technology, a struggle viewed as having significant national-security implications.
The four defendants— Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei —are allegedly members of the People’s Liberation Army’s 54th Research Institute, according to the indictment, and are believed to be residing in China, outside the reach of U.S. law enforcement. Officials acknowledged they were unlikely to face prosecution in an American courtroom.
At the news conference, prosecutors took the unusual step of displaying a Wanted poster translated into Chinese and also included the Chinese characters of the defendants’ names in the indictment.
Following PLA overhauls beginning in 2015, the 54th Research Institute was moved under the aegis of the PLA’s Strategic Support Force’s Network Systems Department, or China’s counterpart to U.S. Cyber Command, said Elsa Kania, a technology and national-security expert at Washington’s nonpartisan Center for a New American Security.
The 54th Research Institute, which has traditionally focused on supporting electronic warfare and intelligence as opposed to engaging in cyber espionage operations, wouldn’t at first glance appear to be the most likely suspect in such a breach, said Ms. Kania. But the indictment indicates “its missions may be evolving.”
Lawmakers in both parties applauded the indictment but warned that the Chinese cyber threat to U.S. interests remained substantial.
“Warning lights are still flashing red,” Sen. Ben Sasse (R., Neb.), a member of the Senate Intelligence Committee, said. “The Chinese Communist Party will leave no stone unturned in its effort to steal and exploit American data.”
Sen. Mark Warner, the top Democrat on the intelligence panel, added that Equifax still bore responsibility as well. “The indictment does not detract from the myriad of vulnerabilities and process deficiencies that we saw in Equifax’s systems and response to the hack.”
If China Did Hack Equifax, These Americans May Have More Reasons To Be Concerned
Federal prosecutors charged Chinese military personnel with stealing the personal information of nearly 150 million Americans in 2017.
More than two years after hackers swiped the personal information of nearly 150 million Americans from Equifax computers, federal prosecutors this week charged four members of China’s army with carrying out the 2017 cyberattack on the credit bureau.
The four charged men— Wang Qian, Wu Zhiyong, Xu Ke, and Liu Lei, members of the China’s People’s Liberation Army — have not been arrested and are believed to be living in China. These also allegedly stole Equifax trade secrets like database designs, said Attorney General William Barr.
In cases such as this, hackers with personally identifiable information could typically wreak all sorts of havoc, like phishing for more financial details from those affected and/or running up a bill on a credit card, filing a false tax return to pocket the refund, opening up a line of credit or selling the valuable information to others.
But cybersecurity experts say consumers should be less worried about random charges on their credit-card bill — and more worried, as citizens, about China’s ability to gather intelligence on America’s strengths and weaknesses on a vast scale. The names, addresses, phone numbers, dates of birth, Social Security numbers, and driver’s license numbers were stolen. Credit-card numbers for 209,000 consumers were also stolen.
“When you have a nation-state attack, it’s not about the dollars, it’s more about meeting your mission,” said Larry Ponemon, founder of the Ponemon Institute, a think tank focused on cyber-security matters. “If your mission is to advance Chinese government interests, that could be more important than selling customer accounts.’
Government Employees Should Be Vigilant
Government employees affected by the breach likely have a higher risk of having their information used against them, said Adam Segal, director of the Council on Foreign Relations’ Digital and Cyberspace Policy Program. Stolen data could be used to detect whether government workers had debts and — in the most extreme scenario — they could even be targeted to become an informant for the Chinese government, he said.
Tom Kellerman, head of cybersecurity strategy at VMWare Carbon Black, a cybersecurity provider, said people working in the technology should also stay vigilant. Indeed, any sector that could be a gateway to a massive trove of intelligence on Americans’ political views or people of public importance are especially vulnerable, he added. Workers for major corporations that hold important government contracts and have their own valuable trade secrets should also be vigilant.
Given the vast trove of information that was breached, Kellerman said these employees should regularly update their operating systems, be on the lookout for any suspicious links or phone calls, and always use cybersecurity software at home and at work, and on all mobile devices. Random phone calls that may appear to be from a bank or employer should also be treated with suspicion; always hang up and call back on the official number, experts say.
Laura DeNardis, author of “The Internet in Everything: Freedom and Security in a World with No Off Switch” and interim dean at American University’s School of Communication, said China’s alleged involvement in the Equifax breach was more about espionage than consumer issues. “Cybersecurity capability is now a chilling proxy for political power,” she said.
Whether you’re a government employee or work in the private sector, Eva Velasquez, president and CEO of the Identity Theft Resource Center, urged people to monitor their credit reports. “We should be taking the same reaction steps regardless of who the perpetrator is,” she said. “I want people to focus more on the data compromise and less on who did the compromising.”
China Has Denied The Equifax Charges
The charges are a high-profile flashpoint for America and China, fresh off a “Phase 1” trade deal. They also mark a new, perhaps unexpected, twist for roughly half of America’s consumers, who had their data taken in the massive breach. Equifax reached a $700 million settlement last summer on a consumer class-action case but it did not admit liability in the agreement.
When attorneys unveiled the class-action settlement, Equifax CEO Mark Begor said the company hadn’t seen the stolen data on sale on the dark web — which is often where stolen data ends up — since the breach. On Monday, he called the cyber attack “an attack on U.S. consumers as well as the United States.”
China has denied the allegations. China’s foreign ministry spokesman Geng Shuang said, We firmly oppose and combat cyberattacks of any kind. China is a staunch defender of cybersecurity,” the Associated Press reported, “The Chinese government, military and relevant personnel never engage in cyber theft of trade secrets.”
Barr linked China to data breaches at the U.S. Office of Personnel Management in 2015, the Marriott MAR, hotel chain in 2018 and Anthem health-insurance company in 2015 — “and now the wholesale theft of credit and other information from Equifax,” he added. (A Marriott International spokesman declined to comment and Anthem Inc. did not immediately respond to a request for comment.)
Equifax And FICO Team,Equifax And FICO Team,Equifax And FICO Team,Equifax And FICO Team,Equifax And FICO Team.Equifax And FICO Team,Equifax And FICO Team,Equifax And FICO Team,Equifax And FICO Team,Equifax And FICO Team