[HN Gopher] Class Action Targets Experian over Account Security
___________________________________________________________________
Class Action Targets Experian over Account Security
Author : feross
Score : 117 points
Date : 2022-08-07 19:03 UTC (3 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| jmclnx wrote:
| Nice, I cannot wait until I get my 2.15 USD check :)
| reaperducer wrote:
| I think I got something like $5 from a T-Mobile class action
| suit.
|
| But I did get ~$400 out of one of a Facebook class action, so
| sometimes it's worth joining.
| thatguy0900 wrote:
| Or maybe even one year of credit monitoring!
| Justin_K wrote:
| Right! Just fill out this form with your ssn, current name,
| address, phone and email and we'll start your free credit
| monitoring. (Thanks for the free updates to our db, which we
| may license or sell to our partners)
| ceejayoz wrote:
| And by the way, the credit monitoring is on a different
| totallynotaphishingdomain.com.
| miohtama wrote:
| It's a small price to pay for the high quality credit
| rating service.
| salawat wrote:
| There needs to be corporate death penalty at some point. I
| nominate Experian.
| markovbot wrote:
| What would that entail? Do you think their investors, who have
| profited off the harm they've done, should face any
| repercussions?
| tomxor wrote:
| They should never be allowed to own or invest any business
| again, in part of full, for the rest of their lives
| (including as an indirect beneficiary via family or friends).
| On top of a hefty personal monetary penalty... bring them
| back down to the level of us filthy peasants so they can reap
| what they sow.
|
| This would help dissuade people from using companies as
| proxies to do evil things for profit without consequence.
| Since it puts you at high personal risk of burning your one
| lifetime chance at entrepreneurship.
|
| Or maybe fix capitalism somehow i duno (yes this is hard).
| vondur wrote:
| If the company is shut down, then they lose any investment
| that they've made in the company. Most investors have little
| knowledge of the day to day operations of a company.
| tomxor wrote:
| > Most investors have little knowledge of the day to day
| operations of a company.
|
| That's part of the problem.
| markovbot wrote:
| I bet it would change if we started locking them up :)
| throwawaymaths wrote:
| No need to do that. Just liquidate the company, and give
| nothing to the investors. The threat of corporate death
| penalty and a 0% yield on your investment (not a good track
| record) will help CEOs think twice before they do something
| stupid on behalf of their investors.
| matheusmoreira wrote:
| Roll back the game. Identify when the crime took place. Every
| transaction after that point is invalid. All profits made
| must be paid back. The corporation may resume its operations
| under new leadership after the rollback is complete.
|
| If that's too hard then just wipe out the company. They're
| not humans, they don't have rights, they don't feel pain.
| markovbot wrote:
| So the people who funded the crime should just go free?
| throwawaymaths wrote:
| Boeing should probably be subjected to termination too.
| sneak wrote:
| If we're going down this rabbit hole, Exxon or Philip Morris
| or DuPont or Chiquita is probably way higher up the list than
| Boeing, as Boeing has only killed a thousand or so people via
| mismanagement (this is not counting their warplanes which
| kill deliberately).
|
| Exxon knew definitively in 1977, in writing, that we were
| going to incinerate the planet.
| sephamorr wrote:
| "Identity theft" as a term has always struck me as a terrible
| description of what is happening. A bank falsely reporting to a
| credit agency that I am a debtor (when a criminal hands over some
| exclusively public information about me to get credit) seems like
| a slam-dunk definition of defamation. It meets the 4-part
| definition I'm aware of with (1) statement of fact (2) made to a
| 3rd party that (3) harms the reputation of the plaintiff while
| (4) acting negligently. (4) is of course the hardest to prove,
| but surely if all the information a bank asks to verify identity
| is in the public domain, that seems pretty clear to me.
| staticautomatic wrote:
| Typically the defendant must know the statement is false.
| mhb wrote:
| 'Identity theft'? It's daylight robbery by the banks
|
| https://www.theguardian.com/commentisfree/2018/nov/25/identi...
| samwillis wrote:
| Branding it as "identity theft" is a strategic move by the
| industry to attempt to move liability from themselves onto
| their customers, labelling _them_ as the victim. The reality is
| in most cases it should be considered fraud against the
| business /bank/lender _not_ the customer - they are the entity
| that has seen defrauded.
| noja wrote:
| https://www.youtube.com/watch?v=CS9ptA3Ya9E
| indymike wrote:
| Identity theft is fraud that the lender failed to prevent.
| matheusmoreira wrote:
| Identity theft allows them to shift the responsibility for
| their own fraudulent debts to us. Now we're the ones who have
| to seek redress. It's great for them.
| jliptzin wrote:
| I had not thought about it that way, but that is incredibly
| astute.
| salawat wrote:
| I'm less worried about the investors than the management. I'm
| fairly certain that due to the hands off nature of most
| American's investment choices, there's likely a bit of Experian
| in every portfolio out there. The main concern is to clearly,
| unambiguously demonstrate that the operation of a business that
| creates a data liability for the public, and failing to secure
| the data or ensure it's accuracy, will not be tolerated.
|
| Any management should be barred from management roles in similar
| ventures/verticals. The company assets should be liquidated,
| except for the data. _That should be wiped._ Their charter and
| documents of incorporation should be revoked.
|
| Whether investors end up getting paid back out of liquidation is
| moot. I'm fairly sure the alleged value of the company was
| entirely tied up in it's data, which if wiped, just leaves their
| in house software/operational structure, which as previoudly
| established, should be considered toxic in and of itself due to
| not being fit for operating in a manner concommitant with the
| task at hand.
|
| I feel for the employees, but there is a point where even you as
| an employee should be calling out management for not doing their
| job, and telling you to do yours poorly.
|
| My patience with corporate actors has grown increasingly short at
| an astonishing rate.
| fortran77 wrote:
| This is one company that should be sued until it's out of
| business. I hope this is a step in that direction.
|
| The fact that after a major leak, there's little protection in
| place to protect people from using this information to hijack
| accounts is extreme negligence.
| thayne wrote:
| And then what? We're left with two other credit bureaus that
| aren't much better? Another company takes its place that isn't
| any better, or maybe is even worse?
| mhb wrote:
| It sounds great, but the article would be better if it explained
| how the Fair Credit Reporting Act results in standing for a
| consumer to sue Experian. Maybe this is similar to libel?
|
| In a more reasonable world, the banks that rely on Experian would
| be suing Experian for facilitating fraud upon the bank.
| enterthematrix wrote:
| We had a class action lawsuit before and what did it get:
|
| 1) hundreds of millions for corporate lawyers 2) almost nothing
| for everyone else
|
| Without functional market dynamics (ie actual competition), the
| class actual lawsuit doesn't actually influence Experience etc to
| do anything because they will always own the market, so they can
| continue to fuck people forever.
| junon wrote:
| About time. Their security has been abysmal for ages it seems.
| thayne wrote:
| It's pretty unlikely this will do anything to improve that
| kylehotchkiss wrote:
| I'm surprised these credit agencies haven't found a way to
| require forced arbitration as a terms of service of possessing
| any of your data or giving it to a lender
| cptskippy wrote:
| That would require you consenting to their spying.
| reaperducer wrote:
| It's possible to consent by proxy.
|
| For example, if your employer uses ADP for payroll
| processing, you consent to ADP selling your wage and income
| history simply by working for that company.
|
| I can't imagine a job interview that would include, "Oh, by
| the way, if you take this job, we're going to let a multi-
| national megacorp know every penny you make, every two weeks,
| and sell that information for tracking, profiling, and
| advertising. Also, there's free coffee next to the men's
| room."
| thayne wrote:
| Because you don't ever sign an agreement with them. They just
| collect your data from all the other entities you do business
| with. Your bank, your landlord, your employer, your credit card
| company, etc.
| 29athrowaway wrote:
| The Equifax breach was worse.
| MobileVet wrote:
| This. Equitable exposed 147 million identities. They should not
| exist today, but somehow that resulted in 'free services' for
| us instead.
|
| As was pointed out earlier, that just updated their database.
|
| Not only are we the product, but we can't opt out. This
| industry is gross
|
| https://www.ftc.gov/enforcement/refunds/equifax-data-breach-...
| TruthWillHurt wrote:
| If you ever tried integrating with their API(s), you'd want that
| company to be gone.
___________________________________________________________________
(page generated 2022-08-07 23:00 UTC)