[HN Gopher] Class Action Targets Experian over Account Security ___________________________________________________________________ Class Action Targets Experian over Account Security Author : feross Score : 117 points Date : 2022-08-07 19:03 UTC (3 hours ago) (HTM) web link (krebsonsecurity.com) (TXT) w3m dump (krebsonsecurity.com) | jmclnx wrote: | Nice, I cannot wait until I get my 2.15 USD check :) | reaperducer wrote: | I think I got something like $5 from a T-Mobile class action | suit. | | But I did get ~$400 out of one of a Facebook class action, so | sometimes it's worth joining. | thatguy0900 wrote: | Or maybe even one year of credit monitoring! | Justin_K wrote: | Right! Just fill out this form with your ssn, current name, | address, phone and email and we'll start your free credit | monitoring. (Thanks for the free updates to our db, which we | may license or sell to our partners) | ceejayoz wrote: | And by the way, the credit monitoring is on a different | totallynotaphishingdomain.com. | miohtama wrote: | It's a small price to pay for the high quality credit | rating service. | salawat wrote: | There needs to be corporate death penalty at some point. I | nominate Experian. | markovbot wrote: | What would that entail? Do you think their investors, who have | profited off the harm they've done, should face any | repercussions? | tomxor wrote: | They should never be allowed to own or invest any business | again, in part of full, for the rest of their lives | (including as an indirect beneficiary via family or friends). | On top of a hefty personal monetary penalty... bring them | back down to the level of us filthy peasants so they can reap | what they sow. | | This would help dissuade people from using companies as | proxies to do evil things for profit without consequence. | Since it puts you at high personal risk of burning your one | lifetime chance at entrepreneurship. | | Or maybe fix capitalism somehow i duno (yes this is hard). | vondur wrote: | If the company is shut down, then they lose any investment | that they've made in the company. Most investors have little | knowledge of the day to day operations of a company. | tomxor wrote: | > Most investors have little knowledge of the day to day | operations of a company. | | That's part of the problem. | markovbot wrote: | I bet it would change if we started locking them up :) | throwawaymaths wrote: | No need to do that. Just liquidate the company, and give | nothing to the investors. The threat of corporate death | penalty and a 0% yield on your investment (not a good track | record) will help CEOs think twice before they do something | stupid on behalf of their investors. | matheusmoreira wrote: | Roll back the game. Identify when the crime took place. Every | transaction after that point is invalid. All profits made | must be paid back. The corporation may resume its operations | under new leadership after the rollback is complete. | | If that's too hard then just wipe out the company. They're | not humans, they don't have rights, they don't feel pain. | markovbot wrote: | So the people who funded the crime should just go free? | throwawaymaths wrote: | Boeing should probably be subjected to termination too. | sneak wrote: | If we're going down this rabbit hole, Exxon or Philip Morris | or DuPont or Chiquita is probably way higher up the list than | Boeing, as Boeing has only killed a thousand or so people via | mismanagement (this is not counting their warplanes which | kill deliberately). | | Exxon knew definitively in 1977, in writing, that we were | going to incinerate the planet. | sephamorr wrote: | "Identity theft" as a term has always struck me as a terrible | description of what is happening. A bank falsely reporting to a | credit agency that I am a debtor (when a criminal hands over some | exclusively public information about me to get credit) seems like | a slam-dunk definition of defamation. It meets the 4-part | definition I'm aware of with (1) statement of fact (2) made to a | 3rd party that (3) harms the reputation of the plaintiff while | (4) acting negligently. (4) is of course the hardest to prove, | but surely if all the information a bank asks to verify identity | is in the public domain, that seems pretty clear to me. | staticautomatic wrote: | Typically the defendant must know the statement is false. | mhb wrote: | 'Identity theft'? It's daylight robbery by the banks | | https://www.theguardian.com/commentisfree/2018/nov/25/identi... | samwillis wrote: | Branding it as "identity theft" is a strategic move by the | industry to attempt to move liability from themselves onto | their customers, labelling _them_ as the victim. The reality is | in most cases it should be considered fraud against the | business /bank/lender _not_ the customer - they are the entity | that has seen defrauded. | noja wrote: | https://www.youtube.com/watch?v=CS9ptA3Ya9E | indymike wrote: | Identity theft is fraud that the lender failed to prevent. | matheusmoreira wrote: | Identity theft allows them to shift the responsibility for | their own fraudulent debts to us. Now we're the ones who have | to seek redress. It's great for them. | jliptzin wrote: | I had not thought about it that way, but that is incredibly | astute. | salawat wrote: | I'm less worried about the investors than the management. I'm | fairly certain that due to the hands off nature of most | American's investment choices, there's likely a bit of Experian | in every portfolio out there. The main concern is to clearly, | unambiguously demonstrate that the operation of a business that | creates a data liability for the public, and failing to secure | the data or ensure it's accuracy, will not be tolerated. | | Any management should be barred from management roles in similar | ventures/verticals. The company assets should be liquidated, | except for the data. _That should be wiped._ Their charter and | documents of incorporation should be revoked. | | Whether investors end up getting paid back out of liquidation is | moot. I'm fairly sure the alleged value of the company was | entirely tied up in it's data, which if wiped, just leaves their | in house software/operational structure, which as previoudly | established, should be considered toxic in and of itself due to | not being fit for operating in a manner concommitant with the | task at hand. | | I feel for the employees, but there is a point where even you as | an employee should be calling out management for not doing their | job, and telling you to do yours poorly. | | My patience with corporate actors has grown increasingly short at | an astonishing rate. | fortran77 wrote: | This is one company that should be sued until it's out of | business. I hope this is a step in that direction. | | The fact that after a major leak, there's little protection in | place to protect people from using this information to hijack | accounts is extreme negligence. | thayne wrote: | And then what? We're left with two other credit bureaus that | aren't much better? Another company takes its place that isn't | any better, or maybe is even worse? | mhb wrote: | It sounds great, but the article would be better if it explained | how the Fair Credit Reporting Act results in standing for a | consumer to sue Experian. Maybe this is similar to libel? | | In a more reasonable world, the banks that rely on Experian would | be suing Experian for facilitating fraud upon the bank. | enterthematrix wrote: | We had a class action lawsuit before and what did it get: | | 1) hundreds of millions for corporate lawyers 2) almost nothing | for everyone else | | Without functional market dynamics (ie actual competition), the | class actual lawsuit doesn't actually influence Experience etc to | do anything because they will always own the market, so they can | continue to fuck people forever. | junon wrote: | About time. Their security has been abysmal for ages it seems. | thayne wrote: | It's pretty unlikely this will do anything to improve that | kylehotchkiss wrote: | I'm surprised these credit agencies haven't found a way to | require forced arbitration as a terms of service of possessing | any of your data or giving it to a lender | cptskippy wrote: | That would require you consenting to their spying. | reaperducer wrote: | It's possible to consent by proxy. | | For example, if your employer uses ADP for payroll | processing, you consent to ADP selling your wage and income | history simply by working for that company. | | I can't imagine a job interview that would include, "Oh, by | the way, if you take this job, we're going to let a multi- | national megacorp know every penny you make, every two weeks, | and sell that information for tracking, profiling, and | advertising. Also, there's free coffee next to the men's | room." | thayne wrote: | Because you don't ever sign an agreement with them. They just | collect your data from all the other entities you do business | with. Your bank, your landlord, your employer, your credit card | company, etc. | 29athrowaway wrote: | The Equifax breach was worse. | MobileVet wrote: | This. Equitable exposed 147 million identities. They should not | exist today, but somehow that resulted in 'free services' for | us instead. | | As was pointed out earlier, that just updated their database. | | Not only are we the product, but we can't opt out. This | industry is gross | | https://www.ftc.gov/enforcement/refunds/equifax-data-breach-... | TruthWillHurt wrote: | If you ever tried integrating with their API(s), you'd want that | company to be gone. ___________________________________________________________________ (page generated 2022-08-07 23:00 UTC)