On Thursday morning, the Federal Trade Commission published a bulletin titled "Equifax isn't calling," and warned people to beware of phone calls impersonating credit bureau staff. Here's how the scam allegedly goes down:

Ring, ring. "This is Equifax calling to verify your account information." Stop. Don’t tell them anything. They’re not from Equifax. It’s a scam. Equifax will not call you out of the blue.

The FTC also advised people not to trust Called ID and to report fake calls to the FTC.

Here Come the Equifax Scammers


Use caution guys.Talk to your loved ones,especially any of the elderly in your family and tell them not to give out any info if they get called.Good luck!

 

It wasn't a hack - the federal government gave database management to a foreign government under contract, including root access. Think about that.

No cyberintrusion or anything like that. This means that about 25 million military or DOD personnel past and present have had their SF86 and entire military records and data compromised. Even fingerprints? No telling who has it now.

This means for just one example, overseas deployed military members immediate and extended family - their names and address, phone number etc - are potentially in the hands of our enemies. Undercover and spook types whether Americans or foreign assets would presumably have had their covers blown. Everyone. The potential for mischief that can be done with this all this data and info is unbelievable.

Root access to the database further means that the database itself could have been changed without anyone ever being the wiser - so in theory, spies or terrorists could have a ready made security clearance and the rest of it created, a clean dossier is already in place, making it difficult or impossible in the future for anyone who wants to check, which apparently they don't, if recent events of the congress is any indication. They don't even appear to be vetting anyone in several years and are riddled with spies. Yet all we hear in the news is "Russia! Russia!" Don't be fooled.

 

Interesting that you post that...I received a call this morning...as you indicated. I played with them for a few minutes...and...then I grabbed my referees whistle and gave them a few blasts. When I'm in the mood...I do that to telemarketers also. You should try it.

 

thats not entirely true. There is no such thing as 'federal govt' systems, or database, or even acquisitions. Each dept or agency has their own systems, behind their own firewalls, on their own hardwares and while each uses a common set of regs to acquire assets (FAR), each must also comply with NIST, GAO, OPM, DHS etc regs to ensure data.

however, with double digit budget cuts each year, and vendors who charge 4-5x what its costs a consumer, the replacement stuff is slow in coming. perversely, the "old" IBM mainframe stuff is actually the most secure...no breach has ever occurred, civilian or govt (in fact, in a well known challenge, I offered the FISMA and OPM investigators a copy of the API and a crash course in programming for the OS I wrote on and proof that they STILL cannot cause a breach)

In this case the agency procured software with a trojan in it AND at the same time, the prime contractor subcontracted downstream to another who was using foreign national 'spies' as employees. supposedly my agency has regs of using anyone not a US citizen (its oddly, how I got my job) but from the phone calls I sit in on, I think this has been relaxed intentionally or not...

the problem was not that the info was on a database, you would be surprised what is in databases. )how do you think DHS knows what the perps ate, drank , screwed or texted 2 hours after an attack...) the problem was the database was forward facing (meaning accessible from the public portal.) So once a perp with root access got on, it was over...

Its a closely guarded secret how many attacks my agency takes each DAY and from whom - the top 3 you would not guess properly in order, but our core data is not reachable from outside a VPN tunnel and some is only available deeply inside a group of firewalls inside brick and mortar. that does not mean they aint trying and we aint trying harder. going to all IP was incredibly cheap, but also incredibly shortsighted for commerce and critical data. since you can buy or sell any goods up to and including human beings with the click of a mouse and not in person...its the new sexy for thieves and we teach the info freely with no controls such as those with 'how to build nuculah weapons'

side bar: how many of you reading this, are on the web, while logged in as the admin on a windows machine? if you are doing such then I say with 100% certainty, you are, not maybe, not could be, hacked and under russian or chinese eyes. dont care what software you think you have installed.

and if you use anything microsoft 365 or cloud based, the data is overseas in its entirety. root login or not.