Equifax had ‘admin’ as login and password in Argentina

Posted on by CCKeith in Uncategorized Comments Off on Equifax had ‘admin’ as login and password in Argentina

The credit report provider Equifax has been accused of a fresh data security breach, this time affecting its Argentine operations.

Cyber-crime blogger Brian Krebs said that an online employee tool used in the country could be accessed by typing “admin” as both a login and password.

He added that this gave access to records that included thousands of customers’ national identity numbers.

Last week, the firm revealed a separate attack affecting millions in the US.

After being notified of the latest breach, Equifax temporarily shut the affected website.

“We learned of a potential vulnerability in an internal portal in Argentina which was not in any way connected to the cyber-security event that occurred in the United States last week,” an Equifax spokeswoman told the BBC.

“We immediately acted to remediate the situation, which affected a limited amount of information strictly related to Equifax employees.

“We have no evidence at this time that any consumers or customers have been negatively affected, and we will continue to test and improve all security measures in the region.”

The discovery came less than a week after Equifax revealed that a separate breach meant about 143 million US consumers and an undisclosed number of British and Canadian residents might have had personal details exposed.

The firm took six weeks to make the discovery public after first learning of a problem.

On Tuesday, 36 US senators called for a federal investigation into how three company executives came to sell nearly $2m (£1.5m) worth of shares in the company in the interim.

Equifax is also facing dozens of legal claims over the matter. Mr Krebs wrote that the Argentine matter involved Equifax’s local business Veraz.

Specifically, a web application – referred to as Ayuda, the Spanish for “help” – appears to have been weakly guarded.

“[It] was wide open, protected by perhaps the most easy-to-guess password combination ever: admin/admin,” wrote Mr Krebs.

The discovery was made by the US cyber-security firm Hold Security, which Mr Krebs advises.

Its researchers explored the portal and within found a list of more 100 Argentina-based employees, the blogger disclosed.

Using this list they were able to uncover the workers’ company usernames and passwords, which turned out to be matching words in each instance.

Each example amounted to either solely the worker’s last name or a combination of their surname and their first initial, which made them fairly easy to guess anyway, Mr Krebs added.

‘Extraordinary’

“But wait, it gets worse,” he blogged.

“From the main page of the Equifax.com.ar employee portal was a listing of some 715 pages worth of complaints and disputes filed by Argentinians who had at one point over the past decade contacted Equifax via fax, phone or email to dispute issues with their credit reports.

“The site also lists each person’s DNI [documento nacional de identidad]- the Argentinian equivalent of the social security number – again, in plain text.”

All told, there were more than 14,000 such records, Mr Krebs said, concluding that the firm had been “sloppy”.

Unlike social security numbers in the US, DNIs are publically available in Argentina.

But one UK-based cyber-security expert agreed the case raised questions about how Equifax protects the data it holds.

“This kind of security vulnerability is extraordinary as even the most basic of checks should reveal this,” Prof Alan Woodward from the University of Surrey told the BBC.

“It’s outrageous that any organisation that holds such sensitive personal data can build a portal with this kind of basic security vulnerability.

“It simply shouldn’t happen and responding that they have now fixed the issue is not the point: it puts a huge question mark over whether Equifax have been applying the appropriate resources to online security elsewhere.”


Commuters crawling to a standstill as city speeds fall

Posted on by CCKeith in Uncategorized Comments Off on Commuters crawling to a standstill as city speeds fall

If it feels like your daily commute is taking longer and longer it’s probably because it is.

New data shows that average driving speeds in many of Britain’s major cities are falling, adding time and frustration to the daily slog to and from work. In London, Glasgow and Manchester average speeds within a mile of the city centres have dropped by more than 1mph since last year.

Speeds in the capital are the worst in the country at just 5.13mph within a mile of the centre and 8.34 within five miles but other major cities are almost as bad.

Edinburgh motorists achieve an average of just 6.64mph within a mile of the centre and just 12.38 within five miles, and those in Glasgow and Manchester also plod along at an average well below 7mph. The latest Department for Transport figures show that traffic volumes across the country rose 1.7 per cent between April 2016 and March 2017 to a total of 324.3 billion miles.

With such rises it’s perhaps unsurprising that journeys are taking longer for the estimated two-thirds of us who commute on a daily basis.

The figures were revealed by analysing data from 400,000 journeys gathered over three months by telematics firm In-Car Cleverness. Its head of sales, Paul O’Dowd, commented: “The figures paint a stark picture of how everyday commuters, drivers and even businesses are struggling to get around or operate in some of the biggest hubs in the UK.

“It is likely down to a few factors. Overall traffic volumes are higher and this increase will be most noticeable in urban areas. As well as more traffic on the roads, major cities are increasingly introducing tighter speed restrictions while adopting more bus lanes, as well as cycling and pedestrian infrastructure.”

 

 

 

 

 


Nicky Morgan wants leaked report into RBS published

Posted on by CCKeith in Uncategorized Comments Off on Nicky Morgan wants leaked report into RBS published

Treasury Committee chair Nicky Morgan has called for the full publication of a leaked report into the treatment of customers in RBS’s global restructuring group (GRG).

The report, produced for the Financial Conduct Authority (FCA), suggested the group mistreated many of its clients.

RBS denies that claim.

Mrs Morgan has asked FCA chief executive Andrew Bailey to secure RBS’s permission to publish it “without delay”.

“The report is in the hands of an unknown number of third parties,” she said.

“The balance has tipped firmly in favour of full publication.”

GRG operated from 2005 to 2013 and at its peak handled 16,000 companies.

It was introduced as an expert service that would turn around a business and stepped in when companies missed a loan repayment or had a drop in sales or profits.

But the FCA report found struggling companies that were placed in the recovery group had a slim chance of emerging from it.

Four-year wait

“The FCA told the committee in November 2016 that a ‘full account’ of the findings from the skilled persons’ report would be published,” Mrs Morgan said.

“Nearly a year later, and nearly four years since the report was commissioned, we are still waiting for answers.”

“I have asked Mr Bailey to update the committee on any information that the FCA uncovers as part of its inquiry into the leak,” she said.

“This would not be the first instance of leaking from the FCA, but lessons must be learned to ensure it is the last.”

The FCA said it would respond “in due course” to the request from Mrs Morgan.

“We have already initiated a leak inquiry into the disclosure of the s166 report on RBS GRG to the BBC, and we have asked the other parties who had access to the report, namely RBS and Promontory, to do the same.

“If the Treasury Select Committee or the BBC have evidence that the document was leaked by the FCA, we encourage them to share that with us.”

‘Address concerns’

In November 2013, Lawrence Tomlinson, then ‘Enterprise Czar’ for Business Secretary Vince Cable, made several allegations against RBS in a report into the GRG.

On the same day, RBS chairman Sir Andrew Large published an RBS-commissioned report into its own lending performance, which said that the bank needed “to address the concerns that have been raised by some customers and external shareholders”.

Two months later the FCA announced its own review into the group’s conduct.


Bank of Scotland receives most complaints – again

Posted on by CCKeith in Uncategorized Comments Off on Bank of Scotland receives most complaints – again

The Bank of Scotland remains the most complained about financial business in the UK, according to the complaints watchdog.

In the first six months of 2017 the Financial Ombudsman said it dealt with 20,541 complaints about the firm – part of the Lloyds Banking Group.

However only 22% of those complaints were upheld.

The vast majority of the complaints about the Bank of Scotland – 83%- concerned its sales of PPI insurance. Meanwhile PPI complaints once again topped the table of consumer concerns, with a 14% rise in complaints to the Financial Ombudsman in the first half of the year, compared to the last six months of 2016. In total the Financial Ombudsman Service received 89,513 PPI complaints, up from 78,375 in the previous period.

Increasing workload

Bank of Scotland was also the most complained-about financial firm in the last six months of 2016. The latest figures put Lloyds Bank in second place. The bank was the subject of more than 18,000 complaints, but more of these – 37% – were upheld.

The group has so far put aside £18bn to compensate customers who were mis-sold PPI. Last month the Financial Conduct Authority ruled that all PPI claims will have to be lodged by 29 August 2019. That is likely to lead to a further rise in complaints, as claims management firms seek to capitalise on the deadline.

“While we still don’t know what impact this will have on our workload, today’s data shows that PPI complaints are already increasing,” said Caroline Wayman, chief executive of the Financial Ombudsman Service. The peak for the number of complaints about PPI was in 2013/14, when the Ombudsman received nearly 400,000 referrals. The Ombudsman also received over 15,000 complaints about Barclays, the highest number for issues to do with banking or credit.


The Financial Conduct Authority (FCA) starts the clock on the two-year PPI reclaiming deadline.

Posted on by CCKeith in Uncategorized Comments Off on The Financial Conduct Authority (FCA) starts the clock on the two-year PPI reclaiming deadline.

MILLIONS more customers could be due compensation even if they’ve been turned down before because of the Plevin court ruling, experts have warned.

The Financial Conduct Authority (FCA) today is starting the clock on the two-year PPI reclaiming deadline, as it seeks to draw a line under the mis-selling scandal that has already cost banks £27.4 billion. Experts from MoneySavingExpert (MSE) are now reminding customers this also means they can now make claims on the back of a court case known as Plevin.

The ruling means customers can get money back if their bank did not declare that at least 50 per cent of the cost of the PPI policy was in commission. As bank loans with PPI typically averaged 67 per cent and lenders almost never mentioned it, a lot of people are likely to be owed compensation. This means over 1.2 million people who’ve had past claims rejected by the bank or the ombudsman will rightly have their cases reopened due to the ruling. And it’s possible millions more will be able to claim now too, according to MSE.

If you’ve had a PPI claim rejected in the past, you should resubmit it to your PPI provider and ask them to check for undisclosed high commission. Martin Lewis, the founder of MSE, said: “Until now, you were usually only due money back from PPI if the firm had either given you an inappropriate policy, such as employment cover for the self-employed, or lied to you, like saying PPI was compulsory.

“Yet with Plevin, in most cases it’s simply a case of ‘Did you have PPI? Then you are owed money.” “So if you have a loan, credit card or other debt product that has been active at some point since 2008 and had PPI on it, then if you haven’t reclaimed already, you’re almost certainly due some money back, even if you don’t think you were mis-sold in any other way.” Around 60 million PPI policies were sold over the past 30 years – during which there have been 18.4 million complaints, according to the Financial Conduct Authority (FCA).

The FCA is urging people who are “unsure” whether they had PPI to make a claim before the deadline on August 29 2019. The claims industry believes just a third of eligible claims have been paid so far, leaving banks facing the prospect of huge payouts. Last month, Barclays set aside £700m and Lloyds Bank another £1bn to pay for further compensation claims.

Gareth Shaw, a money expert at consumer group Which?, previously said: “With banks now setting aside more money for PPI claims, it shows that the fallout from this mis-selling scandal is far from over and there are significant amounts of compensation due to consumers.”

 


Switch to mobile version