Life's a breach

Automatic TRANSCRIPT

Here's a question do your career goals require you to take a standardized test like the G._R._e.. Or the G. Mat or the the L. sat or the mcat or the S._A._T.. Visit Magoo DOT COM and enter the Promo Code today for four fifteen percent off discount for their test prep. That's an A. G. O. O. S. H. DOT COM <music> Russell Brand Amir policy editor at the verge Monday night. The world found out about another huge hundred million plus plus data breach. Could you tell the people what happened Russell. Yes so capital one. You may know their their credit card ads on T._v.. What's in your wallet or their arena arena in Washington D._C.? Also also very true so essentially they were storing in some data on Amazon cloud server not unusual and it turned out that it was sort of MIS configured more than one hundred million capital one credit card customers Mars and applicants across the U._S. and Canada have been affected by a massive data breach. This is one of the biggest breaches of financial institution ever. This is what they're saying yeah. I mean it's sort of all in how you look at it. There's data from more than one hundred million credit applications right so this is sort of the thing that they mail to you and you mail back yeah. Capital one was quick to say that it wasn't that many social security numbers there was only one hundred and forty thousand U._S.. Social Security the numbers and eighty thousand bank account numbers and about a million social insurance numbers which are sort of the Canadian equivalent of the social security number. I mean that's still a a lot of people but it's not really as impressive as leading with hundred million thing so do we know who did this. At all. Show a person has been charged urged with doing this a page Thompson is a former employee of Amazon web services. They say she left an extensive digital footprint of her alleged crime on the Internet including bragging about what she did online she was just hosting it on get hub which is not usually what hackers do in this situation like. Usually you kind of want to keep it secret and have people pay you for if you're trying to make lots of money get hub where like all the hackers hanging get hub is just sort of a boring place where people put their coding projects and anyone can go there air so I mean when capital and found out about this basically the email they got in their responsible disclosure in box was hey look at this Gitta page and then had a link to the getup ages like that that doesn't seem right but it was just sort of out there in the open I feel like if she had had some nefarious purpose to it. Either there. We would have seen it anonymously out there with some manifesto or it would have been sold quietly in the sort of underground marketplaces where people will pay money for this stuff and so neither of those happen kind of raises questions about what our thought process was in doing this surveillance video shows federal agents arriving to page Thompsons thompsons Beacon Hill home in Seattle early Monday morning the thirty-three-year-old placed under arrest accused of hacking into capital one system. How unusual unusual is it to sort of apprehend a suspect so quickly after finding out something like this happened and for it to just be like a single hacker who <unk> who maybe doesn't even have a real motive well often use your sort Connected to the person's name is pretty unusual. Should it be concerning that this one person who maybe didn't even want to do something nefarious. I didn't have a very hard time getting all of this information getting something like a hundred and six million credit card applications well yeah. I mean so this is not supposed to happen like evidently this was this was goof is the technical term. That's what they call them the business. This is a goof. That's what they call this. This is a goof yeah I would. I would say it was a major severe goof unprecedented goof but also so I mean I I wouldn't downplay her technical sophistication. I mean she was really pretty good at knowing the specific configurations figuration and ways to exploit specific other configurations and she had years earlier actually worked at Amazon which is one of the things people sort of have questions about of did she have some special knowledge of how to do this but I mean very often. People are just bad at setting these things up and stuff just leaks out so maybe that should be more secure. Maybe we should be taking a closer look at capital one and sort of maybe isn't well. Yeah definitely yeah definitely really capital. One is in some trouble here. Is this just the new normal that we should expect like what we submit things to banks and official institutions that have all of our information and protect our money our credit our financial well being that this stuff is vulnerable and can just get easily easily and randomly hacked. I mean yeah like I think fundamentally. If you are filling out a form and you are submitting it to do a large corporation I mean any corporation. You should probably figure that that information is potentially going. GotTa Get out there. The real concern is the social security numbers because that is the raw material for identity theft and it's not just I have the social security number have the keys to the kingdom but okay if I have a recent address from the person and I know southern full name and I know their social security number and I know a couple other things I can probably fill out a loan application that no one will look too <unk> closely at and maybe if I put in my address instead of their address they'll just figure the person moved and you know credit card. Companies are always sort sort of looking out for this but at the same time they don't WanNa make it too hard to apply for a credit card because that's their business and so yeah it's tricky I I mean if we're trusting the banks and the credit agencies to take care of her information and they're not what can people do in the meantime to keep their information secure actually probably the best thing you can do is get a credit freeze that will just say do not let anyone apply for anything in my name until I sort of call you up and give you this these special four digits the other thing you can do. It's a little bit less intense. Is You just get credit monitoring where they're looking. They'll say oh well. Actually this person just applied for credit card with a different address was that you was that not you and they'll sort of be watching more closely. I I usually costs money but actually if you were in one of the recent breaches they might be offering it for free. The Russell's talking about equifax right now because right now equifax is facing the music for its big huge breach from a few years ago the consequences for big corporations that don't take care of your personal information after the break <music> back in my day. When you wanted to do test prep for one of these G. Mat G._R._e.? L Sat mcat S._A._T.. Situations you had to like go somewhere to to a class but with Magoche. You got some other options that Magoo Dot Com you get all your practice questions your study schedules you get video lessons and access to an expert tutor team if you need extra help and if you're retaking test Magoo offers a score improvement guarantee not if you don't improve you get your money back at Magoo dot com study materials are always up to date and super relevant to the questions you'll see on the actual actual tests and guess what students who have used Magoche love it find out for yourself over at Magoo Dot com the Promo code today gets fifteen percent aw that's M. A. G. O. S. H.. Dot Com and the Promo Code today for fifteen percent off discount at Magoo Gooch saying Magoche. That's the truth <music> Russell one of these big data breaches kind of came to a head last week when people found out that hey they type their name and information into some website and maybe get some money back for one of these breaches. This was Equifax. What happened in that case? Equifax is one of the companies that's doing the a credit monitoring the credit freeze. Is there sort of maintaining the credit information on anyone who's applying for credit in twenty seventeen they announced announced that they'd had a data breach of one hundred forty seven million people and it was very very bad and so in the years since that <hes> the F._T._C. The federal trade commission has has been suing them and sort of trying to make the American consumer whole is sort of just compensate the people who were part of that which which is basically everyone and so that happened they finally got the settlement came in. There's a website equifax breach settlement dot com or you can sort of put in the last six digits of your social security number because you shouldn't be as we covered earlier. He shouldn't be putting your social security number into random websites but yes so you can go to that site. If if you were in the breach you're entitled to compensation and it will give you this kind of choice about how you want that compensation to work. What's the choice? What do you actually get so either? You can get the credit monitoring which conveniently Equifax is in the business of providing way as an apology for letting all of your information nation out into the open they will bother to your credit for you for free yeah. I mean it's not like as an apology. It's like if I like hit your car aw any crushed up the bumper and I'd be like you know what new bumper on me and it's not like. You're supposed to be happy about it but you're supposed to. I'd be like okay that was that's good enough fair but isn't it kind of not like that because it's like if you borrowed my car and like broke it and then you're like let me continue. Can you to borrow your car but not break it. It feels more like that well. If I fix it and I tell you that I fixed it and maybe the bumper that I get you isn't isn't exactly the same color as the rest of your car. See so notice it but it's better than like a crushed bumper and you know oh that you're not really going to get anything better for me. Hang would sort of you would like Si- heavily and accept it. I guess I have no other option because I can't People saw on the Internet and lost their minds. Everyone was just like a smash that one hundred twenty five dollars button is that because like sorta feels feels like free money to people who haven't felt the actual tangible effects of having their information breached. I think that's part of it. I think the other thing is that like people are broke. It's hard out there like it's bad. I mean I in New York. I don't know what it's like in D._C.. But if I walked out on the street and I was like Hey I want you to do something. Here's one hundred twenty five dollars it- it's nuts. Are you saying there's a lot of things you would do for one hundred twenty five dollars. Well not me. I'm I'm a wealthy blogger. Sure sure sure sure sure sure sure you know so yeah. One hundred twenty five dollars for this thing that already happened to you and you didn't even notice people are all about it. Is there a chance that people don't get a hundred and twenty five dollars. If say like a ton of people sign lineup for the settlement though yeah so there's a hundred and forty seven million people were affected their estimate is that a little under a quarter of a million people will sign up and if that's the number of people then they'll get one hundred twenty five dollars each but if a million people get the money then they get thirty one dollars and it sort of keeps going down to the point where if absolutely every single person signs signs up they get twenty one cents. What's twenty one cents does a company like Equifax even feel pain here. I mean on one hand. It's twenty one cents to one hundred and twenty five dollars at most and on the other. It's people choosing like yeah monitor my credit for free in which case all they have to really do is provide a service service. They already provide in probably coax you into paying for the service of Benchley for some people I mean. Are they hurting after losing everyone's information to any any of these companies hurt after losing your personal information well. Everybody hurts some time. I think they probably aren't hurting as much as they should be like for me. I look at this and I think why does this company even exist after this their only job was collecting and storing and safely disseminating financial information so if they can't protect it why let them handle it at all yeah yeah. What's the answer to that question? Well I mean 'cause their business and we don't like shutting down businesses for consumer protection reasons in this country like if you want to sort of get a political cause out of it we need to empower the F._T._C. to be harder on these companies and sort of be a more powerful and fearful agency so that when they're in this situation they can really make these things hurt as much as they should. Because I mean fundamentally I think it's still worse for the people who got breached than and it was for Equifax and they weren't even intentionally in a relationship with facts. They didn't decide to buy something from Equifax Equifax just collecting their information ambient ambient because it's that's what it does. The problem is that the breach happened in the first place and how can we make the penalty significant enough. It doesn't happen in the future like that's the long term thing. People weren't like meaningfully damaged that much. It's really just this is an insane system and how can we we make the fine big enough that it makes people try to make the system better <music> brandon as you know as a wealthy blogger at the verge of Sean Rotherham. This is today explained <music>. Thanks Magoche rush for supporting the show today again. Magoche dot com with Promo Code. Today is the place to get fifteen percent off discount the Mugu online test prep which helps you study anywhere anytime on your desktop or on Mobile M. A. G. O. S. H. DOT COM.

Coming up next