Two days after credit-monitoring company Equifax revealed that, because of its staggering negligence, hackers had managed to penetrate the company’s meager cybersecurity defenses and abscond with up to 143 million social security numbers and a trove of other personal data – including names, addresses, driver’s license data, birth dates and credit-card numbers – the cyberthieves responsible are threatening to sell the data to the highest bidders unless they receive a ransom payment of 600 bitcoin – worth about $2.6 million.
In the ransom note, which was published on the dark web, the hackers said they were just two regular people trying to get by – and that, while they don’t want to hurt anybody, they need to monetize the information as soon as possible. They promised to delete the data as soon as the ransom was received.
The hackers have now made a ransom demand, stating on a Darkweb site that they will delete the data for a ransom payment of 600 BTC, worth approximately $2.6 million.
The demand said that if they do not receive the funds from Equifax by September 15th, they will publicize the data.
Meanwhile, as we reported last night, two plaintiffs have filed a $70 billion class-action lawsuit against Equifax in a Portland, Ore. federal court – a case that has the potential the crush the company with a massive payout.
In the lawsuit, lawyers from Olsen Daines PC, who filed it on behalf of plaintiffs Mary McHill and Brook Reinhard, alleged that Equifax was negligent in failing to protect consumer data, and that the company chose to save money instead of spending on technical safeguards that could have stopped the attack.
Imagine how much angrier they would be if they found that instead of “saving” the money, the company used it instead to buy back its own stock (in this case from selling executives)?
the two plaintiffs in the case filed in Portland, Ore., federal court has every single merit to ultimately crush Equifax for what is nothing less than unprecedented carelessness in handling precious information.
Of course, in what will likely be remembered as a massively stupid public relations blunder, Equifax “neglected” to specify that an arbitration waiver included in an online portal allowing customers to check on the status of their information “does not apply to this cybersecurity incident.”