Equifax's App Has Disappeared From Apple's App Store and Google Play

From a report: Equifax's mobile app has been removed from both the iOS and Google Play app stores. According to data from AppAnnie, the app was taken down the same day Equifax announced its massive security breach (September 7). Now customers no longer have access to Equifax Mobile. For example, when iOS users attempt to access the app, they receive a pop-up requiring them to update the program. The pop-up directs users to the App Store -- where they are informed the Equifax app is no longer available. We don't know why the app came down, though Fast Company has confirmed Apple was not involved with the decision to remove Equifax from the App Store.

Obligatory Nelson

[DontBeAMoran]

HA HA! [ytimg.com]

Re: Obligatory Nelson

[Anonymous Coward]

"Now customers no longer have access..."

Despite what people think, consumers are not their customer.

Re:

[forkfail]

Despite what people think, consumers are not their customer.

Technically, I am a customer. Due to other data breaches, I wound up on their credit monitoring plan. Therefore, a bill is being paid to them to provide me with credit alerts and such. This means that not only did they lose my data, but now, as a result, they are not providing the advertised services that are being paid for.

(Of course, I only go to their website and access this data via a secure desktop browser from a trusted network and never from my phone, but still.... )

With this said, your point is w

Probably winding up the company

[The123king]

After a breach that big, it's hard to see them coming out of the other side as a financially sound company. Especially since it's an agency the deals with credit ratings. If you can't trust them to keep your data secure, is there any point having business with them?

I'll be here waiting for the news of their bankruptcy

Re:Probably winding up the company

[cant_get_a_good_nick]

What's this about trusting them? Did you ever fill out a form and say "please hold all my data?" Nope. You have no choice in the matter. It's not about consumer trust. Consumer trust has nothing to do with them making money. Only if their real customers (yes, you're the product) drop them will they have to change. This is a case only where losing money will effect change. But you and me will get a buck or two and only the lawyers will get rich.

Also, see Axciom. Another company with a huge amount of data about you, data they pull from various sources without you saying "please develop a profile on me to sell me new things". If they had a data breach, same thing - us normal folks would bitch and moan but no real change.

Or we can have the Trump administration have real laws protecting consu,......... nah, I couldn't even type the whole sentence out without laughing too hard to finish it.

Re:

[ichimunki]

This is it exactly. 100% Couldn't agree more.

If I were obtaining someone's credit report from Equifax at this point, I'd actually consider it MORE likely to be accurate since everyone's poring over their own records to make sure everything's OK. The hack didn't create, update, or delete data, just read it. At least as far as we know... and because of the hack, the data itself is under more scrutiny than normal.

The whole thing smells like a fantastic way to sell credit freeze and credit monitoring serv

Re:

[cant_get_a_good_nick]

As far as #1 goes, I know you're not going to listen, but of course a President has an agenda. Besides executive orders, which Trump has done exclusively since he can't organize his thoughts to get anything through Congress, they can drive things through Congress. Do you call the ACA "ObamaCare"? If so, you agree a President can have a "law" and drive it through Congress.

Anyways, more importantly, as far as 2 goes, I need to trust them because they affect my life. Mortgage? Need to trust Equifax. Get

Re:Probably winding up the company

[AlanObject]

I'll be here waiting for the news of their bankruptcy

I'll be here waiting for news of what happens to all the Equifax executives that dumped their stock in the last several months. Somehow I missed that part of the story until just recently but if there weren't securities regulations broken there then there are no securities regulations..

Re:

[Known Nutter]

But, but, they didn't know about the breach when they dumped their stock.

We'll see on this

[sasparillascott]

Frankly they have alot of friends in Washington (both parties) that they pay alot of money to - to buy off. The administration is loaded with people from the financial sector. I wouldn't be surprised to see them come out the other side of this with not much more than a slap on the wrist and a big gain of customers in their yearly credit monitoring service that folks will pay for after that first free year.

I'd prefer your prediction, but after seeing the consequences for the firms and leadership that ca

Re:We'll see on this

[phalse phace]

Frankly they have alot of friends in Washington (both parties) that they pay alot of money to - to buy off.

This is so true.

Equifax Lobbied for Easier Regulation Before Data Breach [wsj.com]

Sept. 11, 2017

Equifax Inc. was lobbying lawmakers and federal agencies to ease up on regulation of credit-reporting companies in the months before its massive data breach.

Equifax spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017, according to its congressional lobbying-disclosure reports. Among the issues on which it lobbied was limiting the legal liability of credit-reporting companies.

The amount Equifax spent in the first half of this year appears to be in line with previous spending. In 2016 and 2015, the company’s reports show it spent $1.1 million and $1.02 million, respectively, on lobbying activities. While the company had broadly similar lobbying issues in those years, the liability matter was new in 2017.

Equifax’s political-action committee made contributions to 13 members of the Financial Services Committee during the 2016 election cycle, according to data from the Center for Responsive Politics. Among the recipients was Committee Chairman Rep. Jeb Hensarling (R., Texas), who received $1,000. Last Friday, he called for his committee’s hearing into the breach.

Rep. Blaine Luetkemeyer (R., Mo.), chairman of the Financial Institutions and Consumer Credit subcommittee that directly handles matters relating to the reporting companies, received $2,000. Also receiving $2,000 was Rep. Barry Loudermilk (R., Ga.), sponsor of the bill that would place a $500,000 cap on the statutory damages consumers could win in a lawsuit against the credit-reporting companies, as well as eliminate punitive damages against them entirely.

The Equifax PAC also gave two additional $1,000 donations to Rep. Luetkemeyer this year, in April and June, according to Federal Election Commission records. The April donation was eight days before Rep. Loudermilk’s bill was introduced.

At last week’s hearing into the liability limits bill and other regulatory overhaul measures, Chi Chi Wu, a staff attorney for the National Consumer Law Center, said the proposed legislation “drastically decreases the consequences for credit bureaus” when they violate the law.

Equifax has also lobbied on changes to rules governing companies that promise to “repair” consumers’ credit. A separate bill pending before the Financial Services Committee would allow credit-reporting companies to offer credit-education and identity-protection services without being subject to rules governing credit-repair companies.

Re:

[Anonymous Coward]

Equifax ha$ every bit the $ame Con$titutional right to "petition the government for grievance$" a$ you do

In its majestic equality, the Constitution permits rich and poor alike to spend millions of dollars to petition the government for grievances.

Re:Probably winding up the company

[DarkOx]

See honestly its hard for me to see how they will be financially hurt by the breach.

A lot of noise has been made by execs selling stock. The thing is look at the pattern of these big breaches. All the major one have pretty much regained their market cap at some point. TJX, Target, Home Depot, PF Changs, the list goes on. Those are retail and by and would be pretty easy for consumers to avoid if they really cared to do so. They don't. The market has actually said breaches don't matter! There is a short term panic where everyone stays away and than they rapidly forget, and return to their old habits.

Equifax is better positioned then retail to weather this. I mean sure you can decide you are not paying to have you FICO score included on your annual free credit report! Wow that'll show'em! Its a tiny portion of their business. Otherwise their customers are not consumers but corporate lenders and large employers. In the end they care if the data they are getting on YOU is accurate, not how well its controlled. They will either go with the cheapest mostly reliable source or they are using multiple agencies and will probably continue to use Equifax.

Personally the CXOs that sold stock are probably smart, they know they can take profits today and probably buy it back cheaper next month sometime and ride it all the way back up to previous levels! Why because the fundamentals have not changed any so its almost a sure bet. Heck the moment I hear CONgress isnt going to do something crazy i'll probably buy too! Pretty much some kind of government intervention is the only thing that could actually hurt them as result of this.

Re:

[thegarbz]

Personally the CXOs that sold stock are probably smart, they know they can take profits today and probably buy it back cheaper next month sometime and ride it all the way back up to previous levels!

Yep, obvious insider trading is really "smart". It's like MBA level of "smart".

Re:

[LeftCoastThinker]

The best way to put the fear of god in these companies is to name every company that sent them credit reporting information. Go after their real customers to the tune of $1000 per identity stolen from Equifax, an identity (and credit info) provided by one of Equifax' co-conspirators. When their customers who provided Equifax this information are named in the legal suit are facing millions of dollars in damages, you can bet your ass that Equifax pipleine of customers and credit reporting information will e

We're not the customer

[Anonymous Coward]

Equifax' customers are folks led money and others who use credit history - banks, credit card companies, insurance companies, employers, FBI, land lords, etc ....

They don't give a shit about this data breach. It's not their problem. There is also the other two big credit bureaus also.

We little people are just the product. And we have no choice. Businesses are the ones who report the information and we have no opt-out abilities.

And if someone uses the information that was taken and fucks us up, we are the o

Re:

[The123king]

In that case, they've just leaked their income all over the internet. Why would i pay for thei services when all that data is freely available on the web?

Re:

[Anonymous Coward]

Because no bank is going to lend you money based on some shit that's in a file they had to download via BitTorrent.

Re:

[whoever57]

If you can't trust them to keep your data secure, is there any point having business with them?

You don't do business with them. You are not the customer, you are the product.

Banks and other companies do business with them. They sell your private data to the banks, financial institutions, employers, private investigators, etc.. Do the real customers have any real interest in your data being private?

Customers are being given the "run around..."

[bogaboga]

For example, when iOS users attempt to access the app, they receive a pop-up requiring them to update the program. The pop-up directs users to the App Store -- where they are informed the Equifax app is no longer available.

Someone is responsible for this mess. Especially the unfortunate message that leads nowhere...Why do companies do this?

Re:

[DarkOx]

The app was withdrawn. So the update manager directs you to the app store. Now I guess it could be a little smarter and give you a message like "This app has been withdrawn, its recommended you remove it from your device".

If Apple removed it from your device for you'd be screaming bloody murder! So on balance I'd hardly call this a mess. Its not ideal but its damn near doing the right thing and keeps the implementation simpler.

Re:

[RandomFactor]

Consumers aren't their customers to 'get [their] credit services elsewhere.' This is a business to business market.

Consumers don't ask credit agencies to collect their information in the first place. These agencies doxx citizens without consent(*) and then sell the information on those citizens to 3rd parties.

The free market can only fix problems where the alternatives are somewhat comparable. In this case the choices for consumers are passively opt-in to credit reporting or actively avoid participating

the real problem there....

[Anonymous Coward]

The real problem isn't "the equifax app", whatever the fuck that is. The real problem is:

For example, when iOS users attempt to access the app, they receive a pop-up requiring them to update the program. The pop-up directs users to the App Store -- where they are informed the Equifax app is no longer available.

Do not allow ANY company that much control over your computing environment. If they don't abuse it today, they will tomorrow. Today it may be some stupid shit you don't care about. Tomorrow it will be something you do.

Personal computing used to be in the hands of its owners. If we all decide it's OK to give that control away and centralize all decision making, that is saying China has the right model about centralized control, and the model that existed from the dawn of the personal computing era in the 1970's that empowered users instead of companies was wrong.

Maybe Equifax App Hacked Too and Leaked Data

[Anonymous Coward]

Perhaps, the Equifax app was hacked and leaked credit records of others. It's possible that Equifax security was compromised in more than one way, which makes this story even worse. Furthermore, it wouldn't surprise me if Experian and TransUnion have been hacked too, but it's just been publicized yet.

Credit freezes should be free and simple to request; default would be even more ideal. As of now, in many states, one must pay much as $15 per freeze and again to thaw. Price varies widely from state to state.

I

Re:

[ichimunki]

Credit freezes should be free and simple to request; default would be even more ideal. As of now, in many states, one must pay much as $15 per freeze and again to thaw. Price varies widely from state to state.

In fact, given all the bullshit ways the commerce clause is used, it ought to be a no-brainer for congress to pass a law requiring the agencies to provide these at some set rate, and to legislate that in cases where direct loss of data can be linked to attempted misuse the "consumer" must be given f

Re:

[PPH]

Of course. He's to big for his breeches.

Open question

[Lucas123]

Is the problem with mass corporate collection of sensitive consumer data that there are insufficient laws to either require opt-in or at least opt-out standards, and then once that data has been collected that there are no statutes surrounding how that data is secured?

I'm simply dumfounded that a $3 billion company like Equifax could allow their data security to be so lax, and at the same time it feels as if somehow they'll walk away with a slap in the wrist with a fine that amounts to the money it would co

Bet that the code that works with the apps was

[rtfa0987]

Those apps were very powerful. Wanna bet that the code that works with the apps was the source of the breach? Equifax Places utilizes your GPS location to show you: * Equifax Credit Score : Average credit scores in your area * Fraud Index: The frequency of identity fraud in your area * Credit Rankings: How your credit measures up to others in your area Want more? With an eligible Equifax product, you can also: * Lock and unlock your Equifax credit file* * View alerts to key credit file changes * Check your Credit Score — anywhere, anytime * Get one stop protection if you ever lose your wallet http://www.equifax.com/mobile/ [equifax.com]

Re:

[rtfa0987]

It appears that the Equifax Mobile app was launched in various countries starting in March 2017... https://www.youtube.com/watch?... [youtube.com] Mar 27 http://www.iphoneincanada.ca/n... [iphoneincanada.ca] June 2 http://www.cardtrak.com/data/9... [cardtrak.com] June 13 https://blog.intelliquote.com/... [intelliquote.com] Jul 11

Re:

[mccalli]

Just out of interest - who is desperate to learn this stuff on the go? "How your credit score measures up to others in your area" - why on earth would I need to ever know?

Another possible hole - "Equifax Ignite"

[rtfa0987]

In March 2017, Equifax announced "Equifax Ignite" "Equifax Ignite Marketplace - Solutions are delivered in the form of downloadable apps that can be leveraged for visualizing and digesting applicable data, benchmarks, and trends across multiple industries." "Equifax Ignite Direct - This high-speed solution allows users to conduct their own analytics using direct access to our data warehouse, our attributes, and analytical tools. Seamless integration enables teams to self-serve as they build, test and depl

Copy of old Android mobile app

[xxxJonBoyxxx]

I just downloaded a late 2016 copy of the Equifax Android app from here:
http://www.apkmonk.com/app/com.equifax/

Going to go see what's in there now.

Re:

[xxxJonBoyxxx]

Yeah, there might be some clues in there. From a quick decompile:

UtilitiesHandler.java
static final String masterKey = "EqUiFaX2468";

network/WebServiceConnection.java
public static class HttpWebServiceCredentials {
public static final String API_KEY = "cbaADwLofedTCHMKihgtSyIPlkjqPMosonm";
public static final String API_PASSWORD = "cabdnF3Bf