Advanced Search
Content Type: Examples
In 2015, Oracle and the US Federal Trade Commission settled charges that Oracle had compromised users' security by failing to remove older versions of Java SE from their computers when the software was updated. The software was installed on more than 850 million computers as of August 2014; Oracle acquired Java in 2010. Over the previous few years, Java had been widely criticised for the security risks of running the software.
https://krebsonsecurity.com/2015/12/oracle-lifelock-settle-ftc-…
Content Type: Examples
In 2015, Turner Broadcasting, a semi-autonomous division of AT&T's Warner Media announced it would integrate offerings from Episilon, Krux, and Oracle into its data management platform, which powers its ads. Oracle and Epsilon help bring in offline and multichannel consumer data, while Krux bridges Turner's repository of IDs with the rest of its advertising ecosystem. The goal was to understand audience trends, brand by brand. The move is part of a response by many TV networks to increased…
Content Type: Examples
In August 2016, Oracle's MICROS division, one of the top three global point-of-sale vendors, was hacked by the Carbanak Gang, a Russian organised cybercrime group known for hacking into banks and retailers. In 2014 when Oracle acquired it, MICROS' systems were in use at more than 200,000 food and bervate outlets, more than 100,000 retail sites, and more than 30,000 hotels. The company said its corporate network and other cloud and service offerings were not affected, and the payment card data…
Content Type: Examples
In 2013, Twitter announced it would partner with numerous advertising companies including Quantcast and Oracle's BlueKai to create "tailored audiences". Twitter claims the service anbles advertisers to define targeted groups of current and prospective customers who have "shown interest" in their brand or category via other services across the web and send them "relevant" messages on Twitter. The service matches browser cookie IDs and other information to determine the Promoted Tweets the user…
Content Type: Examples
In 2015, Oracle rolled out "Validated Demographics", a service based on combining the capabilities it acquired with BlueKai, a data management platform that gathers data from publishers, and Datalogix, a tool that compiles offline demographic data. The combination of these complementary services allows Oracle to match real identities and validate measurements linking TV and digital engagement to actual sales. The service forms part of Oracle's ID Graph, which aims to break down the silos…
Content Type: Examples
In 2016, Oracle, long known as an enterprise software company, acquired the audience tracking company AddThis as part of expanding its business into marketing technology. AddThis places buttons on web pages to enable visitors to share stories or follow accounts on social media sites such as Facebook and Twitter, and provides audience tracking to online publishers and marketing companies. The company is also known for developing "canvas fingerprinting", intended as a replacement for cookies to…
Content Type: Examples
In 2017, Oracle Data Cloud and Simulmedia entered into an agreement to enable purchase-based targeting on national television. In this system, advertisers are able to reach audiences that are targeted based on their in-store purchases. Simulmedia is a leader in data-optimised TV campaigns; its proprietary Vamos platform predicts viewership, builds optimised media plans, and claims to enable an average of 30% to 100% higher return on investment for every campaign. Oracle Data Cloud is a leading…
Content Type: Examples
In 2016, PlaceIQ, which connected physical and digital activities across time, space, and mobile devices, announced a collaboration with Oracle that would make its audience data available through Data Cloud's BlueKai Marketplace. PlaceIQ uses data from 475 million location points, 100 million unique users, and more than 10 billion daily location-enabled device movements to inform marketing decisions on behalf of leading brands in many sectors. The integration will enable Marketplace users to…
Content Type: Examples
In 2017 a free online service offered by Experian was found to be allowing anyone to request the PIN needed to unlock a previously-frozen consumer credit file. Freezing the file is intended to secure such accounts against tampering and fraud. To get an unlocking number, visitors needed to provide the target individual's name, address, date of birth, and Social Security number - information that has been repeatedly stolen in data breaches, including the massive 2017 Experian breach. The…
Content Type: Examples
In October 2015, Experian announced that a breach of its computer systems exposed the Social Security numbers and other data of approximately 15 million people who applied for financing from the mobile network operator T-Mobile USA, to which Experian supplied credit assessment services. Experian offered affected customers free credit monitoring.
https://krebsonsecurity.com/2015/10/experian-breach-affects-15-million-consumers/
tags: Experian, credit scoring, data breaches, T-Mobile
Writer:…
Content Type: Examples
In 2000, Experian entered into a consent decree with the Federal Trade Commission and agreed to pay $1 million to settle charges that the company blocked and delayed incoming phone calls from consumers wishing to discuss the contents of and possible errors in their credit reports. Under the Fair Credit Reporting Act, the credit agencies are required to supply a toll-free number for such calls.
https://www.ftc.gov/sites/default/files/documents/cases/2000/01/experianconsent.htm
Writer: FTC…
Content Type: Examples
In 2013, detailed personal information being sold by the fraudster-friendly underground service Superget.info was found to have been bought from CourtVentures, a public records aggregator bought by Experian in 2012. In late 2013, Superget.info's operator, 24-year-old Vietnamese national Ngô Minh Hiếu, was indicted by the US Department of Justice for hacking into company databases and selling the stolen information on US residents; he posed as a private investigator in Singapore in order to buy…
Content Type: Examples
As early as 2005, Experian began suggesting that its Mosaic consumer classification system, used by retail chains to tailor their stock for local populations could be used by political parties for campaigning. Based on work by Richard Webber, a visiting professor at University College London, Mosaic was developed to improve upon traditional ABC classifications by using postal addresses, regularly updated information from the census, the edited electoral roll, Experian's credit database, house…
Content Type: Examples
In 2018, to enhance its AI capabilities Oracle acquired DataFox, which supplies business intelligence that can be used to help businesses plan a variety of customer relationship management services. The startup has a database covering 2.8 million public and private businesses and expecting to add 1.2 million new ones a year. DataFox, whose customers included Goldman Sachs, and Bain & Company, adds AU-driven company-level data to the company's existing portfolio of business planning…
Content Type: Examples
In 2007, Experience agreed to pay $300,000 to settle a Federal Trade Commission complaint that the company's ads for a "free credit report" failed to explain clearly enough that consumers who signed up would be enrolled in a credit-monitoring programme costing $79.95 per year. The FTC alleged that the company had violated the 2005 settlement in which it paid $950,000 and agreed to pay redress to deceived consumers and make clear and conspicuous disclosure of terms and conditions of "free"…
Content Type: Examples
A week after Equifax's massive 2017 data breach, researchers discovered that the company's Veraz online portal, designed to let Equifax's employees in Argentina manage credit report disputes mounted by that country's consumers, was left wide open, protected only by the user name and password combination admin/admin. The company took the portal offline shortly after being contacted by KrebsonSecurity.
https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/
tags: Equifax, security,…
Content Type: Examples
In January 2017 two of the three largest US credit reporting bureaus, Equifax and TransUnion, were jointly fined $23 million in a settlement with the Consumer Financial Protection Bureau. CFPB held that the two companies marketed some of their products as free or costing $1 when in fact consumers were being signed up for subscriptions that cost $16 a month and that they deceived consumers into believing the scores they saw were the ones used in lending decisions.
https://www.washingtonpost.…
Content Type: Examples
In September 2017, unrelated to the massive data breach the company simultaneously announced, Equifax withdrew its mobile apps from Apple's App Store and Google Play because of security flaws that meant that data transferred between users and Equifax was not encrypted in transmission. Given the flaws in implementing HTTPS, attackers could inject their own markup, including JavaScript - which in turn would allow them to ask for any information they wanted without any indication to the user that…
Content Type: Examples
In October 2017, the Equifax website was infected by malware that redirected visitors to a page that delivered fraudulent Adobe Flash updates that infected visitors' computers with adware. The company took down the affected pages after it was notified. Investigation showed that the malicious redirects were due to a third-party vendor's "fireclick.js" script, which also infected the website belonging to fellow credit reporting bureau TransUnion.
https://arstechnica.com/information-technology/…
Content Type: Examples
In March 2017, Experian agreed to pay a $3 million fine to settle a complaint brought by the Consumer Financial Protection Bureau that until 2014 the company had provided consumers with "educational" credit scores that were different from the FICO scores actually provided to credit card issues, mortgage lenders, and other financial services. The reason is that the credit bureaus must pay San Jose-based Fair Isaac Corp to calculate FICO scores. Although Experian did disclose that the educational…
Content Type: Examples
On October 13, 2017, as a result of the massive data breach announced in September and the discovery that the company's website was infected with malware, the U.S. Internal Revenue Service suspended a $7.2 million contract with Equifax pending investigation. A week earlier, the IRS had announced that Equifax would supply it with taxpayer identity verification for users wishing to access their tax records via the IRS's online Secure Access service.
https://arstechnica.com/tech-policy/2017/10/…
Content Type: Examples
In September 2017, soon after announcing the company had suffered a major data breach that exposed sensitive information pertaining to about 150 million people, Equifax set up a poorly secured website intended to help people determine whether they had been affected. The site was flagged by numerous browsers as a phishing threat; gave the same people different answers on different devices; and offered some people a monitoring service instead of a clear answer. A few weeks later, Equifax began…
Content Type: Examples
In October 2017, researcher Brian Krebs discovered that a service provided by Equifax's TALX division, The Work Number, made it possible for anyone equipped with an individual's Social Security Number and date of birth to access that person's detailed salary and employment history. Because of the mid-2017 data breach affecting 146.6 million Americans, that information was already in the hands of criminals. The service collects data from tens of thousands of companies, which also use it…
Content Type: Examples
In May 2017, Equifax advised a number of customers that between April 2016 and March 2017 criminals had been able to steal income tax data from the service The Work Number provided by its TALX subsidiary. The Work Number provides online payroll, human resources, and tax services to companies for their employees. Criminals were able to reset the four-digit PINs given to customers' employees as passwords and then successfully answer personal questions about those employees. The stolen…
Content Type: Examples
In August 2013, a jury in the Portland, Oregon Federal District Court awarded Julie Miller $18.4 million in punitive damages when despite two years of complaints and filings Equifax failed to rectify errors in her credit report that blocked many aspects of her financial life. Miller had followed the company's processes for resolving the errors in her report, which were a result of entangling her record with that of another, much less creditworthy, Julie Miller as a result of the partial…
Content Type: Examples
In 2000, and then again in 2003, the US Federal Trade Commission fined Equifax for blocking phone calls from consumers trying to get information about their credit or discuss their reports or making them wait for extended periods of time in violation of the Fair Credit Reporting Act. In 1996, Congress amended FCRA to require credit bureaus to supply a free phone number on the credit reports issued to consumers. The FTC claimed that the company maintained insufficient personnel to answer calls.…
Content Type: Examples
In October 2012, Equifax agreed to a settlement with the US Federal Trade Commission over charges that between January 2008 and early 2010 the company improperly sold lists of consumers who were late on their mortgage payments in violation of the FTC Act and the Fair Credit Reporting Act. Equifax and the companies that allegedly bought and resold the information - Direct Lending Source and affiliates - agreed to forfeit the nearly $1.6 million they made from these activities. The settlement…
Content Type: Examples
In November 2017, an investigation of Equifax's Work Number database, owned by the company's TALX division, found that it contains over 296 million employment records including employees at all salary levels. Every week the database receives current payroll data on about a third of the working US population from sources including 75% of Fortune 500 companies, 85% of federal government, and state governments and agencies, courts, colleges, and thousands of small businesses. Companies pay Equifax…
Content Type: Examples
In October 2017, an anonymous security researcher informed Equifax that in December 2016 they had found a vulnerability in one of its public-facing websites that allowed them to access the personal data of every American, including full names, birthdates, city and state of residence, and social security numbers. Inputting a single search term, the researcher reported, would return millions of results, all in cleartext, almost instantly. The researcher was also able to obtain control of several…
Content Type: Examples
In 2017, a group of data brokers led by Acxiom, AppNexus, and MediaMath, and including Index Exchange, LiveIntent, OpenX, and Rocket Fuel,
launched a consortium to make targeted programmatic advertising more widely available. Part of the consortium's goal is to enable the companies involved to compete better with Google's Ad words and Facebook's ad platform, which together account for 48% of all digital advertising spend. The consortium also intended to create a common omnichannel, people-…