[BreachExchange] Chatbot lawyer wants to 'bankrupt' Equifax following data breach

Destry Winant destry at riskbasedsecurity.com
Wed Sep 13 21:43:26 EDT 2017 

https://www.theinquirer.net/inquirer/news/3017241/chatbot-lawyer-wants-to-bankrupt-equifax-following-data-breach

A CHATBOT originally developed to overturn parking fines has been
re-purposed to help customers affected by the Equifax data breach sue
the company.

The chatbot, called 'DoNotPay', was created by British student Joshua
Browder and has so far helped 375,000 people claim against parking
tickets

The bot has since been re-programmed to automatically file claims
against the Equifax, which last week admitted that it had suffered a
breach that exposed the social security numbers and other personal
details of about 143 million Americans, or 44 per cent of the
country's population.

When those affected by the breach access the DoNotPay website, they
will see a prompt that says "Automatically sue Equifax for $15,000."
It goes on to list the states where they can file a claim, and the bot
will then ask users questions and helps them fill out the PDF form to
file a suit in small claims court, meaning there's no need for those
affected by the breach to hire a lawyer.

While victims will be given the forms but will still have to file them
in a claims court and show up to later debate their case.

Browder, who was reportedly among those impacted in the hack, told The
Verge: "I hope that my product will replace lawyers, and, with enough
success, bankrupt Equifax."

He has yet to say how many Equifax customers have used the bot, but
Reuters reports that more than 30 lawsuits already have been filed
against the credit reporting outfit in the US.

Earlier this week it was revealed that the website that Equifax is
advising that customers visit to check whether they've been impacted
the recent breach on its systems by is "completely broken" and
returning random results for concerned Americans.

Security expert Brian Krebs has spoken out about the hoo-hah, and has
described the website - equifaxsecurity2017.com - as "little more than
a stalling tactic or sham at worst."

Not only is the site being flagged by various browsers as a phishing
threat, but it's also returning random results. Some users, for
example, are being told they haven't been affected by the mega-hack,
only for the website to throw up a different answer if they check from
a different device.

More information about the BreachExchange mailing list