Last Week Tonight with John Oliver (2014–…): Season 4, Episode 27 - Equifax Security Breach - full transcript

[HBO] HD. Main story: Equifax; plus, Harvey Weinstein scandal; Trump's latest strikes at Obamacare and the Iran nuclear deal.

Are you wondering how healthy the food you are eating is? Check it -

Season IV
Episode 27

Welcome to Last Week Tonight.
I'm John Oliver.

Thank you for joining us.
It has been yet another hectic week,

from wildfires in California,
to problems in Puerto Rico,

to more details
concerning Harvey Weinstein.

It's not just his behavior
that was troubling,

it's the way people
around him excused it.

Nothing is more emblematic of that
than this story told by Angie Everhart.

While she was sleeping
on a boat at the Cannes Film Festival,

Weinstein broke into her room
and masturbated in front of her.

I told people on the boat,

and everyone was like:
"that's just Harvey".

What the fuck ? So everyone knew
and they just went with it ?

Harvey's gonna burst into your room
and masturbate. That's just Harvey.

He's like a sex-criminal version
of the Kool-Aid man.

While most have
condemned Weinstein's behavior,

some initially tried to defend him,
from Oliver Stone,

whose first response was: "it's not
easy what he's going through",

to longtime friend Donna Karan,
who took an incredible tack.

How do we present
ourselves as women ?

What are we asking ?
Are we asking for it ?

It's not Harvey Weinstein.
You look at everything,

all over the world today,
and how women are dressing

what they're asking by just presenting
themselves the way they do ?

Excuse me ?
One, that is appalling.

And two: how would Donna Karan
know how women are dressing now ?

It's not 1993. Her most
recent work included this hat.

"Howdy there, excellency !"

"If it ain't pious the kid,
the cowboy Pope !"

Both Stone and Karan
did later apologize,

and the Motion Picture Academy
made a big announcement.

The board of governors voting
to expel the once powerful producer,

saying the era of willful ignorance
and shameful complicity

in sexually predatory behavior
and workplace harassment is over.

Yes, finally: the group that counts
among its current members

Roman Polanski, Bill Cosby
and Mel Gibson

has found the one guy who treated
women badly and kicked him out.

Congratulations, Hollywood !
See you at the next Oscars,

where Casey Affleck will be
presenting best actress !

Let's move on to President Trump:

the silver lining for anyone
who died in 2015.

He spent his week continuing efforts
to sabotage Obama-era policies,

beginning with
the Affordable Care Act.

He signed an order intended
to make it easier

to buy cheaper,
shittier health care plans,

which he did by putting a pen in
his mouth and having a seizure.

He eliminated $7 billion in subsidy
payments to insurance companies

which help offset health care expenses
for around seven million Americans.

And the results of that
could be severe.

Nonpartisan Congressional
Budget Office estimated

ending these subsidies will push up
premiums by about 20 percent

in 2018 and add 200 billion dollars
to the deficit over ten years.

Trump's plan is going
to make insurance more expensive

and lose the federal
government more money.

Strategy you can read
about in his book:

"The Art Of Being Bad At Stuff,"

"Including Book Titling,"
no end parentheses.

Even members of his own
party know this is bad politics.

When he's raised the prospect
of cutting subsidies,

some managed
to talk him out of it.

Republicans are playing checkers.
And Trump is playing Chex.

That's right: Chex, the game
of stress-eating Chex Mix

because you do not understand
your job.

That was not the only case this
week where Trump acted

without seeming
to understand the consequences.

President Trump said he will no longer
certify that Iran is complying

with the nuclear deal, or that
it is in the US national interest.

This goes against what his own
national security team

and all global powers that
signed the deal believe.

Exactly, Trump seems to be
pretty much alone on this.

His Defense Secretary
thinks Iran is in compliance,

as does his Secretary of State,
I'm sure that Mnuchin does as well,

but I'm so blinded by that guy's
moviestar handsomeness

that I can no longer hear
anything he says.

Prime beef right there. Right ?
Prime. Beef. Am I right ?

The guy's hot. You don't mean it.

Thankfully Trump's move
does not instantly kill the deal.

Congress passed a law

where the president has to re-certify
the deal every 90 days.

No other nation has a requirement
like this, it is a stupid idea.

It goes to Congress, whose options
range from doing nothing

to restoring sanctions, which
could blow the whole thing up.

That would be insane,
because essentially everyone,

including the agency
who monitors this,

agrees that Iran
is in compliance.

Why is Trump doing it ?
On Wednesday he explained

his what we'll call "thinking".

It was one of the most incompetently
drawn deals I've ever seen.

150 billion dollars billion given,
we got nothing.

They got a path to nuclear
weapons very quickly.

One point seven billion dollars
in cash. Cash out of your pocket.

You know how many airplane
loads that must be ?

Stopping Iran getting a nuclear weapon
is not "getting nothing" !

It makes life on Earth safer.
As for the money,

we didn't "give" it to them,
it was just frozen under sanctions,

or it was money
that they paid us

for military equipment in 1979,
that we never delivered.

So he's wrong. He just said a string
of things factually inaccurate.

And you all know
what this means ? Yes !

We got him ! Yes !

Wait ! Stop !

We didn't get him !
Stop ! I just got a news alert,

he's still the president,
we didn't get him,

it turns out nothing matters,
nothing matters anymore.

I'm sorry. He didn't
know what he was talking about.

I thought that was meaningful.

The Iran deal now goes to Congress.
But they can't renegotiate it,

cause the deal isn't just
between the US and Iran.

It's between all of these parties,

and they have been
clear where they stand.

EU leaders are defending
the current agreement

and the UK, Germany and France
are committed to the deal as is.

Yeah, of course they don't
want to reopen the deal.

That's not how deals work.
If you buy a lamp for 40 dollars,

one person gets 40 dollars,
one person gets a lamp.

Also, one of you will get murdered,
but figuring out who and how

is the "joie de vivre"
of Craigslist !

As Iran's Foreign Minister
points out,

this decision may limit the ability
of Trump or any future presidents

to make deals from now on.

Nobody else will trust
any U.S. administration

to engage
in any long-term negotiation,

because the length of any commitment
from now on with any US administration

will be the remainder
of the term of that president.

And that is a huge problem.

Countries need to know that America
will honor its agreements,

if they don't, that's gonna be an issue
no matter who that next president is,

Warren, or President Kaine, or
more likely, President Donald, Jr.,

followed by President Eric,
followed by President Jared and Ivanka.

There is no reason to expect
that that won't happen.

So, this Iran deal decision is
dangerous and bizarre.

Trump is asking Congress to fix a deal
they don't have the ability to fix.

Fixes, incidentally,
that may violate the deal itself,

which has a process for restoring
sanctions if Iran doesn't comply.

Which everyone
agrees that they are doing.

He threatened
to pull out of the deal himself,

though his Secretary of State
said he wouldn't,

but who knows if those two
are speaking,

considering Tillerson called
Trump a "fucking moron"

and Trump publicly challenged him
to an IQ contest this week.

As foreign policies go,
this is incoherent.

You can't call it realism
or idealism or neoliberalism.

You can barely even call it
foreign policy.

The thing it's closest to

is a scared monkey in a submarine
randomly pushing buttons.

That might be fun to watch,
until it suddenly hits you:

"Shit, we're all on the submarine
with that fucking monkey."

And now this.

And now, it's autumn,
and that means only one thing...

Boy, pumpkin spice latte.

This is a whole season in a cup
of coffee, isn't it ?

Yeah !
Pumpkin spice latte !

It is now officially
pumpkin spice latte time.

Try to walk in and get a pumpkin
spice in the summer, you can't get it.

No, you can't !
Pumpkin spice latte !

The pumpkin spice latte, have you
had it ? Sent me to the moon.

Jim Cramer loves
pumpkin spice lattes !

I'm waiting for the pumpkin latte
and I'm trying to lose weight,

so I had to stay away from it,
the pumpkin latte.

Shut up ! Just drink it !
Pumpkin spice latte !

As soon as Starbucks has
that pumpkin spice latte, or PSL...

Good one, Steve !
P-S-L !

When they take away the pumpkin
spice latte, I cry a little.

Don't cry, handsome actor man !
Pumpkin spice latte will return !

Pumpkin spice lattes are delicious.
They seem wholesome

and after all, they're only
a beverage, but are they also racist ?

Fuck you !
Pumpkin spice latte !

By the way, love your
pumpkin spice latte-color...

I've got so much to tell you.
I've been so ahead of this curve,

but pumpkin latte futures are big.

- Is it X-rated ?
- No, it's not.

Wait. What ? Did he fuck a pumpkin
spice latte ? Pumpkin spice latte !

The bigger deal is this new maple
pecan latte. All right ?

So, this is gonna push
the pumpkin spice to the side.

Fuck maple pecan !
Pumpkin spice lattes forever !

Moving on. Our main story
tonight concerns Equifax,

whose name sounds
like a theatrical production

in which Daniel Radcliffe plays
a horse that fucks a fax machine.

Equifax is one of the big
three credit reporting agencies,

who keep financial data
on all of us,

so lenders and landlords can decide
whether or not we are trustworthy.

Equifax controls some
of our most sensitive information

and a month ago,
we learned this.

Breaking news from the credit
monitoring company Equifax.

Cyber thieves making off
with private information

of 143 million Americans,
nearly half the U.S. population.

It's actually worse,
it's now 145 million Americans.

The good news is that by
"private information",

they don't mean
your Google search history.

Nobody yet knows you searched
"Wario porn, parentheses 'real',"

or "world's richest dogs
looking for assistants"

or "can loneliness
cause the farts ?"

Bad news is, the information
they got could well be all this.

Your name, Social Security
number, birth date, driver's license,

and addresses where you lived,
information mostly permanent,

unless you're in federal
witness protection.

That does sound bad,
but here is a simple solution:

move 145 million people into
the witness protection program.

That means Joneses ?
You are the Thompsons.

Thompsons ? You're the Campbells.
Campbells, you're the Mendozas.

Mendozas, you're the Joneses.
Joneses, you shouldn't be there.

I made you the Thompsons !
No ! I made you the Campbells !

you're the Mendozas !

Mendozas, you should be living
in the Joneses' house in Phoenix !

I shouldn't have said Phoenix !
God, the Joneses are dead !

The Joneses are dead !
Forget the whole plan !

I was just trying to help !
I'm sorry for trying !

They're dead !

I know there might be
some younger people watching this:

"Who cares ? We're the first
generation to routinely send"

"pictures of our junk
over the Internet,"

"why should we care if someone
sees our Social Security numbers ?"

Criminals can do a lot more
with that number

than they can
with a picture of your dick.

This information's gonna be sold
on the black market.

People are gonna be able
to open up credit cards

for the rest of your life
once they have that information.

They can purchase
a home in your name,

they can open bank accounts,
take car loans.

Someone who has
your social security number

could take a job, file taxes,
even claim your kids as dependents

and be gone with your refund
before you file a tax return.

No ! The tax benefit is
the whole point of having children !

Without that, all you're left with
is your actual children,

which, you know...

It's a huge problem.
And in any other era,

this would've been the biggest
news story for a month,

but now that every day's headline
is the words

"everything batshit bananas again
today", it's slipped under the radar.

How the hell did this happen ?
Because the short answer is:

"the people in charge have done
literally everything wrong".

Let's start with the way Equifax
told us about the hack.

In September,
their then-CEO Rick Smith,

a man with a face and name so bland
he may as well be called

"human person" or "Frasier rerun",
he issued a taped apology,

but his remorse seemed
a little less than heartfelt.

On July 29th of this year,
we discovered that attackers gained

unauthorized access
to certain Equifax data files.

This is a disappointing event,

that strikes at the heart
of who we are and what we do.

Rick Smith is
so alarmingly mechanical,

you have to put him in rice
every time he gets wet.

He mentioned there that
Equifax learned about the breach

on July 29th.

But that video was uploaded
in September,

which is, and this is true,
after July.

Equifax knew for nearly six
weeks before telling the public.

They needed
that time because their investigation

was "complex and time consuming".

That's not all that happened
in that timespan.

Three Equifax executives sold
nearly two million dollars

in company stock days after
the data breach was discovered.

Selling stock before the public
knows there's a problem

looks suspicious, whether or not
you're doing something wrong.

It's like walking
into a petting zoo with a bib on.

What exactly are you planning
on messily devouring in there ?

Equifax defended that, saying
none of the executives in question,

knew about the data breach.

Which raises another question:
how is that even possible ?

Did they just ignore emails
with the subject lines, "Breach !",

"Following up on breach !",
"Where the fuck are you ?"

and "just spoke to you about breach,
and you stared blankly at me"

"and then said 'I'm gonna order
from that salad place'."

If you are getting frustrated
with this incompetence,

pace yourself, because
this story gets a lot worse.

There were multiple points where
this hack could've been prevented.

Equifax were alerted
by Homeland Security back in March

that they needed to fix
a vulnerability in their software.

But as lawmakers discovered,
that's not what happened.

There was one person
who forgot to tell somebody

that they had a software
that needed to be patched.

It is not ideal that a company
guarding such valuable information

leaves something that important
down to one person.

It's like Chase Bank has a big red
button labeled "lose everyone's money"

and the only thing stopping
anyone from pushing it is Frank.

I love Frank, I love the guy
but what if he has to pee ?

This is an anomaly, but Equifax
has had multiple breaches.

Not even counting
smaller incidents like this.

I checked my credit report
the other day online with Equifax.

Next thing I know I have 300 pieces
of mail sittin' in my mailbox.

Every one is addressed to her,
but they're not hers.

She got other
people's credit reports.

Now, names, social security
numbers, dates of birth,

current and previous addresses,
bank and loan account numbers,

all stacked up
on a kitchen table in Biddeford.

That's not great, is it ? It should've
set off red flags at Equifax

when hundreds of credit reports
were being mailed to the same address.

What did you think
had happened there ?

That every single fraggle
checked their credit at once,

down at Fraggle Rock ?

Down at Fraggle Rock ?
Very nice.

I know that other
companies have had breaches,

but none as damaging
as this new Equifax one.

This isn't Target exposing
customers' credit cards,

this is compromising
social security numbers,

thieves could use it to open
new credit cards in your name.

If your information was stolen,
about a 50-50 chance,

it could haunt you forever.

You don't change your birthdate,
your social security number.

Those who have been jeopardized
by this hack

will have to protect themselves
until they're dead.

It's true. Think about that:
there is only one other thing

you have to constantly protect
yourself from until you're dead.

And that's fucking death.

You would hope Equifax would do
a decent job of mitigating the damage,

after all, they did have nearly
six weeks to work on a response.

But instead,
their fuckups continued.

They created a website for
concerned consumers to go to,

but then this happened.

The site that Equifax started
is called Equifaxsecurity2017,

but a developer
named Nick Sweeting wanted

to show how easy it is
to create a similar, fake site,

so he did, he called it

Someone created a fake site.
And if you're thinking:

"who'd be dumb enough
to fall for that ?"

Equifax, that's who. Because
they tweeted links to that fake site

at least eight times.

Despite that site had a couple
of tiny clues that it might be fake,

from the headline:
"why did Equifax use a domain"

"that's so easily impersonated
by phishing sites ?"

To the fact that, when you clicked
on their "FAQ", this happened.

Well-played, pranksters.
You have my respect.

Equifax says that they
are tightening up their operation.

Not because it's their site,
but because it's our site.

We bought it two days ago.
You'll find the message:

"How were we still able to do this ?
Why haven't you learned anything ?"

There is even more.

Equifax also offered consumers
a year of free credit monitoring.

When people tried to sign up,
they noticed something.

You lock into Equifax's terms
of service when you sign up for it,

which means that
you can't sue the company.

You resolve disputes
in forced arbitration.

You'd be giving up
your right to sue, so legally,

your best recourse at that point
would be shaking your fist

while shouting "Equifax" !

They've since rescinded
that clause.

Many are signing up for third-party
credit monitoring services,

like LifeLock, who've been
advertising everywhere,

and they have seen a surge
in business.

If you are considering LifeLock
because you are mad at Equifax,

it's something
you're gonna need to know.

According to filings with the SEC,

LifeLock purchases credit
monitoring services from Equifax.

That means someone buys credit
monitoring through LifeLock,

LifeLock turns around
and passes some of that revenue

directly along to Equifax.

- Is that right, Mr. Smith ?
- That is correct.

It's true. Some of the money
that you pay to LifeLock

goes right back to Equifax,
which could only be more infuriating

if you then found out that the rest
goes to Toys for Todds,

a charity that purchases sex
toys for grown men named Todd.

Buy your own sex toys, Todd,
we can't carry you on this one.

Equifax connections aside,
LifeLock had repeated issues itself,

including settlements
with the FTC

and a truly disastrous
ad campaign a few years back.

I'm Todd Davis
and I'm here to prove

how safe your identity
can be with LifeLock.

That's my real
social security number.

LifeLock's then-CEO,
Todd Davis,

put his real social security number,

on a truck and billboards.

For a time, it was impossible
to escape his number,


And that was
a very cocky move

and one that resulted in him
having his identity stolen 13 times.

I'm guessing that the defense
for the people who took it was:

"I didn't steal his identity,"

"I literally got it
off the back of a truck."

LifeLock may not be your best
solution to the Equifax crisis.

Which brings us to the question:
what is ?

Consumer advocates told us
the step everyone should take

is go to all three large
credit-reporting companies,

Equifax, Experian and TransUnion
and freeze your credit.

That way, no one can access it,
including you, until you un-freeze it.

The companies offer their
own credit-protection products,

with names like "Trusted ID",
or "Credit Lock Plus",

but they are more expensive and
offer fewer consumer protections.

If you need to remember this,
locks are something you don't want.

Think of
Justin Bieber's dreadlocks.

A terrible decision, to be avoided.
Whereas freezes are great.

Think of this tiny penguin
losing its frozen mind.

See ?
So, to recap: locks ?

Freezes ?

Here's the thing on this:
freezing and unfreezing your credit

can cost money, which will
go back to these companies.

Seemingly, they just can't
fucking lose on this.

On the same day that Congress
was yelling at Equifax's former CEO,

it emerged that the company
had just been awarded

a $7 million contract
by the IRS to prevent fraud.

Which led one senator to make
a brutal comparison.

You realize to many
Americans right now that looks like

we're giving Lindsay Lohan
the keys to the minibar ?

I understand your point.

That was the pause
of a man thinking:

"do I let that pass,"

"do I correct him
on how to pronounce Lohan,"

"or I pronounce her name
Lingonberry Lohoneybaloney" ?

You should know:
that IRS deal has been suspended.

Not canceled, just suspended.
That might make you angry.

That anger won't have much
impact on Equifax,

they make most of their money
selling our data to businesses.

In their eyes, we're not the
consumer, we're the product.

In terms of KFC, we're not
the guy buying the ten-piece buckets,

we're the fucking chickens.

Businesses are the only ones who
can exert influence here.

As one colorfully-dressed
expert pointed out,

that's not gonna happen soon.

I haven't heard any big
company come out yet and say

we're not going to use Equifax
anymore for their credit scores.

Everybody's quiet, I don't know
what they're waiting to hear.

They should be done. But, because
it's America they'll be okay.

That angry, business-casual
farm animal on Fox Business

is talking sense.

That sentence alone shows
just how bad things are.

There should clearly be major
reform to this industry.

But that is going to take time.
So until then,

freeze your credit reports
with all three of these companies

and only un-freeze them when
you need to apply for credit.

Because the freeze option can be
hard to find on their sites,

if you go to our Twitter feed,
we will give you the exact links.

They will give you a PIN number
you need to un-freeze it,

so do not lose that number,
or make it something memorable,

like 457-55-5462.

But not that.
Because of course,

that's Todd Davis's social
security number.

And now, this.

New York City mayoral
candidate Bo Dietl

makes a splash
at this week's debate.

One minute opening
statements, with Bo Dietl.

First of all, go Yankees !

I was mobbed 500 times,
I was stabbed, I was shot at,

hospitalized 30 times.

What'd you make last year ?
I made $1.8 million, ok ?

If I had my head
in a potato field,

but I popped it out
and listened to this mayor,

I'd vote for him too.

He hired that Ponte, from Maine.
He was guarding mooses.

Mr. Dietl,
we're going to you first.

I haven't
asked the question yet.

I'd like to go to Riker's Island
with the Mayor. Me and you.

This is just one of the issues
in which our Mayor has.

What is that wall against Gracie
Mansion ? Is it the Berlin wall ?

We're going to cut your mic
off if you don't follow the rules.

My question is to
the assembly member.

- Wha' 'bout me ?
- Sorry, I get only one.

I cut off your mic,
because you keep interrupting

and we'll do it again
if you continue.

You said that a quote:
"Muslim guy who works for the state"

"was to blame
for your problems."

You referred to your attorney
as my quote: "Jewish lawyer",

and you said that you knew
you had lost your court battle

because the African American
judge you said

"looked like Bill de Blasio's wife,
Chirlane McCray."

You're wrong on that,
what you just said.

What was I wrong on ?

Was very familiar
looking as the mayor's wife,

with two beautiful eyes
and a smile.

I never used the word
African American.

Yeah, just turn off the mic.
Thanks for watching.

Please vote next month,
have a great evening.

That's our show.
We're off next week,

good night !

Pumpkin spice latte !