Only when enterprises take information security seriously, and have a CISO who is empowered with staff and a budget, can they reasonably expect to avoid the same fate as Equifax. The lesson every organization can take from Equifax is that the breach was entirely preventable. The heart of Equifax’s failure was that they fundamentally neglected to implement an adequate information governance program to protect their sensitive data. Had Equifax invested some of that money into better information security ( vulnerability management, etc.), they would not be the poster child for bad data security. #EQUIFAX DATA BREACH FREE#That is nearly 5 months during which time cyber attackers enjoyed free reign across one of the largest databases of consumer data on the planet.Įquifax spent over $300 million to recover from the breach, of which insurance only covered about $75 million. #EQUIFAX DATA BREACH PATCH#Their failure to patch a known critical vulnerability in Apache Struts left a key critical system at risk for 145 days. If Equifax had simply implemented and consistently executed an effective patch management policy, the 2017 data breach would have been prevented. Lack of PCI compliance for a critical application.Legacy systems with severe security problems.Lack of a certificate management program.Ineffective security strategy and infrastructure Hackers stole the personal information including Social Security numbers of almost 148 million Americans from Equifaxs servers in a data breach in May to.While the information security failures at Equifax were many, here are the 9 fundamental errors and oversights which paved the way for this calamitous breach: Personal information such as a person’s name, date of birth, social security number, email address, and more can be exploited for decades after a breach.ĭuring my recent webinar, Applying Vulnerability Management Lessons from the Equifax breach to Improve Your Security in 2019 (which you can now watch on-demand here), I discussed the Equifax breach and some of the issues which led to it. However, what makes the impact of the Equifax breach particularly devastating is that much of the information breached has a very long shelf life. If a card, or even large amounts of cards, are known to have been breached, closing the account(s) will put an end to things. It was the largest data breach of 2017 and remains one of the ten largest breaches to date.īreaches involving credit cards can be devastating, but credit cards have a finite life. Millions of other records on British and Canadian citizens were also compromised. On September 7, 2017, Equifax announced that they were victimized by a data exfiltration attack, and that the attackers compromised over 145 million records of US consumers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |