Equifax Data Breach News

21 Sep 2017

 

The Equifax data breach will become a watershed moment in the history of cybersecurity.  Not because of the number of records released, but because the type of data that was taken.  The threats to consumers from this incident will continue for the rest of their lives.  This leaves the potential losses open ended and impossible to calculate. In addition, Equifax's response to the incident so far has been a perfect Charlie Foxtrot.

I have started to keep tabs on news as it comes to light.  I will post them here.  Hopefully this will help cybersecurity professionals see the risks and the mistakes and learn from them.  Based on this information, what do you think were some of Equifax's mistakes?  What can we learn from this?

 

Last Updated 4 OCT 2017

CNet "Equifax data breach may affect nearly half the US population.  Hackers steal sensitive personal information on as many as 143 million people from credit reporting firm." By Alfred NG and Steven Musil, 7 SEP 2017:
https://www.cnet.com/news/equifax-data-leak-hits-nearly-half-of-the-us-population/

CNN Tech, "If you want help from Equifax, there are strings attached" by Chris Isidore and Jose Pagliery, 10 SEP 2017:  http://money.cnn.com/2017/09/08/technology/equifax-monitoring-services/index.html

Reuters via CNBC, "Equifax CEO will testify before the House on October 3" 13 SEP 2017: https://www.cnbc.com/2017/09/13/equifax-ceo-richard-smith-to-testify-before-house.html

CNet "Equifax reportedly used 'Admin; as password in Argentina.  Add Argentina to the list of countries potentially affected by sloppy Equifax security." By Sean Hollister 13 SEP 2017: https://www.cnet.com/news/equifax-argentina-vulnerability-admin/

ISMG, "Equifax's Colossal Error: Not Patching Apache Struts Flaw, Confirmed: Hackers Behind Mega-Breach Exploited Struts Flaw; Patch Was Available." by Jeremy Kirk, 14 SEP 2017: https://www.govinfosecurity.com/equifaxs-colossal-error-patching-apache-struts-flaw-a-10292

CNN Tech, "How the Equifax data breach happened: What we know now" by Jackie Wattles and Selena Larson, 16 SEP 2017 http://money.cnn.com/2017/09/16/technology/equifax-breach-security-hole/index.html

CNBC "Equifax Acknowledges a Second Security 'Incident' Happened in March," by Jordan Novet, 18 SEP 2017: https://www.cnbc.com/2017/09/18/equifax-acknowledges-second-security-incident-march.html

ISMG, "More Questions Raised After Equifax CIO, CSO 'Retire' Some Security Professionals Blast Criticism of Outgoing CSO Over Her Music Degrees." by Mathew J. Schwartz, 18 SEP 2017: https://www.govinfosecurity.com/more-questions-raised-after-equifax-cio-cso-retire-a-10297

Wall Street Journal "Massachusetts AG Hits Equifax With Suit Over Hack," by AnnaMaria Andriotis, 19 SEP 2017: https://www.wsj.com/articles/equifax-says-data-breach-possibly-affected-100-000-canadian-consumers-1505834728?tesla=y

The Verge via MSN Money, "Equifax customer service directed a victim to a phishing site.  Equifax's entire response to the breach has been a mess." By Dani Deahl, 20 SEP 2017: http://www.msn.com/en-us/money/companies/equifax-customer-service-directed-a-victim-to-a-phishing-site/ar-AAsgSLB?OCID=ansmsnnews11

GIZMODO, "Equifax Has Been Sending Consumers to a Fake Phishing Site for Almost Two Weeks." by Dell Cameron 20 SEP 2017: https://gizmodo.com/equifax-has-been-sending-consumers-to-a-fake-phishing-s-1818588764

ISMG, "Equifax's May Mega-Breach Might Trace to March Hack, Intrusion Eyed as Beachhead for Theft of 143 Million US Consumers' Data,"  By Mathew J. Schwartz, 21 SEP 2017: https://www.govinfosecurity.com/equifaxs-may-mega-breach-might-trace-to-march-hack-a-10319

 

CNBC.com, "Equifax CEO Suddenly Retires Following Data Breach Affecting 143 Million People" by Liz Moyer, 26 SEP 2017: https://www.cnbc.com/2017/09/26/equifax-ceo-retires-following-an-epic-data-breach-affecting-143-million-people.html

 

Think Advisor "Businesses Files Class Actions Against Equifax", 25 SEP 2017: http://www.thinkadvisor.com/2017/09/25/businesses-begin-filing-class-actions-against-equi

 

ISMG, "Report: Equifax Subpoenaed by New York State Regulator, Department of Financial Services Seeks Breach Discovery and Response Details," by Mathew J. Schwartz, 28 SEP 2017:

https://www.govinfosecurity.com/report-equifax-subpoenaed-by-new-york-state-regulator-a-10343

 

CNN "Why Equifax will continue to profit by selling your personal information" by Katie Lobosco, 3 OCT 2017:

http://www.msn.com/en-us/money/companies/why-equifax-will-continue-to-profit-by-selling-your-personal-information/ar-AAsRgSc

 

USA Today, "House grills Equifax ex-CEO on breach" by Elizabeth Weise, 3 OCT 2017: http://www.msn.com/en-us/money/companies/house-grills-equifax-ex-ceo-on-breach/ar-AAsRmhG

 

ISMG, "Scammers Hosted Files on Equifax's Australian Website, Security Error Could Have Been Exploited to Phish Data, Distribute Malware" by Jeremy Kirk, 3 OCT 2017: https://www.govinfosecurity.com/scammers-hosted-files-on-equifaxs-australian-website-a-10350

 

 

Please reload

Featured Posts

Does Security Awareness Work?

July 18, 2018

1/10
Please reload

Recent Posts

March 9, 2020

Please reload

Archive
Please reload

Search By Tags