- Donald E. Hester
Equifax Data Breach News
The Equifax data breach will become a watershed moment in the history of cybersecurity. Not because of the number of records released, but because the type of data that was taken. The threats to consumers from this incident will continue for the rest of their lives. This leaves the potential losses open ended and impossible to calculate. In addition, Equifax's response to the incident so far has been a perfect Charlie Foxtrot. I have started to keep tabs on news as it comes to light. I will post them here. Hopefully this will help cybersecurity professionals see the risks and the mistakes and learn from them. Based on this information, what do you think were some of Equifax's mistakes? What can we learn from this?
Last Updated 4 OCT 2017 CNet "Equifax data breach may affect nearly half the US population. Hackers steal sensitive personal information on as many as 143 million people from credit reporting firm." By Alfred NG and Steven Musil, 7 SEP 2017: https://www.cnet.com/news/equifax-data-leak-hits-nearly-half-of-the-us-population/ CNN Tech, "If you want help from Equifax, there are strings attached" by Chris Isidore and Jose Pagliery, 10 SEP 2017: http://money.cnn.com/2017/09/08/technology/equifax-monitoring-services/index.html Reuters via CNBC, "Equifax CEO will testify before the House on October 3" 13 SEP 2017: https://www.cnbc.com/2017/09/13/equifax-ceo-richard-smith-to-testify-before-house.html CNet "Equifax reportedly used 'Admin; as password in Argentina. Add Argentina to the list of countries potentially affected by sloppy Equifax security." By Sean Hollister 13 SEP 2017: https://www.cnet.com/news/equifax-argentina-vulnerability-admin/ ISMG, "Equifax's Colossal Error: Not Patching Apache Struts Flaw, Confirmed: Hackers Behind Mega-Breach Exploited Struts Flaw; Patch Was Available." by Jeremy Kirk, 14 SEP 2017: https://www.govinfosecurity.com/equifaxs-colossal-error-patching-apache-struts-flaw-a-10292 CNN Tech, "How the Equifax data breach happened: What we know now" by Jackie Wattles and Selena Larson, 16 SEP 2017 http://money.cnn.com/2017/09/16/technology/equifax-breach-security-hole/index.html CNBC "Equifax Acknowledges a Second Security 'Incident' Happened in March," by Jordan Novet, 18 SEP 2017: https://www.cnbc.com/2017/09/18/equifax-acknowledges-second-security-incident-march.html ISMG, "More Questions Raised After Equifax CIO, CSO 'Retire' Some Security Professionals Blast Criticism of Outgoing CSO Over Her Music Degrees." by Mathew J. Schwartz, 18 SEP 2017: https://www.govinfosecurity.com/more-questions-raised-after-equifax-cio-cso-retire-a-10297 Wall Street Journal "Massachusetts AG Hits Equifax With Suit Over Hack," by AnnaMaria Andriotis, 19 SEP 2017: https://www.wsj.com/articles/equifax-says-data-breach-possibly-affected-100-000-canadian-consumers-1505834728?tesla=y The Verge via MSN Money, "Equifax customer service directed a victim to a phishing site. Equifax's entire response to the breach has been a mess." By Dani Deahl, 20 SEP 2017: http://www.msn.com/en-us/money/companies/equifax-customer-service-directed-a-victim-to-a-phishing-site/ar-AAsgSLB?OCID=ansmsnnews11 GIZMODO, "Equifax Has Been Sending Consumers to a Fake Phishing Site for Almost Two Weeks." by Dell Cameron 20 SEP 2017: https://gizmodo.com/equifax-has-been-sending-consumers-to-a-fake-phishing-s-1818588764 ISMG, "Equifax's May Mega-Breach Might Trace to March Hack, Intrusion Eyed as Beachhead for Theft of 143 Million US Consumers' Data," By Mathew J. Schwartz, 21 SEP 2017: https://www.govinfosecurity.com/equifaxs-may-mega-breach-might-trace-to-march-hack-a-10319
CNBC.com, "Equifax CEO Suddenly Retires Following Data Breach Affecting 143 Million People" by Liz Moyer, 26 SEP 2017: https://www.cnbc.com/2017/09/26/equifax-ceo-retires-following-an-epic-data-breach-affecting-143-million-people.html
Think Advisor "Businesses Files Class Actions Against Equifax", 25 SEP 2017: http://www.thinkadvisor.com/2017/09/25/businesses-begin-filing-class-actions-against-equi
ISMG, "Report: Equifax Subpoenaed by New York State Regulator, Department of Financial Services Seeks Breach Discovery and Response Details," by Mathew J. Schwartz, 28 SEP 2017:
CNN "Why Equifax will continue to profit by selling your personal information" by Katie Lobosco, 3 OCT 2017:
USA Today, "House grills Equifax ex-CEO on breach" by Elizabeth Weise, 3 OCT 2017: http://www.msn.com/en-us/money/companies/house-grills-equifax-ex-ceo-on-breach/ar-AAsRmhG
ISMG, "Scammers Hosted Files on Equifax's Australian Website, Security Error Could Have Been Exploited to Phish Data, Distribute Malware" by Jeremy Kirk, 3 OCT 2017: https://www.govinfosecurity.com/scammers-hosted-files-on-equifaxs-australian-website-a-10350
