Inside the Equifax Hack

Was the Data Just Too Big? Inside the Equifax Hack

Inside the Equifax Hack

Equifax is a gigantic financial organization, the entire livelihood of which revolves around collecting and analyzing consumer credit data to assign credit scores. If any organization knows how to handle big data and keep it secure, that organization would be Equifax. Yet, we have the Equifax data breach that bared the personal details—including social security numbers and driver’s license numbers—of 143 million Americans. All told, Equifax is privileged with data from 820 million consumers and more than 91 million businesses worldwide.

Equifax’s overt negligence is undoubtedly reprehensible, however I think the waterfall of harsh critique also becomes unfair,” Ilia Kolochenko, CEO of High-Tech Bridge, a Swiss web security company, told USA Today.

But Mr. Kolochenko, our entire system of financial credibility and mobility is based on credit scores. You can expect a “waterfall of harsh critique” when we’re constantly being watched by a company like Equifax. Why should a company not able to look after its own books be able to penalize us for not looking after ours? Equifax’s “negligence” could call into question the credibility of the entire system. In the future, your credit score may not be your own.

Businesses today must be constantly alert for hackers who seek to compromise systems for purposes such as identity theft or extortion,” warns Villanova University. “Strengthening cyber security begins with keeping all software and hardware up to date and engaging in regular maintenance.

Yet keeping software up to date is exactly what Equifax didn’t do. In March of 2017, the Apache Foundation issued a patch for a vulnerability in Apache Struts, which is an “Open Source framework for creating enterprise-grade Java Web applications.” Equifax failed to apply the patch.

The company’s cybersecurity personnel would have had to upgrade to the latest version of Apache Struts, and there are plugins available online that provide the fix. Overall, fixing the holes that left Equifax vulnerable required a deep-dive of maintenance. The company needed to examine each network application for vulnerabilities. Then, vulnerable applications should have been updated with the patch. Further, programmers may have had to rewrite some applications to coincide with the software already in place, then they would have had retest and redeploy the whole network.

A network as large as Equifax’s doubtlessly needs a lot of patches anywhere Java applications come into play. In Equifax’s defense, cybersecurity analysts are faced with more than a million new malware threats each day. Daily, there are at least 20 million attacks on government computers, and hundreds of millions more on other information systems. Equifax’s cybersecurity personnel may simply have been overwhelmed and may have missed the Apache Struts vulnerability due to the sheer amount of the threats and huge Equifax network that they must protect.

But at the end of the day, no one can make excuses for them. Jeff Williams, co-founder of Contrast Security, notes, “This is not some crazy movie-plot attack scenario. There is really no excuse for organizations not to be prepared for this totally expected scenario. They should have a well-practiced playbook and run it often.

No matter how much time it would have taken to patch Apache Struts, doing so should have been a standard priority for a company that thrives on consumer data. And the issue of timing is heightening the roar of scandal. The breach happened during the summer, but it took until September 7 for Equifax to announce. Between the time the company discovered the breach (July 29) and that of the announcement, the company’s top executives sold more than $2 million worth of Equifax shares.

You can visit www.equifaxsecurity2017.com to find out if your data may have been compromised.

If your data is compromised, you can place a security freeze on your credit by visiting the following URLs:

  • Equifax: https://help.equifax.com/s/article/ka137000000DSDjAAO/How-do-I-place-a-security-freeze-on-my-Equifax-credit-file
  • Experian: https://www.experian.com/freeze/center.html
  • Innovis: https://www.innovis.com/personal/securityFreeze
  • TransUnion: https://www.transunion.com/credit-freeze/place-credit-freeze

Alternatively, check your credit report at http://annualcreditreport.com/ (you can do this once a year for free).

By Daniel Matthews

Daniel Matthews

Daniel Matthews is a freelance writer from Boise, ID. Daniel received his Bachelor’s in English from Boise State University in 2006, and is currently working on a book about the 2008 financial crisis. Widely-published online, he specializes in research and analysis that sheds light on the intersection of tech, business, and current affairs. Daniel is an avid writer and technology enthusiast whose mission is to bring journalistic integrity and informed opinions to his audience in ways that make them think differently about the world. You can find him on Twitter and LinkedIn.

View Website

CONTRIBUTORS

Cyber Security Tips For Digital Collaboration

Cyber Security Tips For Digital Collaboration

Cyber Security Tips October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security ...
Cloud Computing Certification Courses

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility Earlier this week, AWS S3 had to fight its way back to ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Countdown to GDPR: Preparing for Global Data Privacy Reform

Countdown to GDPR: Preparing for Global Data Privacy Reform

Preparing for Global Data Privacy Reform Multinational businesses who aren’t up to speed on the regulatory requirements of the European ...
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in ...
Principles of an Effective Cybersecurity Strategy

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as ...
Two 2017 Trends From A Galaxy Far, Far Away

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the ...
The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, ...
Safeguarding Data Before Disaster Strikes

Safeguarding Data Before Disaster Strikes

Safeguarding Data  Online data backup is one of the best methods for businesses of all sizes to replicate their data ...
3 Ways to Protect Users From Ransomware With the Cloud

3 Ways to Protect Users From Ransomware With the Cloud

Protect Users From Ransomware The threat of ransomware came into sharp focus over the course of 2016. Cybersecurity trackers have ...

NEWS

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...
email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...