Equifax data breach Equifax is one of three major consumer credit reporting agencies in the United States.
They are the ones that come up with a credit score based on their information that they have on consumers. When a consumer applies for a lone, the lender requests information from these companies like Equifax. Equifax will then send over the credit report and credit score to the lender to evaluate your eligibility. Based on that credit history the lender can then adjust what your interest rate will be. What type of attack was launched? Within recent months Equifax has established that the cybercriminal’s got into the system in the middle of May through a software vulnerability that had an update that was released in late March.
This was devastating news for the credit-reporting agency. Equifax failure to take precautions that had more than two months to do so, risked and later leaked personal information of 145 million people by having weak vulnerability’s exposed to hackers. The company took six weeks to notify the public after finding out about the breach.
Even then, the site that Equifax set up in response to address questions and offer free credit monitoring was itself riddled with vulnerabilities. The site that Equifax started was called “Equifax Security 2017.” But a developer named Nick Sweeting wanted to show how easy it was to create a similar fake site and he did. he called “Security Equifax 2017.” And if you’re wondering who would fall for that, Equifax did. They tweeted links to the wrong site 10 document to times before realizing they were tweeting about the wrong Equifax site. (eg. Oliver, John (2017) Equifax: Last Week Tonight with John Oliver (HBO)).
But the ongoing discoveries increasingly paints a clear picture of negligence and carelessness especially in Equifax’s failure to protect itself against a known flaw with a ready fix. The vulnerability that attackers exploited to access Equifax’s system was in the Apache Struts web-application software, which is used widely across the company. The Apache Software Foundation was not to blame in this instance, the attack and vulnerability happened because an update for the software program was never installed. The Apache Software Foundation always recommends that users regularly patch and update their Apache Struts platforms.
“Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years,” René Gielen, the vice president of Apache Struts, wrote. Even penetration testers and other security researchers say that it would have been simple for an attacker to exploit the flaw and get into the system. Once they identified Equifax’s systems as vulnerable, actually exploiting the vulnerability to gain access to the Equifax servers and network will be relatively easy,” But the update that was released earlier that year during March and failed to make its way on to the system before the breach in May later that year. Equifax released in a statement that the mishandling of the update led to the vulnerability.
What was compromised or breached? And who are the victims? From the Equifax attack that lasted through mid-May until July we can look back at what was compromised and breach, and we can see first hand the damage consumers are . The cyber criminals gained access to people’s names, social Security numbers, birthdates, addresses, and in some instances even drivers license (eg. Berger, R (2017). Equifax Hack — How To Protect Your Credit And Identity If Your Data Was Compromised.). All of this highly sensitive information that is only assigned once to a person in their life. Losing your full identity can result in a thief taking out loans or credit cards in your name.
A variety of fraud alerts will usually detect such activity, and the methods to correct such problems have become well known and efficient. However, individuals with a high net worth may wish to take additional steps. This affects nearly 145,000,000 people across the United States who are now affected by leaked credit scores and identity. Were there any compliance issues? Your own analysis and feedback about the attack and how it could have been prevented? As I began to look further in-depth into the processes Equifax’s cybersecurity policy’s, numerous questions have been raised over the security policies that were emplaced to protect this very sensitive information. The vulnerability that attackers exploited to access Equifax’s system was in the Apache Struts web-application software because of a missed update.
The Apache Software Foundation always recommends that users regularly patch and update their Apache Struts platforms.