Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Equifax Data Breach Fallout Continues as Lawsuits Are Filed

    By
    SEAN MICHAEL KERNER
    -
    September 8, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Equifax Breach

      The impact of the breach at credit reporting and monitoring agency Equifax will likely be felt for months and years to come, as the full scope of the security incident is uncovered. Equifax publicly disclosed on Sept. 7 that attackers gained unauthorized access to it systems, exposing personally identifiable information on 143 million American consumers. The breach has also led to multiple legal actions, including at least one class-action lawsuit.

      At this point in the investigation, Equifax has not publicly disclosed the root cause of the data breach. The only insight the company has provided is that the attackers were able to exploit a U.S. website application vulnerability to gain access to certain files.

      While web application vulnerabilities can be found by internal corporate security teams, third-party security researchers are also capable of discovering flaws. There is a challenge, however, in that not all organizations make it easy for security researchers to responsibly disclose vulnerabilities.

      “We looked at Equifax’s website and found no easy way for hackers to disclose anything,” HackerOne CEO Marten Mickos wrote in an email statement sent to eWEEK. HackerOne is in the business of running managed bug bounty programs for organizations.

      Mickos noted that several Equifax bugs have been disclosed via the Open Bug Bounty, which is a nonprofit project designed to connect hackers with website owners to resolve bugs in a transparent and open manner. 

      “One of [the bugs] was disclosed for their UK website and took nearly five months to resolve and the second is for the U.S. website, which has yet to be resolved,” he said.

      It is unknown if the unresolved bug that was reported to the Open Bug Bounty is related to the Equifax breach.

      Identity Theft Protection

      As part of its breach response, Equifax is providing free identity and credit monitoring to impacted consumers via its own TrustedID service. However, on both Sept. 7 and 8, there were widespread reports that consumers were unable to access the identity protection enrollment site.

      Aside from the likely high volume of traffic, the site (EquifaxSecurity2017.com) was temporarily blocked by Cisco’s OpenDNS web filtering service. In a Twitter post, OpenDNS founder David Ulevitch confirmed that the Equifax site initially triggered the criteria for identifying a site that is potentially malicious, including volume of traffic spiking from zero and the fact that it was a new domain.

      For those who have been able to reach the identity protection enrollment site, there have been multiple reports of concerns about the legal terms of use. As part of the enrollment terms for TrustedID, consumers must waive their rights to sue Equifax or participate in any class-action lawsuit against Equifax.

      At least one class-action lawsuit has already been filed against Equifax over the data breach incident.

      “Plaintiffs file this complaint as a national class action on behalf of over 140 million consumers across the Country harmed by Equifax’s failure to adequately protect their credit and personal information,” the class-action suit filed in Oregon federal court on Sept. 7 states.

      Investors

      Equifax consumers aren’t the only ones taking legal action, as investors are also now looking at potential wrongdoing by the company as well. Multiple executive officers of Equifax allegedly sold Equifax stock days after the company first became aware of the breach on July 29. Corporate litigation firm Bronstein, Gewirtz & Grossman stated in a press release that it’s investigating whether there was a violation of U.S. securities law.

      “The investigation concerns whether Equifax and certain of its officers and/or directors have violated Sections 10(b) and 20(a) of the Securities Exchange Act of 1934,” the company stated.

      Following the Equifax data breach disclosure on Sept. 7, Equifax stock has declined by at least 13 percent as of 1 p.m. ET on Sept. 8.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×