Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Equifax Dealing With Consequences Of Weak Cyber-Security Management

    By
    WAYNE RASH
    -
    September 9, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Equifax Data Breach

      After what is actually latest in a long series of data breaches at the company, credit reporting firm Equifax said that it will do a better job of protecting the personal and financial data of millions of consumers in the U.S. and abroad.

      Equifax made this promise in a Sept. 7 announcement about the July 29 data breach that exposed the data of 143 million consumers in the US.

      So far Equifax hasn’t provided much information about the breach beyond saying it’s due to an application vulnerability. However, even that tiny bit of information, coupled with the company’s reported history of lax security and an apparent failure to apply patches and updates in a timely manner tells a troubling story.

      Adding to the seeming lack of concern for critical personal data that is entrusted to Equifax comes word that before the breach was announced in September, three senior executives reportedly took advantage of their knowledge of the breach by selling massive amounts of the company stock.

      Equifax’s apparent failure in its duty protect customer data by keeping its computer systems secure has already resulted in multiple legal actions and at least one class lawsuit. That, along with the behavior of its executives suggests that company leadership was looking out for its own interests rather than the interests of customers or consumers.

      The July data breach is hardly the first one reported by the company. In fact, it’s not even the first one in 2017. A number of security researchers have found repeated vulnerabilities on Equifax sites, some of which used software that was over a decade old.

      In another case, Equifax was sued by employees of national retailing chain Kroger after the company lost control of nearly a half-million names, addresses and social security numbers. In that case, Equifax was ordered by the court in that case to fix its security vulnerabilities, but apparently failed to do so.

      Fortunately for businesses, Equifax only lost control of consumer information. The company doesn’t track business credit histories. Another company, Dun and Bradstreet, handles business credit records. But the Equifax breach will still affect you.

      The most obvious impact will come when you extend credit to customers. After such a large breach, it’s possible that anyone you do business with could be an imposter using stolen credit credentials. This won’t affect you if you’re dealing with a credit card transaction, but it could if you extend credit for some other reason. At least for large purchases, such as a vehicle, you will need to consider additional methods of confirming the identity for those customers.

      In addition, you will have to find ways to confirm the identity of people when you’re using their credit for other reasons such as employment. Those ways could include taking a look at the customer’s other identification such as a government ID or a passport. The extra step may be annoying and time consuming, but it will be necessary to protect your business.

      The first step for consumers is to check the special Equifax web page to check if their personal information was exposed in the breach. If so they will have to watch their personal credit ratings to make sure that criminals aren’t creating fraudulent credit accounts with their stolen identities.

      It would be wise for these consumers and perhaps anyone who has had dealings with Equifax to contact all major credit-monitoring services to ask that they watch for attempts to create new credit accounts—especially in locations far distant from their current residences.

      Something that should be equally obvious is that businesses need to diligently apply patches and updates to operating system software and applications, especially public-facing web applications. Failure to do so in an environment where the business is responsible for protecting sensitive information is an invitation to be breached. There’s simply no reason to skip such a step.

      There was a time when software patches were uncertain and updates were sometimes unreliable, but those days are long gone. Now, the need to wait until you’re certain that an update won’t break critical applications is unnecessary in most cases. In those cases where it is, it’s time to start paying for updates for those applications or find a new solution.

      The reason is that the price for failure to update is so high it can cost you your company, or at the very least it can cost millions of dollars in lawsuits and more millions in reduced valuation. Failure to implement timely updates should be something that your board will demand accountability for. But worse than that, it will be something that your customers will demand to hold you accountable for.

      Equifax has already sustained a sharp drop in its stock valuation and it’s possible that at least three of its executives will face charges for violating securities regulations for selling stock before the company publicly disclosed the breach. The company is also going to have to provide free credit monitoring for everyone in the United States.

      Worse, Equifax already has one class-action suit that’s been filed in Oregon, more are certain to be filed and the company stands to lose millions. Adding to the problems that Equifax is facing is the company’s poor record of managing its own security. A series of breaches stretching back years demonstrates that the company does not take security seriously. Furthermore the actions of some of its executives will lend credence to the belief that all that really to Equifax management is personal enrichment.

      Considering that Equifax has presented itself as a trusted service for private consumer data only makes it worse. “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said Equifax CEO Richard F. Smith in the breach announcement. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations,” he stated in the announcement.

      “I’ve told our entire team that our goal can’t be simply to fix the problem and move on,” Smith said. “Confronting cyber-security risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”

      This is a positive sign, but in reality, considering the series of breaches that Equifax has experienced over the year, one must ask why didn’t Equifax take the danger of cyber-attacks seriously before the personal information of 143 million people was breached?

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×