On July 22, 2019, Equifax agreed to a settlement with the Federal Trade Commission (FTC) to provide funds to affected individuals and alleviate any future issues regarding information security and their network. On September 28, Equifax implemented new policies that would allow consumers to have complete control over their personal credit data.Īfter Equifax disclosed the breach, lawsuits were filed by numerous consumers and class-action lawsuit firms. A data breach can be devastating to business operations and can result in financial ruin. Immediately following the announcement, their shares dropped by 13%. The result of the Equifax breach was mainly due to not maintaining and updating their systems and applications with the latest updates and security patches.Īfter further investigation, it was discovered that Equifax’s network contained improperly encrypted personally identifiable information and lack of breach detection protocols.Įquifax went public about the breach on September 7, 2017. The very next day Equifax shut down the hackers and patched the exploit. The system of scanning consumer records and extracting them went on for 76 days. The Equifax data breach went on until July 29, 2017, when the breach was discovered. The cybercriminals ran a search of more than 9000 consumer records and stored them in temporary files to extract them from the server. This allowed them to search credit reports and other consumer data under the guise of employees and authorized users. The first type of information that the cyberattacks targeted were the login credentials of Equifax employees. While security flaws may go unnoticed for some time, hackers monitor the release of important updates to software programs to determine what flaw has been patched and who has yet to update to the latest version. The cybercriminals used the newfound security flaw to gain access to Equifax’s internal servers. Equifax had not deployed the latest Apache Struts update as of that date. They urged IT managers to update immediately since the update patched a major security flaw within the Apache Struts framework.Īfter investigating the data breach, it was determined it started on May 12, 2017. Apache released a major update for the Struts program on March 7, 2017. In 2017, Equifax was using the open-source software Apache Struts to help employees and consumers manage credit disputes, which is a major key in their day-to-day business operations. It occurred between May and July 2017, due to a security exploit on the Equifax servers. Believe it or not, the Equifax data breach was even bigger than the Experian one.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |