Many experts note that this Equifax breach could represent a turning point in how institutions handle personal data. 'When your social media profile is tweeting out a phishing link, that's bad news bears.' -Michael Borohovski, Tinfoil Security "You’d think a company like that, guarding what they’re guarding, would have a heightened sense of awareness and that clearly was not the case." "Equifax sits on the crown jewels of what we consider personally identifying information," says Jason Glassberg, cofounder of the corporate security and penetration testing firm Casaba Security. Other anecdotes-like the digital platform used by Equifax employees in Argentina that was guarded by the credentials "admin, admin"-simply expand this picture. This inadequate effort hints at the truly haphazard nature of Equifax's operation. But the company also acknowledged that it knew about the patch when it was first released, and had actually attempted to apply it to all its systems. The fact that attackers got into Equifax's systems through a known vulnerability with a patch available galls security analysts. During that time, the company could have conceivably planned and executed a much more robust and reassuring resource for wary consumers.Īnd the more recent mistakes join a list of other revelations that Equifax had a disorganized approach to security, and a naiveté about the possibility of a breach. The site also seemed slapdash, even though Equifax says it learned about the mega-breach at the end of July, and took roughly six weeks to disclose it. All the while, Equifax asked people to trust the security of the site, and to submit the last six digits of their Social Security number as a way of checking whether their information had been potentially compromised in the breach. Observers quickly found bugs, some of them serious, in that breach-response site. Three weeks since the company first publicly disclosed the situation, a steady stream of gaffes and revelations paint a picture of Equifax's deeply lacking response to catastrophe.Įquifax's bungles kicked off quite literally on day one, when the company directed potential victims to a separate domain-instead of simply building pages to handle the breach off of its main, trusted website,. But, incredibly, the mistakes and the superlatives don’t end there. The breach of the credit monitoring firm Equifax, which exposed extensive personal data for 143 million people, is the worst corporate data breach to date.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |