On September 7th, Equifax announced that one of its web applications had a vulnerability that exposed the records of approximately 143 million American consumers from a period of mid-May through July 2017. The exposed information included extremely sensitive personally identifiable information (PII) such as “Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.” Also, “credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”
What is extremely surprising is not their first major breach; it happened before to Experian just 2 years ago in 2015 when a data breach exposed over 15 million consumer records of T-Mobile customers over the period of over 2 years. (https://krebsonsecurity.com/2015/10/experian-breach-affects-15-million-consumers/) Obviously, the lessons learned to address vulnerabilities and protect customer information from this data breach was not enough to prevent it from happening again. The Equifax breach reportedly occurred due to the legacy web application software that still contained known vulnerabilities.
The most important take-away here is that no organization can protect all their data 100% of the time, no matter how big and well funded, and no matter how well they have secured their internal servers and web applications. No one can assume their systems are “immune” to cyber-security threats because of he work they have done to educate their employees and protect their systems.
Organizations MUST be proactive about quickly identifying irregular traffic, confirming data breaches, and quickly halting the breach to limit exposure and damages. Just as important, adequate auditing information must be quickly accessible, and maintained to keep record of exactly what information was accessed and for how long. Customers must then be quickly notified of the incident’s scope and their exposure. Often times, a poor response to a cybersecurity incident can be just as damaging to the reputation than the incident itself. Many have been critical of the slowness to report this incident and provide adequate response to the customers.
GlobalCerts can help protect your organization from similar breaches through email. Our sophisticated Anti-Spam/Anti-Virus filters can work to detect “phishing” emails, an extremely common way for attackers to gain access to internal systems by manipulating internal users to provide access information directly, or install viruses that give the attacker an open door into the organization’s systems. Additionally, our advanced data-leak prevention allows administrators to detect private information escaping via emails, whether by the employees themselves, or via a malicious program. Contact sales today toll free at (855) 614-2378 or firstname.lastname@example.org to learn more.
Gutzmer, I. Equifax (2017, September 7). Cybersecurity Incident & Important Consumer Information. Retrieved from https://www.equifaxsecurity2017.com/
Mathews, L. (2017, September 7). Equifax Data Breach Impacts 143 Million Americans. Retrieved from https://www.forbes.com/sites/leemathews/2017/09/07/equifax-data-breach-impacts-143-million-americans/#101b714356f8
Krebs, B. (2015, October 2). Experian Breach Affects 15 Million Consumers. https://krebsonsecurity.com/2015/10/experian-breach-affects-15-million-consumers/