Equifax Cyber Security Breach

Equifax is a credit-reporting company that track and rates the financial history of consumers. It gives the data regarding credit loans, payments, rental history, employer history and different addresses to the companies as requested to determine the financial statuses of the consumers. This company, founded in 1899 and is located in Atlanta, Georgia and is one among the other credit-reporting giants such as Experian and TransUnion. Equifax operates in 14 countries and have around 3.6 billion revenue. By end of year 19 hundreds Equifax was one of the largest credit bureaus, many industries such as insurance, banking and lenders use the reporting services provided by Equifax.

Reporting details consists of individual payment history and revolving credit details ext.

In addition to this Equifax is obligated to provide one free credit report to consumers every year. Being a such large company who deals mainly with sensitive consumer data, hacker is always trying to hack in to a company’s data which is very valuable. As a result, Equifax was subjected to many consumer complaints to the Consumer Financial Protection Bureau.

Equifax also faces multiple data breeches but largest breach they had ever seen happened on September 2017.

On September 2017 Equifax announced a security breach which had compromised 143 million United States consumers, compromised data includes personal information such as costumer date of births, social security numbers and address and credit card details. This is a big disaster for the company, using the data hackers can impersonate different financial institutions, some of the ways hackers use this data is like creating new bank account on the name of the stolen social security number and use the for illegal money exchange or get money from that account by applying loans, take over the existing account of the individual linked to the social security number and do transaction or purchases victim will not find about this fraud until they try to pay bill and look in to these transactions which will also spoils there credit history.

Get quality help now
WriterBelle
Verified

Proficient in: Computer Security

4.7 (657)

“ Really polite, and a great writer! Task done as described and better, responded to all my questions promptly too! ”

+84 relevant experts are online
Hire writer

One of the common fraud that results due to consumer data breaches such as social security is a hiker filing tax refund impersonating IRS. Other than the above threats this also creates issues with other security protocols such as multifilter authentications, by gaining detailed like consumer date of birth and social security number and phone number hackers can bypass the security authentication of other industries like banks and insurance company and individual email accounts. As an example, let’s take Gmail by hacking in to Gmail hackers can get access to individual calendar details and there personal and business conversations, in recent days email id are also used by banks and financial institutions like Zillow for money transfers, by using compromised details like phone numbers hackers can crack the two factor authentications and gain access to individuals email accounts.

September 2017 breach hackers managed to exploit week security layers of the Equifax website to compromise data. Most experts says security mistake by Equifax is happened due to multiply reasons such as major shift in IT and usage of software, where costumers demanding fast and frictionless transfer of data between industries who Equifax provide data and decentralizing data which bought it on security challenges like secure access of data from different locations. During the time of the breach Equifax just upgraded their legacy system which is running on old technology like mainframe to modern software, during this upgrade Equifax rushed in to bring the new system live without doing quality security checks. One of the web server software Apache used by Equifax have a vulnerability that had be patched by Apache in there next version, but Equifax failed to upgrade and fix the patch before the breach happens, in addition to this Equifax breach involved an IT systems administrator using an insecure password that did not comply with best practices, or even Equifax’s own policies.

Due to all the above factors, experts believe data form the Equifax as unreliable at least this breach effect is going to last four coming couple of years. Because the stolen data is such key part in commercial security Equifax took some step to prevent more damages to consumers whose data had been compromised. Equifax suggested consumers whose data is compromised to perform a credit freeze which prevents hackers to do unlawful transaction and stop agency like auto loaner and banks to lend money to fraud accounts, Equifax advised consumers to do a credit freeze through phone other than using their compromised web site.

Equifax created a website to help consumers determine whether their data was at risk. But again flaw in this is Equifax ask consumer to provide there last four digit of social security number and there first name and last name and not let consumer know whether the data is compromised instead the site provides an enrollment date for its protection service, and it may not start for several days This protection service was provided to consumer free for twelve months. Past bargaining the individual information of a huge number of purchasers, the break likewise represents a potential national security risk. As of late, Chinese country, state programmers have broken back up plans like Anthem and government offices, siphoning point by point individual and medicinal data. These programmers go wide in their ambushes with an end goal to construct databases of Americans’ own data, which can be utilized for extortion or future assaults. Cyber security risk policies

From our experience, we know that any system can be breached it means a breach is inevitable. By keeping this in mind lets some of the steps and policies to try preventing a breach. Integrate cyber security in to your web design and any data related transactions while implementing this find the correct balance between cost of implementation and security.IT and software development is continuously evolving, so security officers need to continuously scan system for new vulnerability’s. To avoid losing of valuable data daily backups of systems needs to be taken and stored in an off-site, restoration of backup data need to be practiced to be prepared for any such event.

Most of the cyber attacks are done with the help of an insider to avoid it background checks for staff need to be conducted before recruiting them to the team and all staff member need to well train to follow all security protocols. Guarantee an extensive, top-down-base up episode reaction plan and handbook for staff is set up, avant-garde and tried routinely. Do mockup system penetration at least 2 times per year to find if there are any new vulnerability’s in the system. Security architects need to have good control on where and who are allowed to access sensitive data. By considering all the above factors, let’s look in to policy that we need to follow if a breach had happened. Damage need to be fully analyzed, decide the effect on basic business capacities.

This profound examination will enable the organization to distinguish the aggressor, find obscure security vulnerabilities, and figure out what upgrades should be made to the organization’s computers and software systems. Notify those affected, On the off chance that a breach puts a person’s data in danger, they should be advised. This speedy reaction can assist them with taking quick strides to secure themselves. Notwithstanding, if law implementation is included, they should coordinate the organization to regardless of whether the notice ought to be deferred to ensure that the examination isn’t bargained. The people are normally advised by means of a letter, telephone, email, or face to face. To stay away from further unapproved revelation, the notice ought to exclude pointless individual data.

Learn from the breach, cybersecurity ruptures are turning into a way of life, it is vital to creating hierarchical procedures to gain from ruptures. This empowers better episode taking care of, should an organization be affected by a rupture later on. Some learning issues incorporate Document all mistakes, Assess how the mistakes could have been avoided, Ensure training programs incorporate lessons learnt. Attempt to limit additional damage, we should take steps to keep an attack from spreading. Some preventative strategies include Re-routing network traffic, Filtering or blocking traffic, Isolating all or parts of the compromised network. Record the details, security team should keep a written log of what actions were taken to respond to the breach.

The information that should be collected include Affected systems, Compromised accounts, Disrupted services, Data and network affected by the incident, Amount and type of damage done to the systems. Engage law enforcement , breach should always be reported to law enforcement. The law enforcement agencies that should be contacted are the Federal Bureau of Investigation, U.S. Secret Service, U.S. Immigration and Customs Enforcement, District Attorney, State and Local law enforcement. Companies wait until after a security breach before contacting law enforcement, but ideally the response team should meet with law enforcement before an incident occurs.

Cite this page

Equifax Cyber Security Breach. (2022, Apr 25). Retrieved from https://paperap.com/equifax-cyber-security-breach/

Let’s chat?  We're online 24/7