Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsEquifax Was Aware of Cybersecurity Weaknesses for Years, Senate Report Says
https://www.securityweek.com/equifax-was-aware-cybersecurity-weaknesses-years-senate-report-saysThe massive Equifax data breach that impacted 148 million Americans in 2017 was the result of years of poor cybersecurity practices, a new Staff Report from the United States Senates Permanent Subcommittee on Investigations reveals.
The U.S. credit reporting agency announced in September 2017 that it fell victim to a data breach that was later confirmed to have been the result of successful exploitation of a publicly disclosed Apache Struts vulnerability that the company had been warned about but failed to properly patch.
The attack on Equifax started in May, but was only detected in July, despite thousands of queries sent by threat actors to the companys databases during that time.
A December 2018 report from the House of Representatives Oversight and Government Reform Committee Republicans blasted the company for its poor security practices, and the new U.S. Senate report does that once again, while also providing some more details on Equifax failures regarding the incident.
According to the report (PDF), Equifax was aware of security weaknesses in its systems for two years, but failed to properly address them. The critical vulnerability that led to the data breach was patched only months after being publicly reported.
After implementing a Patch Management Policy in April 2015, the company conducted a full audit of its systems and discovered various deficiencies in its system controls, including a backlog of over 8,500 vulnerabilities with overdue patches, including more than 1,000 flaws in external-facing systems.
The U.S. credit reporting agency announced in September 2017 that it fell victim to a data breach that was later confirmed to have been the result of successful exploitation of a publicly disclosed Apache Struts vulnerability that the company had been warned about but failed to properly patch.
The attack on Equifax started in May, but was only detected in July, despite thousands of queries sent by threat actors to the companys databases during that time.
A December 2018 report from the House of Representatives Oversight and Government Reform Committee Republicans blasted the company for its poor security practices, and the new U.S. Senate report does that once again, while also providing some more details on Equifax failures regarding the incident.
According to the report (PDF), Equifax was aware of security weaknesses in its systems for two years, but failed to properly address them. The critical vulnerability that led to the data breach was patched only months after being publicly reported.
After implementing a Patch Management Policy in April 2015, the company conducted a full audit of its systems and discovered various deficiencies in its system controls, including a backlog of over 8,500 vulnerabilities with overdue patches, including more than 1,000 flaws in external-facing systems.
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
2 replies, 445 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (2)
ReplyReply to this post
2 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Equifax Was Aware of Cybersecurity Weaknesses for Years, Senate Report Says (Original Post)
CousinIT
Mar 2019
OP
AlexSFCA
(6,139 posts)1. it's part of business for them
to get customers pay for credit monitoring services.
customerserviceguy
(25,183 posts)2. Equifax is enabled
by all of the creditors who continue to use them, even though the bulk of the losses for fraud, re-issuance of new cards, etc. was borne by these creditors. Oh, yeah, they shift the costs off to us, but the weak-kneed cowards who run the big financial institutions could have put Equifax out of business in three months if they stopped paying them for credit report information.
We don't need three bureaus doing exactly the same thing, with one of them doing it extremely badly.