A Thing
The Green SheetGreen Sheet

Friday, September 8, 2017

Second Equifax hack puts millions in harm's way

Credit-reporting company Equifax Inc. revealed Sept. 7, 2017, that a breach of its systems compromised the personal information of up to 143 million U.S. consumers, potentially exposing them to identity theft and other forms of fraud. In addition, a number of Canadian and U.K. residents were also affected. Rick Smith, Equifax Chairman and Chief Executive Officer, said forensic investigators estimated the unauthorized access to the company's servers occurred within the mid-May to July 2017 timeframe.

Security analysts believe the new cyberattack exposed millions of Social Security numbers, birth dates, addresses and driver's license numbers to the black market. Second in size only to the 2016 pair of breeches affecting 1.5 billion Yahoo customers, this attack is the second reported assault on Equifax in recent years: a 2013 breach of the company involved 209,000 consumer records.

Public outrage over this new intrusion, additionally fueled by reports of senior executives dumping shares of stock before the incident was reported, has prompted legal actions. A class-action lawsuit against Equifax, filed Sept. 7, 2017, in Portland, Ore., alleges the company failed to implement technical safeguards that could have prevented the attack. Bloomberg reported that plaintiffs Mary McHill and Brook Reinhard are seeking $70 billion in damages to be distributed nationally.

Mixed messages

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," Smith stated. "I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations."

Perhaps the company could begin with an internal investigation of its senior executives. CNN journalist Paul R. La Monica reported that three Equifax executives sold shares in the company worth nearly $2 million directly after the security breach was discovered ‒ and before it became public knowledge. On Sept. 1, one week before Equifax reported the incident, the company's Chief Financial Officer John Gamble sold approximately $950,000 worth of securities, and President of U.S. Information Solutions Joseph Loughran sold shares worth about $685,000. The following day, Rodolfo Ploder, President of Workforce Solutions, sold slightly more than $250,000 worth of securities.

Dynamic strategies needed

La Monica additionally noted that Wall Street downgraded Equifax stock, which sent share prices falling about 13 percent on Fri., Sept. 8. "The credit-reporting giant is one of three firms, including TransUnion and Experian, that monitor the financial health of consumers and supply data to potential borrowers to help them decide whether someone should get a loan," he wrote. "That's why the Equifax hack is arguably scarier and more wide-reaching than other big data breaches over the past few years, such as the ones that happened at Target, Home Depot, Wendy's and, ironically enough, to the CEO of identity theft protection firm LifeLock."

Timothy Crosby, Senior Security Consultant at Spohn Security Solutions, added, "No company, large or small, is immune to being a target; this Equifax saga makes it even more apparent that cybersecurity teams must remain vigilant to detect and prevent attacks before they happen." Crosby said dynamic security risk assessments can help organizations identify vulnerabilities and protect against new attack vectors in the rapidly changing cybercriminal landscape. He also recommended monitoring for aberrant and unexpected behavior, such as accounts being used at odd hours, multiple locations or while accountholders are on vacation. "Businesses should employ a host of protection programs that notify personnel when a threat exists, such as security information and event management (SIEM) systems that automatically aggregate events and alerts based on anomalous activity," he said. end of article

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing