About a year ago this month, the Equifax credit rating agency announced that its systems had been breached, and the personal data of about 148 million users had potentially been compromised. In the first days and weeks following the attack, the company claimed minimal responsibility for the breach and refrained from acknowledging any suggestions that the intrusion could have been prevented with a stronger and more diligent approach to data security.
So far, Equifax has faced almost no repercussions and the company’s lack of accountability has been the subject of ongoing conversations and media reports. But this past Monday, the House Oversight Committee finally issued a report following a comprehensive investigation into the breach.
What's In the Report
The report amounts to a scathing rebuke of Equifax that lists and describes a host of corporate failings—most already public knowledge, but some offering new information as well. (Read more here).
The former CEO of Equifax, Richard Smith, faded into retirement immediately after the breach. Despite that, he is not spared from the criticisms outlined in the report. Some of the primary documented failings of the company include a failure to patch a well-recognized vulnerability in Apache Struts. Apache had issued a fix months prior to the breach).
- This allowed hackers to crack open the web shell on the server and gain access to sensitive data for over two months, and second, the passing of blame for the server vulnerability onto a single lower level IT staffer.
The company’s failings were many and egregious, but they can be summed up in a short statement: “Equifax failed to implement an adequate security program to protect sensitive data”, according to the report, and “the breach was entirely preventable.”
Equifax has drawn the ire of those directly impacted by its mistakes (148 million of them), of the general public, and of congressional leaders now charged with oversight. The lesson? Don’t follow this deeply bruised organization down the path of preventable opprobrium. Don’t be Equifax! Take the simple steps that Equifax failed to take and protect your data during every stage of storage, access, and transfer.
If you’re concerned about your data security infrastructure, we can help! Contact our team and we’ll discuss potential weaknesses in your system and how to strengthen them before small problems become data management disasters.