By now, you’ve probably heard about the data breach at Equifax, which exposed a lot of personal information of its 143 million customers in the USA, as well as in other countries such as the UK and Canada.
I’ve been in the business of Internet marketing and am very much aware of this fast-growing cyber problem and its huge negative impact on people’s enterprises and lives. I believe it’s high time you and I take a closer look at it and find out the ways how you can defend yourself with a series of blog posts about the subject. I’ll begin with Equifax’s story.
When Did It Start?
Equifax, one of the three credit bureaus in the United States and which also offers a credit monitoring service, formally announced the security breach on September 7, 2017. However, the actual hacking happened way earlier than that. In fact, it occurred over a two-month period between the middle of May to July 29, 2017.
That’s the bigger hack. A few days after the announcement, Bloomberg released a report, saying an Equifax intrusion happened as early as March the same year (though the company said both are not related).
Who Are Exposed?
With more than a billion compromised accounts, Yahoo still holds the record with the most number of exposed accounts in history. Equifax, on the other hand, exposed 143 million customers in the US alone.
But Equifax hackers gained access to some of the most important and critical types of information. Besides personal names, they also obtained Social Security numbers, addresses, and driver’s license numbers. More than 209,000 members had their credit card numbers stolen while hackers also gained access to dispute document data of over 180,000 people.
So How Did It Happen?
CNN pointed out to a major flaw of an open-source program called Apache Struts. The way it’s designed, it makes developers easy to customize web applications using it, which makes it very attractive for businesses that want to provide a more enriched user experience. Equifax, for one, used it to create its dispute portal for those who have questions or complaints about their credit report information.
One of the biggest downsides of being open source is its susceptibility to vulnerabilities, and these security issues have been detected multiple times. Meanwhile, Bloomberg published an article (which is the most telling of all we’ve read so far about the attack but should be read with caution) that outlined how hackers learned of the software’s vulnerability.
What Did the Company Do?
Equifax learned of the security flaw as early as March after US-CERT of the Department of Homeland Security discovered it. The security team of the company claimed they made efforts to not only identify but, most importantly, patch it – that is, fix or correct the bug. Obviously, it wasn’t enough because a few months later, they learned about the intrusions.
Equifax is rectifying the problem and working closely with Mandiant, a security consulting company, to help investigate this attack.
If you wish to know if your information is one of those exposed, you can go to http://www.equifaxsecurity2017.com/.
Hang on to my future posts to learn the steps you can take to minimize your business risks.