Difference between revisions of "Equifax Data Breach"
| Line 10: | Line 10: | ||
|Description=In 2017 one of United States’ largest credit reporting agencies was hacked and trade secrets and the personal data of about 145 million Americans were stolen. | |Description=In 2017 one of United States’ largest credit reporting agencies was hacked and trade secrets and the personal data of about 145 million Americans were stolen. | ||
| − | In 2020 members of China’s People’s Liberation Army were charged for this unauthorised access to the names, birth dates and | + | In 2020 members of China’s People’s Liberation Army were charged for this unauthorised access to the names, birth dates and Social Security numbers of almost half of all Americans. This is an example of [[Insecurity]]. |
According to the media, this became possible due to a vulnerability in Apache Struts software, which Equifax used. Equifax’s security team didn’t employ the patch, that was offered by Apache to prevent breaches after thy disclosed the vulnerability. This left the drawbridge in Equifax system and allowed attackers to gain access to Equifax’s web servers and to get hold of employee credentials. | According to the media, this became possible due to a vulnerability in Apache Struts software, which Equifax used. Equifax’s security team didn’t employ the patch, that was offered by Apache to prevent breaches after thy disclosed the vulnerability. This left the drawbridge in Equifax system and allowed attackers to gain access to Equifax’s web servers and to get hold of employee credentials. | ||
Revision as of 15:38, 5 May 2020
| Equifax Data Breach | |
|---|---|
| Short Title | Credit Reporting Agency Equifax Was Hacked |
| Location | United States |
| Date | 2017 |
| Solove Harm | Aggregation, Insecurity |
| Information | Identifying, Medical and health, Authenticating, Demographic, Credit |
| Threat Actors | Equifax Inc., China’s People’s Liberation Army |
| Individuals | |
| Affected | American citizens |
| High Risk Groups | |
| Tangible Harms | |
One of the United States’ largest consumer credit reporting agencies was hacked and trade secrets and the personal data of about 145 million Americans were stolen.
Description
In 2017 one of United States’ largest credit reporting agencies was hacked and trade secrets and the personal data of about 145 million Americans were stolen.
In 2020 members of China’s People’s Liberation Army were charged for this unauthorised access to the names, birth dates and Social Security numbers of almost half of all Americans. This is an example of Insecurity.
According to the media, this became possible due to a vulnerability in Apache Struts software, which Equifax used. Equifax’s security team didn’t employ the patch, that was offered by Apache to prevent breaches after thy disclosed the vulnerability. This left the drawbridge in Equifax system and allowed attackers to gain access to Equifax’s web servers and to get hold of employee credentials.
In 2019 there was a class-action lawsuit against Equifax, where one of the allegations was storage personal information in plain text instead of encrypting it. The suit also stated that Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes.
Another issue about Equifax is Aggregation. It collects and stores big volumes of different categories of personal information about individuals. Given the volume and granularity of the data, the attackers could access not only the information that was in the data bases (names, birth dates, social security numbers), but reveal such information as medical or financial records.
Laws and Regulations
Sources
https://www.nytimes.com/2020/02/10/opinion/equifax-breach-china-hacking.html
https://www.nytimes.com/2020/02/10/us/politics/equifax-hack-china.html
https://www.wired.com/1995/09/equifax/