Difference between revisions of "Equifax Data Breach"

One of the United States’ largest consumer credit reporting agencies was hacked and trade secrets and the personal data of about 145 million Americans were stolen.

Description

In 2017 one of United States’ largest credit reporting agencies was hacked and trade secrets and the personal data of about 145 million Americans were stolen.

In 2020 members of China’s People’s Liberation Army were charged for unauthorised access to the names, birth dates and Social Security numbers of almost half of all Americans. This is an example of Insecurity.

According to the media, this became possible due to a vulnerability in Apache Struts software, which Equifax used. Equifax’s security team didn’t employ the patch, even after Apache disclosed the vulnerability and offered a parch to prevent breaches. This left the drawbridge for attackers and allowed them to gain access to Equifax’s web servers and to get hold of employee credentials.

In 2019 there was a class-action lawsuit against Equifax, where one of the allegations was storage personal information in plain text instead of encrypting it. The suit also stated that Equifax employed the username ‘admin’ and the password ‘admin’ to protect a portal used to manage credit disputes.

Another issue about Equifax is Aggregation. It collects and stores big volumes of different categories of personal information about individuals. Given the volume and granularity of the data, the attackers could access not only the information that was in the data bases (names, birth dates, social security numbers), but reveal such information as medical or financial records.

Laws and Regulations

Sources

https://www.nytimes.com/2020/02/10/opinion/equifax-breach-china-hacking.html
https://www.nytimes.com/2020/02/10/us/politics/equifax-hack-china.html
https://www.wired.com/1995/09/equifax/