Overview of the Equifax Data Breach
One of the latest cyber mayhems that have occurred in the year 2017 has been the data breach at Equifax that exposed almost 143 million of sensitive and personal information of the consumers. This has been one of the major cyber data breach incidences that has affected millions of consumers making Equifax identify the theft of almost 145.5 million USD (Zou et al, 2018).
The massive data breach that have occurred at Equifax has reached the identity of millions of people since Equifax has been the country’s largest credit reporting companies. The following report perfectly describes the overview of the Equifax data breach describing what exactly happened and what the damage was. Furthermore it will discuss in details about the threat, the vulnerabilities, the control of the vulnerability, the sale in controlling the vulnerability and the lessons learned to help prevent these kinds of attacks in the future.
On 7 September 2017 Equifax has announced that due to an incident with the cyber security there has been an authorized access of the data stored in the organization from mid-May through July 2017(Wilt, 2018). However the breach was first not realized and it was discovered on 29th of July. The data breach has claimed almost millions of Personal Identity Information or PII that has the ability to access various individual data consisting intricate details about the consumers of the organization. The compromised data that have been accessed included names of the customers, their social security numbers, birthday addresses and driver license number in some cases(Moss & Deni, 2018). The company decided to go to the media for assessing the detail data breach with the press release. They had identified that website application was exploited by some malicious attackers who wanted to gain access to some particular files. Although there has still not been any evidence of the unauthorized activities, there has been data exploitations in the commercial credit reporting databases (Yao, 2018). It is been issued by the company that Equifax is on the way of assessing and providing recommendations to the consumers on how their data can be kept safe from these attackers on their own. Although the company had lost a lot of reputation due to this data breach attack.
The attack that took place in the organization of Equifax resulted in claiming the confidential an intricate data of many customers and Consumers of the organization. All these customers were looking for a solution with Equifax for keeping a track on their credit scores and monitoring any kind of credit activities(Nicholson, 2018). There can be various numbers of risks and threats that might be associated with these kinds of attacks. First and foremost the organization’s reputation comes at stake. The current and the potential customers for Equifax would not be able to trust the company with their confidential data again.
Threat and Vulnerability
On the other hand it might be the case that medical who accessed the unauthorized data of the customers can make illegal use of them in fulfilling their own needs(Janakiraman, Lim &Rishika, 2018). In the way by which the name and other personal contact details as well as the social security numbers have been exposed to the malicious attackers, there can be number of cases related to identity theft and monetary theft from the end of an individual.
According to reports not this the fault of the attackers have reported in such a huge data breach but the organization of Equifax was also at fault given the vulnerabilities they had in the contacts of data security measures of a business organization. The identified issue in this regard was due to the organization’s old availability that many cyber experts believe could have been taken care of. The confusing concept of zero day was applied to Equifax making the organization be confused about accounting a vulnerability. Putting it in a simple way it can also be stated that there had been vulnerabilities in the security systems of Equifax but there was no information about it to the higher authorities or anyone in the company(Zou & Schaub, 2018). Generally, if a company has zero days with no system to catch it on it can contact zero-day brokers who can buy and sell the vulnerabilities and help in removing them from the organization. In addition, the open source software used by Equifax used to work publicly by a community of programmers. This is also created the Apache Struts vulnerability in the organization making the attackers be exposed to the confidential data of the consumers of Equifax.
During the time of the attack that have been no control in the said vulnerabilities for the organization. On the other hand the security vulnerabilities when not taken care of, therefore zero-day day was available at all the time in the organization making it open to any kind of attacks. Reports say that the Equifax data threat is no excuse of taking place on the first place. This is because the company defending the personal data of over 143 million people has only negligence written all over the attack (Karunakaran et al., 2018). The fault with the software that has been identified to cause the attack also has the potential to be removed easily. The Apache Struts platforms that Equifax used vegetable to a bug that exploited the software used in Equifax and made the customer data exposed to the attackers.
Control of Vulnerability and Lessons Learned
Much before the attack, far back in March 2017 when the vulnerability was disclosed to Equifax there was simply instructed to remedy the situation(Gressin, 2017). However, such advice needs to be promptly followed in case of organizations like Equifax handling such huge amount of customer data. Equifax had failed to follow the problems with the bug and subsequently the attack in May followed. Had this advice followed to debug the Apache Struts software, the attackers could not easily penetrate the software system of equal facts and make good use of the vulnerable data available.
The Apache Struts bug had not been hard for the attackers to get their hands on the customer data through the servers and network of Equifax (Robbins &Sechooler, 2018). The entire time required for this attack had been shivering with that occur since Equifax had no information that not removing the Apache Struts bug would result in such malicious and heinous act. The best practices in the security does dictate that the users have little privilege then the privilege they have on the server.
The data breach at Equifax had outline that the hackers and the malicious attackers would only look for a single vulnerability they would find in an organization to infiltrate there malicious works even if the vulnerabilities are patched. A vulnerability found in the security system of an organization should be immediately taken care of by removing them completely from the system. Patching is not at all an option since the vulnerability still remains and the attackers can still make use of the littlest loopholes they can find and make use of it to carry on their malicious attacks (Solove & Citron, 2017).
Therefore it is required that an organization continuously keeps on identifying the weaknesses with proper monitoring and reporting of the business processes used in the organization, especially the ones that are used for handling the security threats. Any kind of vulnerability that retains in a business regarding the security of the organization needs to be killed at the very instant (Muzatko& Bansal, 2018). On the other hand the ignorance of the organization in identifying the Apache Struts bug in their software system also played an important role. Therefore it needs to be realize that lack of knowledge regarding the organization to every member of the workforce is also highly harmful for any organization regarding its security system.
Conclusion
Thus, the report can be concluded by saying that the data breach that had occurred at Equifax could have easily been mitigated if the identified vulnerabilities were removed from the software system used by the company. Negligence and ignorance has been the primary issue regarding this data breach attack. This is been identified thorough a review of the entire incident about the massive data breach at Equifax. This incident has breached the identity of millions of people, since Equifax has been the country’s largest credit reporting companies. The following report describes the overview of the Equifax data breach describing what exactly happened and what the damage was. Furthermore, it discussed in details about the threat, the vulnerabilities, the control of the vulnerability, the sale in controlling the vulnerability and the lessons learned to help prevent these kinds of attacks in the future.Therefore the security vulnerability of the organization of Equifax is realized and this incident also puts forward the problems that can be faced by an organization if vulnerabilities are not removed from organizations. The company becomes an easy target to the malicious attackers and this can put the reputation of the organization at stake as well as the intricate data of customers at high risk.
References
Janakiraman, R., Lim, J. H., &Rishika, R. (2018). The Effect of a Data Breach Announcement on Customer Behavior: Evidence from a Multichannel Retailer. Journal of Marketing, 82(2), 85-105.
Muzatko, S., & Bansal, G. (2018). Timing of Data Breach Announcement and E-Commerce Trust.
Robbins, J. M., &Sechooler, A. M. (2018). ONCE MORE UNTO THE BREACH: WHAT THE EQUIFAX AND UBER DATA BREACHES REVEAL ABOUT THE INTERSECTION OF INFORMATION SECURITY AND THE ENFORECEMENT OF SECURITIES LAWS. Criminal Justice, 33(1), 4-7.
Nicholson, L. (2018). Does the Equifax Inc breach have implications for Australian companies?. Governance Directions, 70(3), 134.
Gressin, S. (2017). The Equifax data breach: What to do. Federal Trade Commission, Washington, DC.
Solove, D. J., & Citron, D. K. (2017). Risk and Anxiety: A Theory of Data-Breach Harms. Tex. L. Rev., 96, 737.
Wilt, J. (2018). Cancelled Credit Cards: Substantial Risk of Future Injury as a Basis for Standing in Data Breach Cases. SMU Law Review, 71(2), 615.
Moss, A., & Deni, J. (2018). A User’s Guide to Data Breach Insurance Coverage. Risk Management, 65(3), 48-51.
Karunakaran, S., Thomas, K., Bursztein, E., &Comanescu, O. (2018, August). Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data. In Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018) (pp. 217-234). USENIX} Association}.
Zou, Y., & Schaub, F. (2018, April). Concern But No Action: Consumers’ Reactions to the Equifax Data Breach. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems (p. LBW506). ACM.
Yao, D. D. (2018, June). Data Breach and Multiple Points to Stop It. In Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies (pp. 1-1). ACM.
Zou, Y., Mhaidli, A. H., McCall, A., & Schaub, F. (2018, August). “I’ve Got Nothing to Lose”: Consumers’ Risk Perceptions and Protective Actions after the Equifax Data Breach. In Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018). USENIX} Association.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
