What Went Wrong: Equifax Security Breach
It's often said in the world of cyber threat intelligence: your response directly after a major data breach is as important as your preparation to avoid one. Minimizing damage, correctly identifying the issue as early as possible, and communicating effectively both with your team as well as the general public are sure-fire ways for a company to get on the right path in the early stages of a crisis. Here's a brief synopsis of what went wrong during the recent Equifax breach.
Equifax is a major consumer credit agency founded in 1899. They handle the records of tens of millions of Americans. What we know about the breach at this point comes mainly from Equifax, but the FTC (Federal Trade Commission) has relayed this information with some confidence. The numbers are stunning:
- From mid-May thru July of 2017, hackers had access to Equifax information.
- 209,000 people are believed to have credit card numbers stolen directly, with 182,000 people believed to have personal information (including identification documents) stolen.
- Customer information was vulnerable in the United States, Canada and the U.K.
- 143 million customer's personal information was exposed because of the breach. Although, the exact extent of impact to the victims is difficult to pinpoint.
Beyond the basic facts, the response of Equifax has been questioned by both customers and those in the cyber threat intelligence community. For starters, Equifax knew about the breach on July 29th, but did not make that information publicly available until a full month after. This is extremely valuable time in which consumers and other agencies could have been taking steps to secure themselves. If nothing else, the lack of communication caused other at-risk companies to possibly fall prey to a similar gambit in this time period.
In a response from the market, Equifax has seen its stock price drop 20 percent since the announcement. The manner in which the company finally began working with customers was hardly seen as user-friendly; credit monitoring services offered by Equifax involved the signing of a liability waiver, and questions were raised about the very security of the monitoring site itself.
Equifax is hardly the first company to suffer a major data breach. Unfortunately, it's become too commonplace. But the response to mitigate damages once again highlights the critical nature of cybersecurity awareness and cyber threat intelligence as main components of any modern business, from prevention to response.
Thanks for contacting NC4! A member of our team will be in touch with you shortly.