Equifax Research Paper
Equifax commonly known as EFX is one of the three biggest consumer retail credit reporting companies in the world, the remaining two being Experian and Transunion, commonly known as the “Big Three”. Equifax was established in 1890, with its headquarters based in Atlanta, Georgia. The annual revenue income being about 3.14 billion US dollars and about 9500 employees working globally. Aside from offering credit and demographic related data, services to business, Equifax also sells credit monitoring and fraud-prevention services directly to consumers. (Haselton, T. 2017, September 8).
However, the Equifax company has been in news lately mainly of the major cybersecurity breach incident, which lead to exposure of about 143 billion members personal …show more content…
data to be exposed to hackers including their full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers. Equifax also confirmed at least 209,000 consumers credit card credentials were taken in the attack. (Haselton, T. 2017, September 8).
According to sources from cybersecurity arm of the U.S.
Department of Homeland Security, they identified and discovered a flaw in a tool known as the “apache struts”, by which many large businesses and government organizations including Equifax use it to support its online dispute portal or any log issues with their credit reports. The flaw allowed hackers to take control of the Equifax website. The vulnerability is caused by how Apache Struts deserializes untrusted data. An attacker can use the vulnerability to find the credentials, connect to the database server, and extract all data or even delete the data.( Brewster, T.F. 2017, September …show more content…
11).
If the server contains customer or user data it's not hard at all to collect that data and transfer it to somewhere else. The attacker can also use the server as an entry point to other areas of the network, effectively bypassing the corporate firewall and gaining access to other shielded-off areas of the company. A patch for the vulnerability was released March 7, 2017 yet the company failed to apply the security updates before the attack. Equifax company was still using Old IT systems, out of date JAVA softwares at the time of the cybersecurity breach which ultimately created a loophole for the hackers. ( Brewster, T.F. 2017, September 11).
To protect yourself from the aftermath of Equifax security breach, cybersecurity researchers advised consumers to request a credit freeze to reduce the impact of the breach.
A credit freeze will lock consumers credit files so that only companies which already do business with them will have access to them. However your first step should be to establish fraud alerts. This will alert you if someone tries to apply for credit in your name. It’s also wise to set up fraud alerts for credit and debit cards. (Dobrygowski, D. & Bohmayr,W. 2017, September 20).
Regular monitoring of your credit report will help you identify any suspicious activity and because the Equifax breach will have long-term consequences, it’s a good idea to start checking your report as part of your regular financial routines for the next few years. Consumers need to be extra vigilant when they get cold-called or receive emails pertaining to being related to this Equifax security breach. If someone is asking for your personal information, do not give it. Also changing your login details and passwords regularly helps you to increase digital security. (Forno, R. 2017, September
22).
Several Congressmen even raised the question how can the CEO of such huge massive organization neglect the issues of customer complaints and cybersecurity issues not only dated since early March 2017 of this year, but some issues were even dated 4 years back when a deep investigation by Mandiant company was made, but were masked by internal legal compliance. Apparently as a consequence of the breach, Equifax company gave a statement that their present CEO Richard Smith and Chief information officer were soon to be “retiring”.
However, the Equifax company has been in news lately mainly of the major cybersecurity breach incident, which lead to exposure of about 143 billion members personal …show more content…
data to be exposed to hackers including their full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers. Equifax also confirmed at least 209,000 consumers credit card credentials were taken in the attack. (Haselton, T. 2017, September 8).
According to sources from cybersecurity arm of the U.S.
Department of Homeland Security, they identified and discovered a flaw in a tool known as the “apache struts”, by which many large businesses and government organizations including Equifax use it to support its online dispute portal or any log issues with their credit reports. The flaw allowed hackers to take control of the Equifax website. The vulnerability is caused by how Apache Struts deserializes untrusted data. An attacker can use the vulnerability to find the credentials, connect to the database server, and extract all data or even delete the data.( Brewster, T.F. 2017, September …show more content…
11).
If the server contains customer or user data it's not hard at all to collect that data and transfer it to somewhere else. The attacker can also use the server as an entry point to other areas of the network, effectively bypassing the corporate firewall and gaining access to other shielded-off areas of the company. A patch for the vulnerability was released March 7, 2017 yet the company failed to apply the security updates before the attack. Equifax company was still using Old IT systems, out of date JAVA softwares at the time of the cybersecurity breach which ultimately created a loophole for the hackers. ( Brewster, T.F. 2017, September 11).
To protect yourself from the aftermath of Equifax security breach, cybersecurity researchers advised consumers to request a credit freeze to reduce the impact of the breach.
A credit freeze will lock consumers credit files so that only companies which already do business with them will have access to them. However your first step should be to establish fraud alerts. This will alert you if someone tries to apply for credit in your name. It’s also wise to set up fraud alerts for credit and debit cards. (Dobrygowski, D. & Bohmayr,W. 2017, September 20).
Regular monitoring of your credit report will help you identify any suspicious activity and because the Equifax breach will have long-term consequences, it’s a good idea to start checking your report as part of your regular financial routines for the next few years. Consumers need to be extra vigilant when they get cold-called or receive emails pertaining to being related to this Equifax security breach. If someone is asking for your personal information, do not give it. Also changing your login details and passwords regularly helps you to increase digital security. (Forno, R. 2017, September
22).
Several Congressmen even raised the question how can the CEO of such huge massive organization neglect the issues of customer complaints and cybersecurity issues not only dated since early March 2017 of this year, but some issues were even dated 4 years back when a deep investigation by Mandiant company was made, but were masked by internal legal compliance. Apparently as a consequence of the breach, Equifax company gave a statement that their present CEO Richard Smith and Chief information officer were soon to be “retiring”.