Executing good security is difficult but the consequence of bad security can cause more trouble. The credit-reporting agent Equifax have discovered how humbling such security breaches can be. Equifax has confirmed that hackers entered their systems in mid-may but the web application they entered had been vulnerable since March. The company had two months to make precautions against this patch but in not so allowed the breach of 143 million people’s person data. As one of the largest credit agencies in the US, the company’s database contained personal information containing full names, licence numbers, address, credit card details and social security numbers.
The security community has begun to doubt Equifax’s competence as a data steward, the company took six weeks to notify their customers after finding about their security breach. Even after this the site that Equifax created to address questions and offer free credit monitoring was also littered with vulnerabilities. The web portal which was built to handle credit-report disputes from customers had an embarrassingly inadequate security proceeds and credentials.
The software that was exploited was the Apache Struts web-application software, although the apologetic software foundation’s always recommend updating their platforms to stop security breaches this this one happen. Most breaches and exploitations like are caused because users don’t regularly patch and update their platforms, failure to update components can make the system vulnerable for months or even years. They also declare that if the vulnerable patch was disclosed in March there would have be clear instructions on how fix the situation, the fact they were attacked in May means they ignore the advice.Once hackers identified Equifax’s system is vulnerable, it would have been easy to gain access to their servers and exploit them. It is unsure whether these attackers worked over time to gain access to files and data or if this data was unprotected and easy to acquire.
It’s likely that the company has been shoring up its application and would have benefited from a more in-depth and secure practice in development and deployment. Doing this would have made sure that sufficient testing or reviewing might have spotted this vulnerable patch before it could have been exploited. Perhaps more monitoring of the company’s web application with AI infused tool could have identified suspicious behaviour before data could be breach or curb the exploitation before 143 million user’s person details could be hacked. Until more companies incorporate better security practices into the development of both their web and mobile applications, breaches like this are likely to happen again.
The company’s attempt at damage control satisfy with dozens of their customers, whose personal data was breached, filing lawsuits against the company. The impact and public outcry forced FTC staff to investigate and politicians call on federal watchdogs and protections agencies.
There is no doubt that Equifax will come under public scrutiny and financial losses because of this security breach, but the real victims are those customers whose trust was misused and their data compromised. New Orleans based Technology and Security company Datatek is dedicated to the highest standards in cyber protection and would work to