Equifax Breach: Warn Customers, Learn Lessons


Data Breach

… check in with these customers to determine their current state of security and develop an immediate action plan to ensure data is protected at all levels.”

Cybercriminals would like to have enough information about you that they can in effect become you, and Equifax possesses that quantity and quality of data, said Kenneth Geers, senior research scientist at Comodo. Even if you are not a customer, Equifax likely has a lot of data about you, and you should take proactive steps in response to this hack, he said.

“On the technical side, it is critical that we learn what application was exploited, and what vulnerability was leveraged, so that other companies can take defensive action,” he said. “The fact that the site isn’t yet working means that Equifax was simply not ready for the level of responsibility that possession of this quantity and quality of digital information requires. It is alarming that, despite past cybersecurity compromises, Equifax today apparently has no chief information security officer (CISO) to talk to.”

Comodo and other cybersecurity vendors exist to help with investigating and remediating issues like this, so the need for these services may increase as this breach makes headlines and companies become more aware of potential vulnerabilities they may also be facing, Geers said.

There certainly should be an opportunity for the channel to do more to help businesses and organizations safeguard against breaches, “given the scale and potential risk of these organizations and this information as a target,” Crawford said.

“But that may not materialize until (businesses and organizations) either recognize, or are forced to recognize, that their responsibility should be proportionate to the profits they realize from this data,” he said.

In his blog, Kevin Lancaster, CEO of ID Agent, said one particularly frightening aspect of the breach is that the exact date it occurred and who executed it is still unknown.

“Tactical tools and motivation are the first things that organizations look at when they suffer a compromise,” he said. “The first step upon hack is to look at potentially vulnerable systems that haven’t been patched and look at individuals who have access and can social engineer or collude with individuals on the inside. Given the volume of data, we can only speculate that there was some type of insider involvement here.”

Equifax has established a website where U.S. consumers can find out whether their information may have been breached and sign up for identity theft protection and credit monitoring across not just Equifax, but Experian and TransUnion, as well as other protections, free for one year.

“The information has been in the hands of criminals for more than six weeks already, so time is not on your side,” Wisniewski said. “While the monitoring is often of little value, it is worth signing up for.”

Pages: Previous 1 2

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 60686