What should Equifax have done differently?
Table of Contents
What should Equifax have done differently?
Here’s what they could have done differently:
- Announce Sooner. When Equifax discovered the data breach, they knew the situation would require further investigation before they could provide a full picture to the public.
- Anticipate media coverage.
- Be self-aware and forthcoming.
What caused the Equifax breach?
The vulnerability that caused the breach was vulnerability Apache Struts CVE-2017-5638. Apache Struts is a popular framework for creating Java Web applications maintained by the Apache Software Foundation. The Foundation issued a statement announcing the vulnerability and released a patch on March 7, 2017.
What made the Equifax attack a SQL injection?
Simple answer: SQL Injection. “…they probably stole the database credentials out of the [web] application…” According to the below article and many others online, the data breach occurred due to a web app vulnerability. The attacker can use these to take over the entire box – do anything the application can do.
What would Equifax have done differently to prevent the cyber attack?
The committee made several recommendations to prevent future incidents like the one at Equifax, including reducing the use of social security numbers as personal identifiers. To protect yourself freeze your credit, have secure passwords and be sure to shred sensitive documents.
What technical solutions are available to combat data breaches?
Below, we discuss six solidly proven ways to prevent cyber security breaches from occurring at your company.
- Limit access to your most valuable data.
- Third-party vendors must comply.
- Conduct employee security awareness training.
- Update software regularly.
- Develop a cyber breach response plan.
Was Equifax lax or unlucky to be cyber breached in this way?
Equifax breach was ‘entirely preventable’ had it used basic security measures, says House report. The credit agency failed to patch a disclosed vulnerability in Apache Struts, a common open source web server, which Homeland Security had issued a warning about some months before.
Why did Equifax wait to tell its customers of the data breach?
Equifax waited weeks before alerting 143 million of its customers that a data breach exposed sensitive personal information like social security numbers. This created a duty to disclose this attack in a timely fashion to investors, potential investors, and those whose data was compromised.”