Equifax CEO Accepts the data breach is successful and confirms there was an unauthorized access from the Mid May-2017 into Equifax environment. The breach was success through their website application vulnerability.

In-total of 182,000 records of consumers were accessed by the hackers. Which is the high potential financial data

Who is Equifax? What Business They Deal With? What contains in breached Consumer Data? Who is behind the massive Data breach? let’s do the little Anatomy in Equifax Data Breach

Who is Equifax?

Equifax Inc. is a consumer credit reporting agency in the United States, considered one of the three largest American credit agencies along with Experian and TransUnion.

Who is having 800 Million Consumers and dealing with 88 Million businesses world wide

Whose revenue is US$3.144 Billion in 2016

What Business They Deal With?

Equifax deals with largely on the Business to Business sector, Equifax sells businesses credit reports, analytics, demographic data, and software. Credit reports provide detailed information on the personal credit and payment history of individuals, indicating how they have honoured financial obligations such as paying bills or repaying a loan.

What contains in breached Consumer Data?

• Names
• Social Security numbers
• Birth dates
• Addresses
• Driver’s license numbers
• Credit card numbers
• Dispute Documents of PII

Equifax Already Aware They gonna be Hacked ? 

Equifax is working with the security firm who is specialized in Investigations, before they release the report let’s try to understand what could be the reason for this Data Breach? Let’s understand real factors whether Equifax really given importance to the consumers data? and the importance given for information security in their environment?

The below is derived only through the public-ally available information and which slightly confirms the Equifax going to be hacked anytime

• Equifax 2017-Proxy Statement confirms their security enhancement plans and there is not enough security with Equifax.  Board refreshment is planned to include Security as their plan

• Rigorous Enterprise Risk Management is highlighted and driven towards security

• Technology committee also identified the security concerns

• Part of Ongoing strategic review, board refreshment plan confirms “Committee seeks to anticipate future needs for expertise in new and emerging markets, technology, security and regulatory compliance, while also enhancing the diversity on our Board”

• Equifax ERM [Enterprise Wide Risk Management] Program tracks all their Risk management including security

• Already Equifax identified security as a RISK in their Board Risk

• Ernst & Young is the official security review auditors who performed the audit for Equifax 

• CISO Susan Mauldin interview confirms the resource and the existing team is not fully equipped to handle the complete security incidents 

http://www.cazena.com/susan-mauldin-transcript

Even the Board, Committee, Technology, ERM Team, CEO, CISO everybody is aware of that Equifax is lacking in their security. Why they have not acted on it how Equifax were still certified as compliance which blows the whistle

Whose Responsible for the Data Breach ? 

Does the CISO takes the responsible of the data breach even though she understood the team is not having the capacity to handle the security incidents ? Who told “CISO is similar to a military role” 

Does the Auditing Firm E&Y can take the complete responsible who is the official Audit Firm which performs the complete audit and certifies the company as “SECURED”? 

Does the board of directors can take the responsible even their ERM & Board refreshment programs talks about the Security improvement even after understanding the world wide breaches? 

Why only CEO takes the complete responsibility and regretting for the data breach??

We can wait for the official results to be announced by Equifax and let’s understand the ground reality of the security breach 

But sure this is the lesson for most of the industries and how the security is practiced

Enhancement is an-going process if you feel you are secured enough then you will get hit Bad, Equifax is an Example !!!