Equifax CEO Accepts the data breach is successful and confirms there was an unauthorized access from the Mid May-2017 into Equifax environment. The breach was success through their website application vulnerability.
In-total of 182,000 records of consumers were accessed by the hackers. Which is the high potential financial data
Who is Equifax? What Business They Deal With? What contains in breached Consumer Data? Who is behind the massive Data breach? let’s do the little Anatomy in Equifax Data Breach
Who is Equifax?
Equifax Inc. is a consumer credit reporting agency in the United States, considered one of the three largest American credit agencies along with Experian and TransUnion.
Who is having 800 Million Consumers and dealing with 88 Million businesses world wide
Whose revenue is US$3.144 Billion in 2016
What Business They Deal With?
Equifax deals with largely on the Business to Business sector, Equifax sells businesses credit reports, analytics, demographic data, and software. Credit reports provide detailed information on the personal credit and payment history of individuals, indicating how they have honoured financial obligations such as paying bills or repaying a loan.
What contains in breached Consumer Data?
- Social Security numbers
- Birth dates
- Driver’s license numbers
- Credit card numbers
- Dispute Documents of PII
Equifax Already Aware They gonna be Hacked ?
Equifax is working with the security firm who is specialized in Investigations, before they release the report let’s try to understand what could be the reason for this Data Breach? Let’s understand real factors whether Equifax really given importance to the consumers data? and the importance given for information security in their environment?
The below is derived only through the public-ally available information and which slightly confirms the Equifax going to be hacked anytime
Equifax 2017-Proxy Statement confirms their security enhancement plans and there is not enough security with Equifax. Board refreshment is planned to include Security as their plan
Rigorous Enterprise Risk Management is highlighted and driven towards security
Technology committee also identified the security concerns
Part of Ongoing strategic review, board refreshment plan confirms “Committee seeks to anticipate future needs for expertise in new and emerging markets, technology, security and regulatory compliance, while also enhancing the diversity on our Board”
Equifax ERM [Enterprise Wide Risk Management] Program tracks all their Risk management including security
Already Equifax identified security as a RISK in their Board Risk
Ernst & Young is the official security review auditors who performed the audit for Equifax
CISO Susan Mauldin interview confirms the resource and the existing team is not fully equipped to handle the complete security incidents
Even the Board, Committee, Technology, ERM Team, CEO, CISO everybody is aware of that Equifax is lacking in their security. Why they have not acted on it how Equifax were still certified as compliance which blows the whistle
Whose Responsible for the Data Breach ?
Does the CISO takes the responsible of the data breach even though she understood the team is not having the capacity to handle the security incidents ? Who told “CISO is similar to a military role”
Does the Auditing Firm E&Y can take the complete responsible who is the official Audit Firm which performs the complete audit and certifies the company as “SECURED”?
Does the board of directors can take the responsible even their ERM & Board refreshment programs talks about the Security improvement even after understanding the world wide breaches?
Why only CEO takes the complete responsibility and regretting for the data breach??
We can wait for the official results to be announced by Equifax and let’s understand the ground reality of the security breach
But sure this is the lesson for most of the industries and how the security is practiced
Enhancement is an-going process if you feel you are secured enough then you will get hit Bad, Equifax is an Example !!!