A U.S. House committee has released a staff report that concludes the Equifax breach from 2017 was “entirely preventable.” The report includes many notable findings, including recommendations for the business sector to avoid such incidents in the future.
On Sept. 14, 2017, House Oversight and Government Reform Committee Republicans started investigating the Equifax data breach that affected 148 million consumers, including some in Europe.
In the 14 months since, the Committee discovered that Equifax failed to define clear lines of authority assigning responsibility for the data it was collecting, that it was using outdated systems, and that it was unprepared to support customers in the event of a breach, among other things. Most importantly, the Committee found the incident could have been easily avoided. As some readers will remember, Equifax failed to patch known vulnerabilities in the Apache Struts web application framework, which allowed hackers access to its systems. From the report:
Key Findings
The Committee says Equifax has “a heightened responsibility” to protect the personal data of its customers, but stresses that the government should be more involved as well. It recommends organizations increase oversight, accountability, and transparency in their operations and infrastructure, and modernize IT security solutions. The Committee’s full list of recommendations can be found here.
The Equifax breach was one of the biggest of its kind in U.S. history, but because it occurred in the pre-GDPR era, European authorities – on behalf of affected UK customers – could only fine the company the maximum allowable penalty under the 1996 Data Protection Act: £500,000. Under the GDPR, that penalty would have been orders of magnitude higher.
However, the American credit reporting agency did not escape the incident unscathed. Far from it, actually. In the weeks following the breach, Equifax let go of not one, but three of its top executives. Several other employees were charged with insider trading in relation to the breach. Equifax’s image, as a result of the scandal, took a serious beating that was more than reflected in the stock market.
tags
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.
View all postsDon’t miss out on exclusive content and exciting announcements!