Social Network For Security Executives: Network, Learn & Collaborate
$700m to be paid by credit score agency Equifax as part of a settlement for data breach in 2017. The breach is known to expose data of at least 147 million people. It is FTC’s largest data-breach settlement, much above the uber penalty of $148m.
Unpatched system turned out to be their point of data leak. Equifax was notified of a critical vulnerability on their Automated Customer Interview System (ACIS). This was used by the public to check their credit scores. The vulnerability allowed hackers to access data beyond the public data through this portal. Hackers continued to access data for several months. It was also noted, large chunks of sensitive data were stored as unencrypted plain text.
The cyber privacy law is becoming more strict with multiple past breaches exposing sensitive PII. It is necessary to keep track of and monitor your assets. Here are a few preventive steps :