$700m to be paid by credit score agency Equifax as part of a settlement for data breach in 2017. The breach is known to expose data of at least 147 million people. It is FTC’s largest data-breach settlement, much above the uber penalty of $148m.
Why It Happened ?
Unpatched system turned out to be their point of data leak. Equifax was notified of a critical vulnerability on their Automated Customer Interview System (ACIS). This was used by the public to check their credit scores. The vulnerability allowed hackers to access data beyond the public data through this portal. Hackers continued to access data for several months. It was also noted, large chunks of sensitive data were stored as unencrypted plain text.
How Could It Be Prevented ?
The cyber privacy law is becoming more strict with multiple past breaches exposing sensitive PII. It is necessary to keep track of and monitor your assets. Here are a few preventive steps :
- Have a patch management program and monitor the activities from time to time
- Implement GDPR compliance policies and procedures and get it audited by a trust worthy security entity
- Have a good cyber security training and awareness program implemented to have your employees aware of the security challenges and misuse
- Scan your digital attack footprint, keep a complete log of your assets, monitor and secure them
- Frequent (periodic) vulnerability assessment and penetration testing of your organization’s digital assets is necessary
- Breaches are unavoidable. A proper incident response program that ensures your customer’s sensitive data is not harmed and reduces business down time is a win-win