Equifax To Pay $700m As Data Breach Settlement

$700m to be paid by credit score agency Equifax as part of a settlement for data breach in 2017. The breach is known to expose data of at least 147 million people. It is FTC’s largest data-breach settlement, much above the uber penalty of $148m. 


Why It Happened ?

Unpatched system turned out to be their point of data leak. Equifax was notified of a critical vulnerability on their Automated Customer Interview System (ACIS). This was used by the public to check their credit scores. The vulnerability allowed hackers to access data beyond the public data through this portal. Hackers continued to access data for several months. It was also noted, large chunks of sensitive data were stored as unencrypted plain text.


How Could It Be Prevented ?

The cyber privacy law is becoming more strict with multiple past breaches exposing sensitive PII. It is necessary to keep track of and monitor your assets. Here are a few preventive steps : 

  • Have a patch management program and monitor the activities from time to time
  • Implement GDPR compliance policies and procedures and get it audited by a trust worthy security entity
  • Have a good cyber security training and awareness program implemented to have your employees aware of the security challenges and misuse
  • Scan your digital attack footprint, keep a complete log of your assets, monitor and secure them
  • Frequent (periodic) vulnerability assessment and penetration testing of your organization’s digital assets is necessary
  • Breaches are unavoidable. A proper incident response program that ensures your customer’s sensitive data is not harmed and reduces business down time is a win-win
E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

CISO Discussion Conference

  • Description:

    The sessions will explain the Security Market Ecosystem, Problems that CISOs face when trying to purchase a product in that segment, the architecture, business impact & more.

  • Created by: pritha