![]() The attackers were able to move from the web portal to other servers because the systems weren’t adequately segmented from one another, and they were able to find usernames and passwords stored in plain text that then allowed them to access still further systems.The company was initially hacked via a consumer complaint web portal, with the attackers using a widely known vulnerability that should have been patched but, due to failures in Equifax’s internal processes, wasn’t.A top-level picture of how the Equifax data breach happened looks like this: General Accounting Office, and an in-depth analysis from Bloomberg Businessweek based on sources inside the investigation. Most of the discussion in this section and the subsequent one comes from two documents: A detailed report from the U.S. The Equifax breach investigation highlighted a number of security lapses that allowed attackers to enter supposedly secure systems and exfiltrate terabytes of data. Like plane crashes, major infosec disasters are typically the result of multiple failures. And the question of who was behind the breach has serious implications for the global political landscape. ![]() But no similar compensation fund for Canadian victims has been set up.In March 2017, personally identifying data of hundreds of millions of people was stolen from Equifax, one of the credit reporting agencies that assess the financial health of nearly everyone in the United States.Īs we’ll see, the breach spawned a number of scandals and controversies: Equifax was criticized for everything ranging from their lax security posture to their bumbling response to the breach, and top executives were accused of corruption in the aftermath. Officials at the agencies confirmed at a press event on Monday that while Canadians will benefit from the operational changes that Equifax has been mandated to perform to its business, they are not entitled to the financial compensation outlined on Monday.Ĭanada's Privacy Commissioner investigated the issue and found Equifax's response to be "lacking" and the company has agreed to a compliance agreement with the watchdog to ensure the company maintains better security practices moving forward. The total bill for the fiasco adds up to $700 million US, but Canadian victims aren't covered by that figure. "This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud. "Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers," FTC chair Joseph Simon said. The company has also agreed to bolster its security practices and have its policies assessed regularly by a third party. ![]() It will also establish a $300 million fund to compensate victims which could climb to $425 million depending on how many customers use it.Īffected consumers will also be eligible for 10 years of free credit monitoring from Equifax, and the company agreed to make it easier for consumers to freeze their credit or dispute inaccurate information in credit reports. Under the terms of the settlement revealed Monday, the company will pay a $175 million fine to the states and $100 million to the CFPB. Equifax promises free credit locking for life - unless you're Canadian.The hackers had access to the data for almost three months before the company realized it. The number of victims ballooned to 147 million people worldwide, including 19,000 in Canada. In September 2017, the company revealed that it had become the victim of one of the largest data thefts on record, with names, credit card numbers, social security numbers and other information stolen by a group of criminals that have yet to be identified. The Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB) and various state-level regulatory bodies announced the settlement on Monday morning, a move that brings an end to investigations from various levels of the U.S. regulatory bodies over the massive data breach that saw the personal information of almost 150 million people stolen in 2017.Ĭanadian victims aren't covered by that figure. Credit monitoring firm Equifax has agreed to pay up to $700 US million in fines and penalties to settle with various U.S.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |