Who is Equifax?
Equifax is an incredibly large consumer credit reporting agency. They collect and handle sensitive information on almost a billion consumers and almost a hundred million businesses worldwide. As you can imagine, the safety of their information is incredibly important. Just recently, Equifax was the subject of a large security breach which led the hackers accessing approximately 145 million Equifax consumers’ personal information. This included full names, dates of birth, addresses and even Social Security numbers.On top of this, over 200,000 consumers had their credit card information stolen. With a breach this large, you could imagine the repercussions. The company is now being sued for twice what it’s worth, and will have a hard time recovering. The worst part about this breach is the fact that it was so easy to avoid, but the company neglected basic procedures.
How did this happen?
As previously mentioned, a cyber-attack on Equifax led to the theft of over 145 million consumers lost extremely sensitive information. This was accomplished because of a flaw in a tool the company was using. This flaw was discovered by Equifax over two months prior to the attack, but they neglected to try and resolve the issue.The software that led to the breach was an open source software, which means that it was software that was worked on publicly by many programmers. This means that almost anyone could have access to the code and examine it for possible exploits. The tool that was exploited is a very popular tool among businesses, and has since been fixed. Be wary though, just because this issue was resolved, remember that there is a potential in every piece of software your company uses to have a backdoor, or exploitable feature.
Equifax told the press that they discovered the breach, but waited a full day until they verified suspicious activity before taking the application offline. They basically handed the hackers an additional 24 hours to gather information.
It’s been found that Equifax was a bit behind on their security regulations and precautions, which is very bad considering how much important data they were holding. The fact that they had so much valuable information and a lack of security made them the perfect target for the hackers.
The worst part of the situation is, because of the lack of security, it could be impossible to trace it back to the hacker or group of hackers. There are many ways to ensure that what you do online is incredibly hard to trace, sometimes even impossible. It’s very likely the hackers won’t get caught, and will sell the information to other criminals, which will lead to heavy financial losses to the consumers who were caught in the Equifax breach.
How Could This Have Been Avoided?
This attack could have been avoided in many ways. The first and most obvious move would have been to fix the flaw as soon as it was discovered, and then scan for additional flaws in the software before putting it live again. This would close any backdoors that hackers may have had access to, or been able to find.It’s incredibly important to make sure that every piece of software that your company uses is secure and free of any potential exploits or flaws before you implement it. Even if you use a piece of software for years, hackers are discovering new exploits every day. Every line of code needs to be checked, secured, and updated regularly.
It's also important to monitor what’s happening on your network constantly. It’s very concerning that all this information was stolen off the network without Equifax noticing until it was too late. This could have been avoided if they simply had one person checking to see what information was going where. Not a single person saw the server load increase drastically as all this information was pulled off. There is no excuse for this to happen.
Security is a layered approach. The more layers, the better.
If Equifax Could Be Breached, So Can You.
Even though Equifax may not have handled the situation the best possible way, this could still happen to anybody. There are no guarantees on any software that it will be exploit free. Hackers will constantly be snooping around, looking for ways to get into your system. The only way to make sure they can’t get in is to have a team of professionals on your side looking for all the same methods of getting in, and then fixing them.Hackers aren’t all bad. It’s important to know how they think, and what they do, so that you can take the necessary steps to prevent attacks. If you’re unsure of how to do this, you should seek assistance from someone who can. All businesses handle sensitive information, and this is always going to be a prime target for hackers.
Once they have access to this information, your business can suffer massive blows to revenue, you’ll lose client trust, you’ll lose money, you’ll get sued, and possibly even lose your entire business. This should never have to happen, and can all be avoided (or at least mitigated) by properly protecting your business infrastructure.