Equifax hack exposes limitations of authentication based on personal information

Cybersecurity Credit monitoring company Equifax has revealed that the personal data of around 143 million Americans has been stolen. The files, which included names, social security numbers, dates of birth, addresses and driver s license numbers, were accessed by criminals between mid-May and July of this year. Credit card numbers for about 209,000 US consumers were also accessed.

Three senior executives sold shares in the company worth almost $1.8m after discovering the breach but before making it public. Inevitably, the share price has tumbled following the announcement. While it isn t the biggest data breach in history, it could be the most damaging Ines Gutzmer, head of corporate communications for Equifax, insisted that chief financial officer John Gamble, president of US information solutions Joseph Loughran and president of workforce solutions Rodolfo Ploder had no knowledge that an intrusion had occurred at the time they sold their shares. The Equifax breach is the biggest-ever theft of social security numbers, eclipsing the 2015 hack at health insurer Anthem Inc that exposed personal data of 80 million people.The latest hack exposes 143 million Americans to the risk of identity theft and fraudulent transactions carried out in their name. While it isn t the biggest data breach in history that honour goes to Yahoo it could be the most damaging, because the data obtained is routinely used to verify people s identity by banks and other institutions. On a scale of one to 10, this is a 10 in terms of potential identity theft, said Gartner security analyst Avivah Litan. Credit bureaus keep so much data about us that affects almost everything we do. Two of Equifax s competitors, Experian and TransUnion, will be affected too since they hold virtually the same data held by Equifax. Ridiculous Ryan Kalember, from cybersecurity company Proofpoint, told the Guardian that the breach has really called into question the entire model of how we authenticate ourselves to financial institutions.

The fact that we still use things like mother s maiden name, social security number and date of birth is ridiculous. Richard Smith, Equifax s chairman and CEO, said: This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. Senator Mark Warner, vice-chairman of the senate intelligence committee, has urged Congress to reframe data protection policies in such a way that businesses have fewer incentives to collect large, centralised sets of highly sensitive data . Equifax also reported fraudulent and unauthorised access to the financial files of four high-profile individuals in 2013, with Paris Hilton, Michelle Obama, former FBI director Robert Mueller and former US attorney general Eric Holder rumoured to be involved. Ilia Kolochenko, CEO and founder of High-Tech Bridge, said: Now cybercriminals have a great wealth of opportunities to conduct spear phishing, fraud, identity theft, impersonation and social engineering attacks against the victims of the breach. We should be prepared for skyrocketing number of attacks targeting not only the victims, but their relatives, employers and partners. The breached database will likely be shared among various cyber gangs, exacerbating the damage. It s a very colourful, albeit very sad, example how a vulnerability in a web application can lead to disastrous consequences for an entire company, its customer base and far beyond.

Today, almost any critical data is handled and processed by web applications, but cybersecurity teams still seriously underestimate the risks related to application security. Most companies don t even have an up-to-date application inventory. Without knowing your assets, you won t be able to protect them. Many global companies still rely on obsolete automated solutions and tools for their application security, while cybercriminals are already using machine-learning in their attacks when targeting and profiling the victims for example. Last but not least, such a delayed public disclosure of the breach is quite dubious. Probably the disclosure was reasonably postponed in the interests of investigation, but it still could endanger the victims. Most important now is to make sure that we do not underestimate the scale of the breach, and have properly identified every victim and the integrity of data that was stolen. Equifax says it discovered the hack on 29 July. The Atlanta-based company has set up a website where people can check to see if their personal information may have been stolen.

Consumers can also call 866-447-7559 for more information. Equifax is offering customers free credit monitoring using its own breached service. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach?

This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

[Best Price - Click Here]

Leave a Reply

Your email address will not be published. Required fields are marked *