Information Security Case Study
Essay by nimmon • July 25, 2018 • Case Study • 362 Words (2 Pages) • 986 Views
Riley Wray
Information Security Case Study
Starting in May of 2017, Equifax suffered a data breach that allowed criminals to exploit the personal information of 145 million Americans as well as other in the UK and Canada. The breach lasted until July 2017. A vulnerability within a web application tool called Apache Struts was the source of the breach. The perpetrators gained access to the following user data: people’s names, social security numbers, birth dates, addresses, and driver’s license numbers. As far as what could have been done, the most obvious answer is to fix the vulnerability. Equifax had been aware of the vulnerability within the application since March of 2017, and yet did not move to fix it. Funny enough, Equifax patched the vulnerability only one day after discovering the breach. There were several methods beyond simply patching this vulnerability that Equifax could have chosen. Some examples would be multifactor authentication, encryption, segmenting their networks, and better preparing their employees to detect suspicious activity.
The response of Equifax to this situation is comically negligent. They waited a month before informing the public of the data breach, causing people to lose valuable time to take steps to protect their identities. During the time they were informing the public, their twitter account sent customers to a phishing site, followed by sending them to a fake website run by a researcher for internet security. It’s unbelievably disappointing to know that these are the kinds of people in charge of protect something as valuable as private customer information. The results of this data breach were staggering amounts of identity theft and fraud. Businesses as well depended on the data they were given by major credit bureaus like Equifax, and this could compromise their identity verification systems. It is clear that information security was not as high a priority as it should have been at Equifax, and it costed nearly 150 million Americans some of their most private information. They did not react quickly enough, or in an adequate fashion and they also did not sufficiently protect themselves from a data breach.
...
...