CIS Benchmark SYSTEM HARDENING VULNERABILITY MANAGEMENT

New documents provided recently by Equifax to US senators revealed that the breach the company experienced last year may have involved types of data not mentioned in the initial disclosure of the incident.

Last May, malicious hackers exploited a known vulnerability in the Apache Struts development framework to gain unauthorized access to Equifax systems. The vulnerability was patched March 7, the same day it was announced, but Equifax security team failed to install the updates in a timely manner, leaving 143 million individuals to suffer the consequences.

However, confidential documents sent by Equifax to the Senate Banking Committee, show that hackers may have stolen additional information, including tax ID numbers, email addresses, and driver’s license information.

Equifax has responded saying its initial disclosure on was never intended to include all the types of information that may have been compromised.

Senator Elizabeth Warren has responded by asking Equifax to provide clarifications on “conflicting, confusing and incomplete information” provided by the company to both the public and Congress.

“As your company continues to issue incomplete, confusing and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?” Sen. Warren wrote in a letter to Equifax.

Equifax has one week to provide Congress with a complete list of data elements confirmed or believed to have been compromised in the last Mays breach, with a timeline of its efforts provided to determine the full extent of the intrusion.

Last week Senator Warren published a 15-page report containing the findings of her personal investigation into the Equifax breach. Her investigation found that Equifax set up a flawed system to prevent data security incidents, ignored several warnings of risk to customer data, failed to disclose the breach to stakeholders in a timely fashion, and provided inadequate assistance and information to consumers.

 

Read the article on Security Week

 

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common
Harpenden
Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2018, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.