Image Courtesy CNN Money
On 29 July 2017, Equifax, one of the big-three credit reporting companies, announced the discovery of a data breach exposing an estimated 143M Americans. Unauthorized access took place between mid-May through July 2017.
One source has called this a category-5 event.
Details of the data breach
The investigators found bad actors exploited the vulnerability in a U.S. website application and made off with Personal Identity Information (PII):
- Social security numbers
- Dates of birth
- Driver’s license numbers
They also extracted 209K U.S. consumer credit card numbers and dispute documents for 182K cases that also revealed sensitive personal information.
The investigation also revealed the access of a limited PII of the UK and Canadian residents. Equifax is working with UK and Canadian regulators to determine appropriate next steps. They have found no evidence that any other country has been impacted and said:.
“Equifax acted immediately to stop the intrusion. A leading, independent cybersecurity firm is conducting a comprehensive forensic review to determine the scope of the intrusion. Law enforcement is conducting their own investigation.”
Equifax customers may determine if their PII has been compromised by searching on www.equifaxsecurity2017.com.
CSO Online expects some tax and banking fraud to result from the vast amounts of data breached. The biggest impact will be felt by enterprises that rely on credit reporting bureaus to verify the identity of people they are doing business with: employment verification, social services verification, and credit reports.
Top Execs Retire Effective Immediately
Equifax confirmed this week that the failure to patch a web server vulnerability, Apache Struts CVE-2017-5638, was to blame for the breach. Equifax is still working to get a handle on the scope of this unfortunate intrusion.
From a personal perspective, the result is that two C-Suite officers have stepped down: Equifax is replacing David Webb, CIO, with interim CIO Mark Rohrwasser, and Susan Maudlin, CSO, will be replaced with interim CSO Russ Ayers.
How criminals use PII
Gartner blogger and distinguished analyst, Avivah Litan, explains how black markets syndicates will use this PII:
- It will be sold underground
- It will be used to update existing identity records
- It will be used to take over bank accounts, brokerage accounts and so on
- It will be used by nation states to map out the population
How Threat Intelligence (TI) works
Threat Intelligence Data Feeds are a must, gaining IT security teams the visibility needed to track real-time threats–quantifying and qualifying vectors attackers are using.
Having analysis from millions of data points from crime server activity each month ensures your team can set the right parameters to block specific:
- Infected bot IPs
- Provide a list of the most-infected OS profiles, software, and users
Users need to understand what attack vectors malicious actors are using, and specifics behind potential indicators of compromise (IOC) to be able to speedily deploy the right mitigation solutions.
How TI might have helped prevent the Equifax breach or provided early detection
One thing real-time threat intelligence will provide you is visibility for the indicators of what crime servers are doing at any given time.
If you have an enterprise-level threat intelligence platform, like ours, modules will also help by making specific aspects of a breach visible:
- Detect and identify data that could represent leaked information across multiple file sharing platforms
- Provide a list of stolen credentials [usernames and passwords]
- Provide a list of sensitive or restricted documents now available on the web
- Provide news filter for special topics that can impact your company and brand
We are always ready to assist you and in determining what’s right to help strengthen your security posture.
It is easy to sit at the safety of your desk and pontificate about the negligence of others. Many things could have gone wrong to hinder the Equifax team from “plugging the proverbial hole” in their server software.
The important thing to remember is that you’re only as good as your tools. Having the right tools could have helped avert the tragedy of the May – July 2017 Equifax data breach. Our thoughts are with the victims of this terrible event.
For more information on how you can protect your company PII, feel free to reach out to our team. We’ll be happy to help you understand the right solution for your needs.