This site may earn affiliate commissions from the links on this page. Terms of use.

538561-generic-security-hacking

The hits just go on on coming. In the weeks since Equifax disclosed its breach, the company has fumbled its PR response then badly, it'due south going to be an object lesson in crisis management for decades. We first learned Equifax was breached because information technology failed to patch a bug that had been repaired two months previously. Only every aspect of the company's response has been abysmal, particularly given that information technology had over a month to prepare.

The latest news is that the company is then inept, it's been directing people to a white hat phishing site specifically intended to test the company'southward security response. Oh — and Equifax suffered a major security breach months before the one that stole 143 million records on almost every adult in the Usa. It even may have been perpretated by the same group of people, though that'due south nevertheless under investigation.

The company'south CIO and the aforementioned chief security officer have already resigned, only these latest revelations could cause more heads to part. Co-ordinate to Bloomberg, Equifax noticed information technology was under attack in early March and worked with Mandiant to plug the hole. The details of this alienation accept not been disclosed to the public, but the implication is articulate: Equifax was already under attack when it was breached over again in May, and should have implemented stronger security protocols every bit a upshot. The but reason the company was breached was because it failed to patch Apache Struts, even after a critical flaw was discovered in the program.

Phishing for Tweets

The other major headache for Equifax is that information technology'south been tweeting the wrong URL to customers asking where to go for help and information. While we don't have a tally of how many people were misdirected, the company told people to visit SecurityEquifax2017.com on multiple occasions. Tim is likely in a lot of problem:

The actual website for Equifax'south failure is equifaxsecurity2017.com.

The best function of all this? Equifax is highly unlikely to face any kind of penalty for dumping anybody'south permanent information online. Later on all, it was the victim in this assault. Apart from an investigation into the three executives who sold stock after Equifax learned about the breach, and some various class action lawsuits against the company, there appears to be lilliputian in the mode of law that would punish it.

It'south just the latest and almost egregious example of how people are told that their information is simultaneously worthless and incredibly valuable. Companies and governments desire the correct to mine every single attribute of your life for information that can be monetized or saved for later consultation, merely they don't desire you to think this information has any value any. If y'all did, you might intendance what happened to information technology.

At present read: 20 All-time Privacy Tips