When the Equifax breach occurred 148 million people across the US, Canada and UK had their personal information exposed. Over a year later new details released by a House Oversight Committee reveal that Equifax could have prevented the breach.
The House’s report didn’t hold back as they dubbed the breach “entirely preventable”. They also condemned Richard Smith (former Equifax Chief Executive) for his poor handling of the situation.
Amongst going over many of the details that were already disclosed about the breach, the report also revealed new findings. Equifax ignored a direct warning from homeland security regarding the instability of Apache Struts (open web server). Hackers preyed on the weakness and for two months they had access to the server. In that time they were able to gather passwords that gave them access to close to 50 databases. All of which Equifax could have prevented by renewing a security certificate. The certificate would have allowed a device that watches for this exact type hacker behaviour to be active.
Equifax, who has been less than eloquent when responding to the breach decided to oppose the findings of the House Committee,
“We are deeply disappointed that the Committee chose not to provide us with adequate time to review and respond to a 100-page report consisting of highly technical and important information,” said Equifax spokesperson Wyatt Jefferies. “During the few hours we were given to conduct a preliminary review we identified significant inaccuracies and disagree with many of the factual findings” – Equifax Spokeperson Wyatt Jefferies
Equifax later revealed to TechCrunch that the “inaccuracies” more closely resembled a list of “nitpicks”. One of which stated, “Equifax offered two years of credit monitoring and not one year as was stated in the report”.
Mind you this is the same company whose Chief Information Officer, David Web admitted that the entire event could have been prevented.
What you can do
When you entrust your information with any large corporations it is at risk of becoming collateral during a breach.
So what can you do outside of stopping your involvement with these services? For starters, you try being diligent about monitoring your information. One of the best ways to do this is by going straight to the source of where a lot of leaked information ends up, the Dark Web.
With ScoresMatter, you can scan the Dark Web and see if criminals are trading or selling your personal details. You can also learn what you can do if we do find your information on the Dark Web.
Protect the digital you at ScoresMatter today.