Missed patch caused Equifax data breach
https://www.theregister.co.uk/2017/09/14/missed_patch_caused_equifax_data_breach/Apache Struts was popped, but company had at least TWO MONTHS to fix it (bolding mine)
Equifax was breached in mid-May 2017, realised it in July and got around to telling the world in Early September. If we take mid-May as the 15th of the month, Equifax had nine working weeks in which to apply the patch.
That its data breach was entirely avoidable is not the end of Equifax's woes, as the new Progress Update also reveals that Due to the high volume of security freeze requests, we experienced temporary technical difficulties and our system was offline for approximately an hour at 5PM ET on September 13, 2017 to address this issue.
FakeNoose
(35,555 posts)Fire the CEO, the Executive Board, and the entire IT staff.
I'm not kidding! Put the fear of God into people or they won't do their jobs.
Docreed2003
(17,750 posts)We received notification today that our info was potentially included in the breach from our bank; they've got our back, but I'm not so sure many others will be as lucky.
mbusby
(825 posts)...on Equifax, Experian and TransUnion. No hurry to release it, maybe forever.
discntnt_irny_srcsm
(18,567 posts)Last edited Sat Sep 16, 2017, 08:42 PM - Edit history (1)
This is exactly a national disaster. Estimates on damage from Irma look to be around $50 million. I suggest that similar hacks and resulting costs could be much higher. Why did this happen? In simple terms, Equifax had an aspect of their security allocated to what would be analogous to a nightwatchmen who regularly falls asleep with a newspaper over his face.
Next I ask where is government oversight. The Consumer Product Safety Commission issues recalls if it gets reports of a piece of furniture that could injure someone by falling over.
Shouldn't there be a federal agency charged with auditing institutions that maintain data on the American public?
The potential for loss is extreme. Imagine 40% of the public has their information compromised. Maybe they are each liable for $500 of what is basically fraud. In practice my banks have kept my liability to $0 but to pick a number let's use $50. Perhaps over the next 3 years There are frauds which target half of those 143 million people. That's about $3.5 billion. A mere pittance you might think. Now suppose during those same 3 years, loans are taken by identity thieves who've used 1% of those breached. Maybe some are consumer loans for an alleged used car or debt consolidation. They can be in the $2,000 to $10,000 range multiplying that by a million or two cases equals billions. Now imagine if some of those 143,000,000 folks have to spend a few thousand on an attorney. Maybe some lose time from work.
The US GDP $18 trillion and change. What if more than 1% of our GDP is based on fraud, theft and mismanagement? Not just the standard Republican steal from the poor type but general fraud and theft?
Trust me here victims of identity theft will have names like John and Mary Smith not Chuck and Dave Koch.