Equifax data breach
•Download as PPTX, PDF•
0 likes•1,901 views
Equifax announced a massive data breach affecting 143 million US consumers. Hackers exploited a vulnerability in Apache Struts to access names, social security numbers, birthdates, addresses, driver's license numbers, and credit histories stored on Equifax's servers. This breach poses significant risks to identity theft, as social security numbers were compromised. Those affected should obtain credit reports, monitor their credit, and consider initiating a credit freeze to protect their information going forward. The Equifax breach highlights the importance of data security preparedness and patching vulnerabilities.
Report
Share
Report
Share
Recommended
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Lessons that all business leaders can learn from the Equifax data breach, exploited by cyber criminals in 2017.
Equifax Breach Postmortem
What do you remember about the Equifax? Something about someone forgetting to patch Struts, and then the bad guys were able to get in and steal all the data? What actually happened was much more nuanced, and there's much to learn by diving into the details.
Vapt( vulnerabilty and penetration testing ) services
The VAPT testers from Suma Soft are familiar with different ethical hacking techniques such as Foot printing and reconnaissance, Host enumeration, Scanning networks, System hacking Evading IDS, Firewalls and honeypots, Social engineering, SQL injection, Session hijacking, Exploiting the network etc. https://bit.ly/2HLpbnz
Cyber Security 2017 Challenges
Presentation Cyber Security 2017 Challenges for Congresso Security Leaders, São Paulo.
October 27th, 2016.
Recommended
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Lessons that all business leaders can learn from the Equifax data breach, exploited by cyber criminals in 2017.
Equifax Breach Postmortem
What do you remember about the Equifax? Something about someone forgetting to patch Struts, and then the bad guys were able to get in and steal all the data? What actually happened was much more nuanced, and there's much to learn by diving into the details.
Vapt( vulnerabilty and penetration testing ) services
The VAPT testers from Suma Soft are familiar with different ethical hacking techniques such as Foot printing and reconnaissance, Host enumeration, Scanning networks, System hacking Evading IDS, Firewalls and honeypots, Social engineering, SQL injection, Session hijacking, Exploiting the network etc. https://bit.ly/2HLpbnz
Cyber Security 2017 Challenges
Presentation Cyber Security 2017 Challenges for Congresso Security Leaders, São Paulo.
October 27th, 2016.
Why upgrade your MFA to Adaptive Authentication?
This slide deck discusses the emerging of MFA, the pitfalls, why you should upgrade your MFA and best possible alternatives for MFA.
Watch the webinar here - https://wso2.com/library/webinars/2019/02/why-upgrade-your-mfa-to-adaptive-authentication/
Ransomware attacks
The case studies in this presentation are real life examples of ransomware attacks on health care organizations, and are intended to help physicians respond appropriately for when this type of cyber crime occurs.
Cyber Security Presentation "It Will Never Happen To Me"
This presentation is designed to give an insight into cyber risk.
The importance of protecting your data has never been more significant. Every week the media features stories of companies suffering data breeches leading to financial difficulties and unhappy customers.
Email phishing and countermeasures
Protection against email phishing, identity theft and associated countermeasures.
Cybersecurity Awareness Training
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cybersecurity Awareness Training Presentation v1.0
Note: There is an updated version of this slide deck available on SlideShare at
https://www.slideshare.net/DallasHaselhorst/cybersecurity-awareness-training-presentation-v11
--
Do you want an cybersecurity awareness training you can present at *your* business or in *your* community? Awesome!
We spent months putting together this training presentation on cybersecurity awareness. We then presented it multiple times and continued modifying the presentation based on feedback from attendees as well as feedback from those in the information security community. We are now releasing this in the hope it is a call to action for others in their communities.
The slides are available for download on our website. Download it and please present it in your own communities, e.g. at your local library, business events, co-working spaces, schools, etc. We also have a free cybersecurity quiz available on the site that is also based on the material.
Download the latest version as a Microsoft PowerPoint presentation (.pptx) or 'Make a Copy' in Google Slides.
https://www.treetopsecurity.com/slides
Cybersecurity Awareness Training Presentation v1.3
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Ransomware
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
Advanced persistent threats(APT)
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
Phishing Incident Response Playbook
Playbooks define the procedures for security event investigation and response. Phishing - Template allows you to perform a series of tasks designed to handle spear phishing emails on your network.
A Comedy of Errors in Web Application Security
Covering a wide selection of security best practice, from OWASP through NIST each point is explored, explained and demonstrated by exploring a classic failure in the wide world of Web Dev.
With more SQL Injections than SQL flu season, Lax Permissions on a global scale, buffer overflows, stack overflows and actual overflows, this talk is for anyone who wants to learn more about securing their applications … but doesn’t want to be lulled to sleep as a result.
Data Security Read the article below and answer the following questi.pdf
Data Security Read the article below and answer the following questions: Answer the following
questions: Identify and describe the security and control weaknesses discussed in this case. What
management, organization, and technology factors contributed to these problems? Discuss the
impact of the Equifax hack. How can future data breaches like this one be prevented? Is the
Equifax Hack the Worst Everand Why? Equifax (along with TransUnion and Experian) is one of
the three main U.S. credit bureaus, which maintain vast repositories of personal and financial
data used by lenders to determine credit-worthiness when consumers apply for a credit card,
mortgage, or other loans. The company handles data on more than 820 million consumers and
more than 91 million businesses worldwide and manages a database with employee information
from more than 7,100 employers, according to its website. These data are provided by banks and
other companies directly to Equifax and the other credit bureaus. Consumers have little choice
over how credit bureaus collect and store their personal and financial data. Equifax has more data
on you than just about anyone else. If any company needs airtight security for its information
systems, it should be credit reporting bureaus such as Equifax. Unfortunately, this has not been
the case. On September 7, 2017 Equifax reported that from mid-May through July 2017 hackers
had gained access to some of its systems and potentially the personal information of about 143
million U.S. consumers, including Social Security numbers and driver's license numbers. Credit
card numbers for 209,000 consumers and personal information used in disputes for 182,000
people were also compromised. Equifax reported the breach to law enforcement and also hired a
cybersecurity firm to investigate. The size of the breach, importance, and quantity of personal
information compromised by this breach are considered unprecedented. Immediately after
Equifax discovered the breach, three top executives, including Chief Financial Officer John
Gamble, sold shares worth a combined $1.8 million, according to Securities and Exchange
Commission filings. A company spokesman claimed the three executives had no knowledge that
an intrusion had occurred at the time they sold their shares on August 1 and August 2.
Bloomberg reported that the share sales were not planned in advance. On October 4, 2017
Equifax CEO Richard Smith testified before Congress and apologized for the breach. The size of
the Equifax data breach was second only to the Yahoo breach of 2013, which affected data of all
of Yahoo's 3 billion customers. The Equifax breach was especially damaging because of the
amount of sensitive personal and financial data stored by Equifax that was stolen, and the role
such data play in securing consumers' bank accounts, medical histories, and access to financing.
In one swoop the hackers gained access to several essential pieces of personal information that
could help attac.
More Related Content
What's hot
Why upgrade your MFA to Adaptive Authentication?
This slide deck discusses the emerging of MFA, the pitfalls, why you should upgrade your MFA and best possible alternatives for MFA.
Watch the webinar here - https://wso2.com/library/webinars/2019/02/why-upgrade-your-mfa-to-adaptive-authentication/
Ransomware attacks
The case studies in this presentation are real life examples of ransomware attacks on health care organizations, and are intended to help physicians respond appropriately for when this type of cyber crime occurs.
Cyber Security Presentation "It Will Never Happen To Me"
This presentation is designed to give an insight into cyber risk.
The importance of protecting your data has never been more significant. Every week the media features stories of companies suffering data breeches leading to financial difficulties and unhappy customers.
Email phishing and countermeasures
Protection against email phishing, identity theft and associated countermeasures.
Cybersecurity Awareness Training
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cybersecurity Awareness Training Presentation v1.0
Note: There is an updated version of this slide deck available on SlideShare at
https://www.slideshare.net/DallasHaselhorst/cybersecurity-awareness-training-presentation-v11
--
Do you want an cybersecurity awareness training you can present at *your* business or in *your* community? Awesome!
We spent months putting together this training presentation on cybersecurity awareness. We then presented it multiple times and continued modifying the presentation based on feedback from attendees as well as feedback from those in the information security community. We are now releasing this in the hope it is a call to action for others in their communities.
The slides are available for download on our website. Download it and please present it in your own communities, e.g. at your local library, business events, co-working spaces, schools, etc. We also have a free cybersecurity quiz available on the site that is also based on the material.
Download the latest version as a Microsoft PowerPoint presentation (.pptx) or 'Make a Copy' in Google Slides.
https://www.treetopsecurity.com/slides
Cybersecurity Awareness Training Presentation v1.3
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Ransomware
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
Advanced persistent threats(APT)
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
Phishing Incident Response Playbook
Playbooks define the procedures for security event investigation and response. Phishing - Template allows you to perform a series of tasks designed to handle spear phishing emails on your network.
What's hot (20)
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
Similar to Equifax data breach
A Comedy of Errors in Web Application Security
Covering a wide selection of security best practice, from OWASP through NIST each point is explored, explained and demonstrated by exploring a classic failure in the wide world of Web Dev.
With more SQL Injections than SQL flu season, Lax Permissions on a global scale, buffer overflows, stack overflows and actual overflows, this talk is for anyone who wants to learn more about securing their applications … but doesn’t want to be lulled to sleep as a result.
Data Security Read the article below and answer the following questi.pdf
Data Security Read the article below and answer the following questions: Answer the following
questions: Identify and describe the security and control weaknesses discussed in this case. What
management, organization, and technology factors contributed to these problems? Discuss the
impact of the Equifax hack. How can future data breaches like this one be prevented? Is the
Equifax Hack the Worst Everand Why? Equifax (along with TransUnion and Experian) is one of
the three main U.S. credit bureaus, which maintain vast repositories of personal and financial
data used by lenders to determine credit-worthiness when consumers apply for a credit card,
mortgage, or other loans. The company handles data on more than 820 million consumers and
more than 91 million businesses worldwide and manages a database with employee information
from more than 7,100 employers, according to its website. These data are provided by banks and
other companies directly to Equifax and the other credit bureaus. Consumers have little choice
over how credit bureaus collect and store their personal and financial data. Equifax has more data
on you than just about anyone else. If any company needs airtight security for its information
systems, it should be credit reporting bureaus such as Equifax. Unfortunately, this has not been
the case. On September 7, 2017 Equifax reported that from mid-May through July 2017 hackers
had gained access to some of its systems and potentially the personal information of about 143
million U.S. consumers, including Social Security numbers and driver's license numbers. Credit
card numbers for 209,000 consumers and personal information used in disputes for 182,000
people were also compromised. Equifax reported the breach to law enforcement and also hired a
cybersecurity firm to investigate. The size of the breach, importance, and quantity of personal
information compromised by this breach are considered unprecedented. Immediately after
Equifax discovered the breach, three top executives, including Chief Financial Officer John
Gamble, sold shares worth a combined $1.8 million, according to Securities and Exchange
Commission filings. A company spokesman claimed the three executives had no knowledge that
an intrusion had occurred at the time they sold their shares on August 1 and August 2.
Bloomberg reported that the share sales were not planned in advance. On October 4, 2017
Equifax CEO Richard Smith testified before Congress and apologized for the breach. The size of
the Equifax data breach was second only to the Yahoo breach of 2013, which affected data of all
of Yahoo's 3 billion customers. The Equifax breach was especially damaging because of the
amount of sensitive personal and financial data stored by Equifax that was stolen, and the role
such data play in securing consumers' bank accounts, medical histories, and access to financing.
In one swoop the hackers gained access to several essential pieces of personal information that
could help attac.
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case
Page 1 of 4
Equifax, along with Experian and TransUnion, is one of the "Big Three" credit reporting agencies
in the United States. All three companies offer credit monitoring services as their core business.
There are many regulations and restrictions governing the collection and use of credit data, but
these companies have enjoyed stable sales and profits for many years. Equifax is based in
Atlanta and its long history traces back to 1913. It employs over 10,400 employees worldwide
and maintains data on 820 million consumers.
All three agencies exchange data with banks and other financial company’s that extend credit.
They develop "credit scores" for how well consumer has handled his or her credit and debt
obligations. This score and the accompanying credit report detailing a person's credit history are
then sold to banks, credit unions, retail credit card Issuers, auto lenders, mortgage lenders, and
others who rely on this information when they make loans, issue credit cards, or offer
consumers mortgages and home equity loans. It Is also used by banks to check this information
before issuing bank credit cards such as Visa or MasterCard. Equifax, Experian, and TransUnion
have most likely compiled credit histories for nearly every adult U.S. citizen.53
In early September 2017, Equifax announced that hackers had gained illicit access to the
personal information of 143 million people. The data included social security numbers, birth
dates, phone numbers, email addresses, driving license numbers, and, in some cases, credit card
numbers. The total number expanded to 148 million by March 201ij. The pilfering of social
security numbers was particularly worrisome since that number in the wrong hands creates
opportunities for identity theft and other types of fraud.
The Equifax data breach is one of the three worst data breaches- in U.S. history along with
Yahoo and Marriott. The Marriott data h ck of 2018 affected 500 million users. In September
2016, Yahoo revealed a serious data security breach that had occurred 2 years earlier when
500,000 million records were compromised. Several months later, in December, 2016, Yahoo
informed its users of another newly discovered data breach. That breach occurred in 2013 and
affected more than 1 billion Yahoo users. However, despite the magnitude of the Yahoo and
Marriott breaches, the Equifax data breach is considered more damaging because social security
numbers and birth dates were involved. As one security expert observed, "This data is the key to
everyone's files and interactions with financial services, government, and health care."
After the announcement was made, the credit reporting agency was heavily criticized for
waiting until September 7th to reveal this data breach to the public. This breach took place in
March 2017 and went undetected for. almost 3 months. It was discovered in late July, but the
company decided to withhold.
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case
Page 1 of 4
Equifax, along with Experian and TransUnion, is one of the "Big Three" credit reporting agencies
in the United States. All three companies offer credit monitoring services as their core business.
There are many regulations and restrictions governing the collection and use of credit data, but
these companies have enjoyed stable sales and profits for many years. Equifax is based in
Atlanta and its long history traces back to 1913. It employs over 10,400 employees worldwide
and maintains data on 820 million consumers.
All three agencies exchange data with banks and other financial company’s that extend credit.
They develop "credit scores" for how well consumer has handled his or her credit and debt
obligations. This score and the accompanying credit report detailing a person's credit history are
then sold to banks, credit unions, retail credit card Issuers, auto lenders, mortgage lenders, and
others who rely on this information when they make loans, issue credit cards, or offer
consumers mortgages and home equity loans. It Is also used by banks to check this information
before issuing bank credit cards such as Visa or MasterCard. Equifax, Experian, and TransUnion
have most likely compiled credit histories for nearly every adult U.S. citizen.53
In early September 2017, Equifax announced that hackers had gained illicit access to the
personal information of 143 million people. The data included social security numbers, birth
dates, phone numbers, email addresses, driving license numbers, and, in some cases, credit card
numbers. The total number expanded to 148 million by March 201ij. The pilfering of social
security numbers was particularly worrisome since that number in the wrong hands creates
opportunities for identity theft and other types of fraud.
The Equifax data breach is one of the three worst data breaches- in U.S. history along with
Yahoo and Marriott. The Marriott data h ck of 2018 affected 500 million users. In September
2016, Yahoo revealed a serious data security breach that had occurred 2 years earlier when
500,000 million records were compromised. Several months later, in December, 2016, Yahoo
informed its users of another newly discovered data breach. That breach occurred in 2013 and
affected more than 1 billion Yahoo users. However, despite the magnitude of the Yahoo and
Marriott breaches, the Equifax data breach is considered more damaging because social security
numbers and birth dates were involved. As one security expert observed, "This data is the key to
everyone's files and interactions with financial services, government, and health care."
After the announcement was made, the credit reporting agency was heavily criticized for
waiting until September 7th to reveal this data breach to the public. This breach took place in
March 2017 and went undetected for. almost 3 months. It was discovered in late July, but the
company decided to withhold.
A Case Study Analysis Of The Equifax Data Breach
Essay Writing Service
http://StudyHub.vip/A-Case-Study-Analysis-Of-The-Equifax-Da 👈
U.S. House of Representatives Committee on Oversight and G.docx
U.S. House of Representatives
Committee on Oversight and Government Reform
The Equifax Data Breach
Majority Staff Report
115th Congress
December 2018
2
Executive Summary
On September 7, 2017, Equifax announced a cybersecurity incident affecting 143 million
consumers. This number eventually grew to 148 million—nearly half the U.S. population and 56
percent of American adults. This staff report explains the circumstances of the cyberattack
against Equifax, one of the largest consumer reporting agencies (CRA) in the world.
Equifax is one of several large CRAs in the United States. CRAs gather consumer data,
analyze it to create credit scores and detailed reports, and then sell the reports to third parties.
Consumers do not voluntarily provide information to CRAs, nor do they have the ability to opt
out of this information collection process. Though CRAs provide a service in facilitating
information sharing for financial transactions, they do so by amassing large amounts of sensitive
personal data—a high-value target for cyber criminals.1 Consequently, CRAs have a heightened
responsibility to protect consumer data by providing best-in-class data security.
In 2005, former Equifax Chief Executive Officer (CEO) Richard Smith embarked on an
aggressive growth strategy, leading to the acquisition of multiple companies, information
technology (IT) systems, and data. While the acquisition strategy was successful for Equifax’s
bottom line and stock price, this growth brought increasing complexity to Equifax’s IT systems,
and expanded data security risks. In August 2017, three weeks before Equifax publicly
announced the breach, Smith boasted Equifax was managing “almost 1,200 times” the amount of
data held in the Library of Congress every day.2
Equifax, however, failed to implement an adequate security program to protect this
sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such
a breach was entirely preventable.
On March 7, 2017, a critical vulnerability in the Apache Struts software was publicly
disclosed. Equifax used Apache Struts to run certain applications on legacy operating systems.
The following day, the Department of Homeland Security alerted Equifax to this critical
vulnerability. Equifax’s Global Threat and Vulnerability Management (GTVM) team emailed
this alert to over 400 people on March 9, instructing anyone who had Apache Struts running on
their system to apply the necessary patch within 48 hours. The Equifax GTVM team also held a
March 16 meeting about this vulnerability.
Equifax, however, did not fully patch its systems. Equifax’s Automated Consumer
Interview System (ACIS), a custom-built internet-facing consumer dispute portal developed in
1 After the Breach: The Monetization and Illicit Use of Stolen Data: Hearing Before the Subcomm. on T ...
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
It’s an all Equifax breach/Apache Struts/ CVE-2017-5638 issue of Open Source Insight this week as we examine how an unpatched open source flaw and an apparent lack of diligence exposed sensitive data for over 140 million US consumers. We look at what happened, how you can see if you’ve been affected by the breach, and discuss whether you should replace Struts with another framework.
· Identify the stakeholders and how they were affected by Heene.docx
· Identify the stakeholders and how they were affected by Heene's actions?
· 2. What stage of moral reasoning is exhibited by Richard Heene's actions? Do you believe the punishment fit the crime? Why or why not?
· 3. Explain how the cognitive-developmental approach influences one's ability to make ethical judgments.
4. How do you assess at what stage of moral development in Kohlberg's model you reason at in making decisions? Are you satisfied with that stage? Do you believe there are factors or forces preventing you from reasoning at a higher level? If so, what are they?
U.S. House of Representatives
Committee on Oversight and Government Reform
The Equifax Data Breach
Majority Staff Report
115th Congress
December 2018
2
Executive Summary
On September 7, 2017, Equifax announced a cybersecurity incident affecting 143 million
consumers. This number eventually grew to 148 million—nearly half the U.S. population and 56
percent of American adults. This staff report explains the circumstances of the cyberattack
against Equifax, one of the largest consumer reporting agencies (CRA) in the world.
Equifax is one of several large CRAs in the United States. CRAs gather consumer data,
analyze it to create credit scores and detailed reports, and then sell the reports to third parties.
Consumers do not voluntarily provide information to CRAs, nor do they have the ability to opt
out of this information collection process. Though CRAs provide a service in facilitating
information sharing for financial transactions, they do so by amassing large amounts of sensitive
personal data—a high-value target for cyber criminals.1 Consequently, CRAs have a heightened
responsibility to protect consumer data by providing best-in-class data security.
In 2005, former Equifax Chief Executive Officer (CEO) Richard Smith embarked on an
aggressive growth strategy, leading to the acquisition of multiple companies, information
technology (IT) systems, and data. While the acquisition strategy was successful for Equifax’s
bottom line and stock price, this growth brought increasing complexity to Equifax’s IT systems,
and expanded data security risks. In August 2017, three weeks before Equifax publicly
announced the breach, Smith boasted Equifax was managing “almost 1,200 times” the amount of
data held in the Library of Congress every day.2
Equifax, however, failed to implement an adequate security program to protect this
sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such
a breach was entirely preventable.
On March 7, 2017, a critical vulnerability in the Apache Struts software was publicly
disclosed. Equifax used Apache Struts to run certain applications on legacy operating systems.
The following day, the Department of Homeland Security alerted Equifax to this critical
vulnerability. Equifax’s Global Threat and Vulnerability Management (GTVM) ...
Phishing
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is a fraudulent e-mail that attempts to get you to divulge personal data that can then be used for illegitimate purposes.
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
A white paper promoting identity theft protection as a must-have employee benefit
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
Slides from the 2014 GRC Conference Presented by:
Jeff Spivey, CRISC, CPP
Vice President of Strategy, RiskIQ, Inc.
President, Security Risk Management, Inc
Adair Barton, CPA, CISA
Vice President of Internal Audit
Dycom Industries, Inc.
and
David A. Less, CISA, CISM
CIO & SVP
Sunteck, Inc.
Cyber security legal and regulatory environment - Executive Discussion
What will you do when a breach occurs, and critical, confidential information has been publicly disclosed?
• FBI, Law Enforcement or Reporter Calls
• You become the Top News Story
• Investors need answers
• Regulatory Agencies are asking questions
• Your Customers, Suppliers, and Employees are affected, concerned, and need information
• The Breach becomes your only priority and you don’t know:
o What happened and what was disclosed?
o Who is responsible for resolution and who is on our team?
o What are our legal responsibilities?
o How will we manage the surge volume of communications, discovery and analysis?
o Who will pay?
The following presentation begins to address some of the legal and regulatory issues that are involved. The presentation is for discussion purposes only and should not be considered legal advice.
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
What is Network Security and Why is it Needed?
This presentation explains basics about What is Network Security, and Why it is Needed? There are two case studies - Heartbleed and Wannacry.
The Equifax Data Breach - How to Tell if You've Been Impacted
Equifax, one of the largest credit reporting agencies in the United States, was recently the victim of a massive cyber attack - an attack that may have compromised the personal information of 143 million people. Learn how to see if you've been impacted.
Equifax Flyer Aug 2017
Equifax, one of the largest credit reporting agencies in the
United States, was recently the victim of a massive cyber
attack—an attack that may have compromised the personal
information of 143 million people.
Social Engineering 2.0
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
Similar to Equifax data breach (20)
Data Security Read the article below and answer the following questi.pdf
Data Security Read the article below and answer the following questi.pdf
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
The Equifax Data Breach Case Page 1 of 4 Equifax, alo.docx
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
U.S. House of Representatives Committee on Oversight and G.docx
U.S. House of Representatives Committee on Oversight and G.docx
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
· Identify the stakeholders and how they were affected by Heene.docx
· Identify the stakeholders and how they were affected by Heene.docx
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
The Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been Impacted
More from Sajib Sen
An empirical study on algorithmic bias
In all goal-oriented selection activities, an existence
of certain level of bias is unavoidable and may be desired for
efficient artificial intelligence based decision support systems.
However, a fair independent comparison of all eligible entities is
essential to alleviate explicit bias in competitive marketplace. For
example, searching online for a good or service, it is expected that
the underlying algorithm will provide fair results by searching all
available entities in the category mentioned. However, a biased
search can make a narrow or collaborative query, ignoring
competitive outcomes, resulting customers in costing more or
getting lower quality products or services for the money they
spend. This paper describes algorithmic bias in different contexts
with examples and scenarios, best practices to detect bias, and
two case studies to identify algorithmic bias.
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
A 12V, 2.4W battery less solar power controller (BLSPC), capable of driving load at constant low power, has been proposed, designed and practically implemented with minimal efficiency sacrifice irrespective of solar radiance variation. This device utilizes power electronic circuits, more specifically a Buck-Boost DC-DC converter along with Maximum Power Point Tracking (MPPT) algorithm to perform the desired task. Starting from 100w/solar radiation the controller can provide constant power 2.4 watts at 12V without using any storage facilities. The output voltage can be adjusted to any desired level from 0V to 12V DC depending on the application at consumer premises. In this work, efficiency up to 90% at shadow weather phenomenon has been achieved. Moreover, this power controller can be used in consumer premises for direct-coupled system with solar panel irrespective of solar radiation variance.
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
Cervical cancer becomes the second most frequent cancer for women with high mortality rate
depending on its stage. Early detection of this cancer can cure 100% to the patients. Existing
histopathological techniques like Pap test, biopsy are the very expensive and exhausting
procedure for detecting pre-cancerous or post-cancerous lesion. To aid the clinicians to make
decisions at first visit like confirmation of absence of cancer, identifying the optimum biopsy
site for detection of high graded CIN, electrical impedance measurement of cervix tissue is
very user-friendly and faster process as well as non-invasive way for detection of CIN. A
device named ZedScan, which is commercially available for detecting CIN adjunct to
colposcopy shows better performance and specificity than colposcopy alone. But due to its
very high retail price, it’s not affordable for people of developing countries as well as in every
clinics and hospitals. To serve and help the people of developing countries a device like
ZedScan should be made in most cost-effective way. From this motivation, we began our
research work and tried to implement a device like ZedScan with some modification of our
own. In order to differentiate the cancerous cell from non-cancerous a system has been
modeled and implemented. Because of small surface area and very much soft tissue of cervix,
low current (like 10 µA) is applicable to flow through the tissues as sensitivity depends one-third of its electrodes separation. A probe containing four electrodes in equal distance with a much smaller diameter (5 mm) has been designed and impedance measurement also has been
performed by this probe. To test the accuracy and performance of the designed circuit’s some
vegetable slice and saline water with different concentration had been used as a phantom.
Sciospec (commercially available bioimpedance instrument) was used to measure the
impedance of the same sample and a comparison was made between the data found from
Sciospec and our designed circuit for calibration.
A Crowdsourcing Review Technique to Prevent Spreading Fake News
A Crowdsourcing Review Technique to Prevent Spreading Fake News
Raspberry-Pi GPIO
Basic recipes to set-up and use Raspberry-Pi’s general-purpose input/output connector
An Updated Survey on Niching Methods and Their Applications
An Updated Survey on Niching Methods and Their Applications
Binary classification with logistic regression algorithm using hadoop
A distributed computing process
has been performed on a classification dataset using logistic regression as a machine learning
model. We also examined how distributed computing for large dataset is
useful in terms of time complexity .
Keywords: Logistic regression · Binary Classification · Distributed computing · Hadoop · MapReduce
Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) C...
A machine learning based Distributed Denial of Service (DDoS) attack detection system, implemented in a virtual SDN environ-ment testbed, has been presented in this paper. This system identi es whether any incoming tra c in a network is a DDoS type or not. To implement this approach, we applied AdaBoosting with decision stump as a weak classi er to train our model on a private network dataset in SDN environment. Our model showed up to 93% detection accuracy with a low false-positive rate. We have also tested and compared our model's accuracy with di erent machine learning algorithms and presented the result.
Keywords: Software Defined Network Machine Learning Network Intrusion Detection System Distributed Denial of Service
More from Sajib Sen (12)
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
A Crowdsourcing Review Technique to Prevent Spreading Fake News
A Crowdsourcing Review Technique to Prevent Spreading Fake News
An Updated Survey on Niching Methods and Their Applications
An Updated Survey on Niching Methods and Their Applications
Binary classification with logistic regression algorithm using hadoop
Binary classification with logistic regression algorithm using hadoop
Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) C...
Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) C...
Recently uploaded
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Building Electrical System Design & Installation
Guide for Building Electrical System Design & Installation
Final project report on grocery store management system..pdf
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
SFU毕业证原版定制【微信:176555708】【西蒙菲莎大学毕业证成绩单-学位证】【微信:176555708】(留信学历认证永久存档查询)采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
◆◆◆◆◆ — — — — — — — — 【留学教育】留学归国服务中心 — — — — — -◆◆◆◆◆
【主营项目】
一.毕业证【微信:176555708】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【微信:176555708】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分→ 【关于价格问题(保证一手价格)
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
选择实体注册公司办理,更放心,更安全!我们的承诺:可来公司面谈,可签订合同,会陪同客户一起到教育部认证窗口递交认证材料,客户在教育部官方认证查询网站查询到认证通过结果后付款,不成功不收费!
学历顾问:微信:176555708
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Nuclear Power Economics and Structuring 2024
Title: Nuclear Power Economics and Structuring - 2024 Edition
Produced by: World Nuclear Association Published: April 2024
Report No. 2024/001
© 2024 World Nuclear Association.
Registered in England and Wales, company number 01215741
This report reflects the views
of industry experts but does not
necessarily represent those
of World Nuclear Association’s
individual member organizations.
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
学校原件一模一样【微信:741003700 】《(ANU毕业证书)澳洲国立大学毕业证》【微信:741003700 】学位证,留信认证(真实可查,永久存档)原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原。
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
【主营项目】
一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Horizon Generation
Student information management system project report ii.pdf
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Recycled Concrete Aggregate in Construction Part III
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
Recently uploaded (20)
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Fundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptx
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
Student information management system project report ii.pdf
Student information management system project report ii.pdf
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
Tutorial for 16S rRNA Gene Analysis with QIIME2.pdf
Tutorial for 16S rRNA Gene Analysis with QIIME2.pdf
Equifax data breach
- 4. Equifax announced that on September 7th 2017, 143 million US based users and unknown number of Canadian users had their • FULL NAME • SOCIAL SECURITY NUMBER • ADDRESS • DATE OF BIRTH • DIVER’S LICENSE NUMBER • CREDIT HISTORY Source: https://www.govinfosecurity.com 4
- 6. • If you cut out the under 18’s you might be looking at percentage of 58% of adults who are hacked now. • If you ever help or inquired about a credit card, cell phone account, security clearance, jobs, electric service, water service, housing rent, internet service, universities you are most likely affected. • This isn’t like other hacks where credit card information was out, where you could cancel a credit card. • It’s like someone cloned you for the express purpose of that person opening up credit cards in your name and maxing it out. 6
- 7. • 143 million U.S. consumers' personal details, including names, birthdates, addresses, Social Security numbers and in some cases driver's license numbers. • 209,000 U.S. consumers' payment cards. • 182,000 U.S. consumers' credit dispute documents, containing personal information. • 400,000 British consumers' personal details, which Equifax was accidentally storing on its U.S. servers. • 100,000 Canadian consumers' personal details. Breach Report Source: https://www.govinfosecurity.com 7
- 8. How it has been attacked? 8
- 9. • Equifax failed to patch a vulnerability in Apache Struts - a web application development framework - in a timely manner. • Equifax has confirmed that attackers entered its system in mid-May 2017, through the patch available in March. • The vulnerability was Apache Struts CVE-2017-5638. • It allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017. 9 Source: https://nvd.nist.gov/vuln/detail/CVE-2017-5638
- 10. What to do now? 10
- 11. 1. Get a credit report right now! 2. Monitor your credit! 3. Initiate a credit freeze (optional). If you are part of this affected group : 11
- 12. • The breach of Equifax is a shining example of what happens when you do not prepare for data breach response ahead of time. • Though Equifax ironically provides identity theft protection services it has been hacked with most valuable information from it’s server. Conclusion 12