3 Pemimpin Dr, #06-04 (07), Singapore 576147
+65 8839 6772

The Equifax Breach – Constant Surveillance is Key

The Equifax Breach – Constant Surveillance is Key


Equifax, a major United States credit reporting agency, was breached in March 2017, with attackers accessing personal information of at least 145.5 million individuals. Equifax specifically traffics in personal data and with this breach, more than 40 percent of the population of the United States — names, addresses, dates of birth, Social Security numbers, and drivers’ licenses numbers were exposed.

Equifax’s investigation of the breach highlighted a number of security lapses that allowed attackers to enter supposedly secure systems and exfiltrate terabytes of data.

Security Lapses

  1. Attackers gained access initially via a vulnerability in the consumer complaint web portal. The vulnerability was supposed to be patched out, but due to negligence in the internal processes, wasn’t.
  2. As systems weren’t adequately segmented from one another, attackers were able to move from the web portal to other servers and were able to find usernames and passwords stored in plain text, allowing them to further access other systems.
  3. Equifax had crucially failed to renew an encryption certificate on one of their internal security tools. As a result, attackers were able to pull data out of the network undetected for months.
  4. On March 15, Equifax’s IT department apparently ran a series of scans aimed at identifying vulnerabilities and unpatched systems; however, none of the vulnerable systems were flagged or patched.

Learning Points

The breach highlighted two major vulnerabilities in the internal processes and that is the lack of staff awareness when it comes to cyber and data security and the ineffectiveness of existing processes and software. Both aspects have to work hand in hand to protect and safeguard company assets.

  1. Constant updates and consistent monitoringThere is a need for staff to constantly communicate with data systems and monitor for anomalies and vulnerabilities. Constant updates of the systems and a functioning software to conduct vulnerability assessments are also essential.
  2. Importance of Agile Methodology in frameworks and processesAgile methodology should be adopted in internal processes. Agile methodology emphasizes adaptiveness, collaboration, flexibility, continuous improvement, and high-quality results. Some of its best practices include:
    1. User StoriesA tool used to explain a software feature from an end-user perspective, it helps to create a simplified description of a requirement by picturing the type of user of the product, what they want, and the reason(s) for it. For instance: As a [role], I want [feature], because [reason].
    2. Automated TestsPerforming automated tests keeps the team informed about which of the code changes are acceptable, and whether or not a functionality is working as planned.
    3. Continuous IntegrationIt involves keeping the code up to date by producing a clean build of the system few times per day. With a rule stating that programmers never leave anything unintegrated at the end of the day, it enables the delivery of a product version suitable for release at any moment.
  3. Importance of implementing an incident response plan and disaster recovery planIn the unfortunate event that a breach occurs, implementing an incident response and disaster recovery plan is essential. This ensures that the organisation and all its employees are prepared to respond swiftly and recover quickly. It is crucial to contain the breach, isolate it, prevent attackers from assessing other parts of the system to prevent further leaks of data and mitigate the damage done.

    Cyberattacks cut across levels and departments and employees at all levels (low- medium – top) have to be well trained to be aware of possible cyber threats (e.g. safety precautions before downloading software off the net) and response plans to deal with cyber breaches and mitigate damage.

    In addition, cyber awareness programs should be as comprehensive as possible and made available to staff at all levels. This is so that employees will become aware of even more issues than they are exposed to beyond department and levels and well equipped to deal with any potential cyber breach.

    Being proactive is a must; an investment in organisation’s protection and employees’ awareness will prove to be more affordable than the subsequent financial losses due to a cyberattack.

Aftermath 2 Years On

Equifax’s reputation took a big hit from the breach, with its financial rating downgraded. In addition, the financial damage was substantial with the company incurring a hefty price tag of $1.4 billion on cleaning up costs and improvements to the data systems and at least $1.38 billion pay-outs in resolution fees for affected consumers.

Enjoyed this article? Curious to find out how you can better protect your organisation, data systems and critical accounts in the event of a cyberattack? Contact us now for an in-depth consultation to obtain cyber security measures best tailored for your needs. CyberForSec®  team will work with your employees, train them in cyber security awareness and guide them in adopting the appropriate cyber security skills in their work processes.