Incident Report Summary:
In July 2017, Equifax experienced a significant data breach impacting approximately 147 million individuals. Compromised data included names, addresses, dates of birth, Social Security numbers, drivers license numbers, and credit card information of around 200,000 customers who paid for credit reports.
Detailed Overview:
The breach originated in March 2017 when a vulnerability was discovered in Apache Struts, an open-source framework used by Equifax for enterprise Java applications. Despite a patch release on March 7, Equifax administrators failed to apply it to affected systems on March 9. On March 15, scheduled scans to identify vulnerabilities yielded no flags or systems requiring patching. The breach likely began on March 10, with attackers becoming active on May 13, 2017, moving through compromised servers until July. Exploiting poor data governance, attackers accessed databases containing information on millions. Encryption of data hindered detection, exacerbated by Equifax’s failure to renew a public key certificate in July 2019, discovered only on July 29, 2019. Equifax internally investigated for a month before disclosing the incident on September 8, 2017. Despite the breach affecting nearly 143 million Americans, no cases of fraud or identity theft have been traced back to the incident. Equifax spent $1.4 billion on security upgrades, offering affected customers a meager $125 compensation. In February 2020, the U.S. DOJ charged four Chinese military members, underlining the severity of the attack.
Major Findings:
- Attackers accessed Equifax’s internal systems through a third party.
- Equifax neglected to renew public key certificates for almost 10 months.
- Failure to patch Apache Struts as instructed.
- Approximately 147 million people were affected.
- The attack, believed to be Chinese state-sponsored, aimed at espionage, not theft.
Recommendations for Remediation:
- Implement network segmentation for heightened security.
- Enhance data governance, restricting access to sensitive information.
- Regularly patch and update databases to counter daily cyber threats.
- Conduct awareness and training for staff on timely security measures.
Conclusion:
This cyberattack stands as one of the most significant in history, impacting a vast number of individuals. It underscores the importance of addressing key findings, particularly instances where employees neglect cybersecurity measures. Comparison with other major incidents reveals a recurring theme of losses stemming from inadequate patching or cybersecurity system upgrades, whether due to ignorance or budget constraints.
