Reuters is reporting that credit-reporting company Equifax Inc will pay up to a record $650 million to settle U.S. federal and state probes into a massive 2017 data breach of personal information, authorities said on Monday. The largest-ever settlement for a data breach draws to a close multiple probes into Equifax by the Federal Trade Commission, the Consumer Financial Protection Board and nearly all state attorneys general.
BREAKING: Equifax will pay $700 million to settle 2017 data breach that exposed private information of nearly 150 million people. https://t.co/bJ7qIt2q62
— The Associated Press (@AP) July 22, 2019
Experts Comments
Ben Goodman
July 29, 2019
Senior Vice President, Global Business and Corporate Development
ForgeRock
To avoid a similar fate – and huge $700 million fine – organizations must adopt an identity-centered, Zero Trust security program.
Even though Equifax’s breach is largely due to the company’s failure to remediate the gap in Apache Struts, the attackers were successful in siphoning 147 million Americans’ sensitive personally identifiable information (PII) due to Equifax’s lack of data governance. Equifax failed to set risk-based limits on access to important information such as usernames and passwords, therefore allowing the hackers to run around 9,000 total queries to find PII data sources on its network.
To.....Read More
Unfortunately, the missteps that led to the breaches reflect widespread poor data governance and digital asset security.
The past two weeks’ stiff penalties for data security and privacy mishaps here in the US and across the pond, signal a sea change in how companies across the world must handle the consumer data they amass and distribute. Unfortunately, the missteps that led to the breaches reflect widespread poor data governance and digital asset security. These breaches are avoidable, however, with an effective security strategy that addresses the risks inherent in the digital environment. Knowing who runs.....Read More
There’s no silver bullet. There’s no one thing that mitigates the exposure.
I’m far from an Equifax apologist, but the truth is it could have been anyone. It’s not an excuse, but rather the reality we live in. The best outcome isn’t Equifax making the situation right – although that is important for all of those affected – it’s everyone else learning that the price to be paid outweighs the inconvenience of ensuring proper measures are taken to secure the data that puts them at risk in the first place. And it’s got to be from the ground up too. There’s.....Read More
This sets a new precedent and a wake-up call to all businesses to be extremely careful.
We’ll see more and more regulators to “bring the hammer down” and levy some of the largest fines ever seen to raise the sense of urgency on businesses to protect their client sensitive information. This time it’s FTC, next could be European GDPR, then upcoming California Consumer Privacy Act, and then many other privacy regulators worldwide.
European GDPR has a fine of up to 4% of global revenues while FTC seems headed towards much heftier fines with about ~9% on Facebook and ~25%.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Chris Kennedy, CISO and VP of Customer Success , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"They spent $250 million on cybersecurity investments—yet still suffered one of the worst data breaches of all time. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-commentary-on-equifax-settlement
Facebook Message
@Chris Kennedy, CISO and VP of Customer Success , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"They spent $250 million on cybersecurity investments—yet still suffered one of the worst data breaches of all time. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-commentary-on-equifax-settlement