In May 2017, it was revealed that Equifax has joined other high-profile companies including Marriott, Home...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
In May 2017, it was revealed that Equifax has joined other high-profile companies including Marriott, Home Depot Inc., Target Corporation, Anthem, Blue Cross, and Yahoo! as a victim of cyberattacks. Equifax is one of the largest credit-rating companies in the United States and operates or has investments in 24 countries and employs over 11,000 employees worldwide. Hackers gained access to the Equifax network in mid-May 2017 and attacked the company for 76 days. In July 29, 2017, Equifax staff discovered the intrusion during routine checks of the operating status and configuration of IT systems. This was 76 days after the initial attack. Hackers accessed Social Security numbers, dates of birth, home addresses, and some driver's license numbers and credit card numbers, which impacted over 148 million people. The security system at the company did not keep up with the aggressive company growth and the company failed to modernize its security system. According to the report the company did not take action to address vulnerabilities that it was aware of prior to the attack. According to Equifax, hackers exploited a software vulnerability known as Apache Struts CVE-2017-5638. This vulnerability was disclosed back in March 2017. There were clear and simple instructions of how to fix the problem from the software provider Apache. It was the responsibility of Equifax to follow the recommendations offered by Apache right away. According to Apache, software patches were made available in March two months before hackers began accessing Equifax data. In addition to the previously mentioned vulnerability, the hackers found a file containing unencrypted usernames and passwords. Hackers also found an expired security certificate on a device for monitoring network traffic. This indicated that Equifax did not detect that data was being stolen. The Government Accountability Office (GAO) report indicated that the hack took place because Equifax failed to segment its databases into smaller networks. This, in turn, allowed the attackers a direct and easy access to all of its customers' data. As part of fixing the security issues the company hired a new chief information security officer, Jamil Farshchi, and has invested $200 million on data security infrastructure. 1. Which vulnerability enabled hackers to breach the security system at Equifax? 2. Was the breach preventable? Discuss. 3. How is the company going to stop future attacks? In May 2017, it was revealed that Equifax has joined other high-profile companies including Marriott, Home Depot Inc., Target Corporation, Anthem, Blue Cross, and Yahoo! as a victim of cyberattacks. Equifax is one of the largest credit-rating companies in the United States and operates or has investments in 24 countries and employs over 11,000 employees worldwide. Hackers gained access to the Equifax network in mid-May 2017 and attacked the company for 76 days. In July 29, 2017, Equifax staff discovered the intrusion during routine checks of the operating status and configuration of IT systems. This was 76 days after the initial attack. Hackers accessed Social Security numbers, dates of birth, home addresses, and some driver's license numbers and credit card numbers, which impacted over 148 million people. The security system at the company did not keep up with the aggressive company growth and the company failed to modernize its security system. According to the report the company did not take action to address vulnerabilities that it was aware of prior to the attack. According to Equifax, hackers exploited a software vulnerability known as Apache Struts CVE-2017-5638. This vulnerability was disclosed back in March 2017. There were clear and simple instructions of how to fix the problem from the software provider Apache. It was the responsibility of Equifax to follow the recommendations offered by Apache right away. According to Apache, software patches were made available in March two months before hackers began accessing Equifax data. In addition to the previously mentioned vulnerability, the hackers found a file containing unencrypted usernames and passwords. Hackers also found an expired security certificate on a device for monitoring network traffic. This indicated that Equifax did not detect that data was being stolen. The Government Accountability Office (GAO) report indicated that the hack took place because Equifax failed to segment its databases into smaller networks. This, in turn, allowed the attackers a direct and easy access to all of its customers' data. As part of fixing the security issues the company hired a new chief information security officer, Jamil Farshchi, and has invested $200 million on data security infrastructure. 1. Which vulnerability enabled hackers to breach the security system at Equifax? 2. Was the breach preventable? Discuss. 3. How is the company going to stop future attacks?
Expert Answer:
Related Book For
Auditing a risk based approach to conducting a quality audit
ISBN: 978-1133939153
9th edition
Authors: Karla Johnstone, Audrey Gramling, Larry Rittenberg
Posted Date:
Students also viewed these finance questions
-
Googles ease of use and superior search results have propelled the search engine to its num- ber one status, ousting the early dominance of competitors such as WebCrawler and Infos- eek. Even later...
-
The Crazy Eddie fraud may appear smaller and gentler than the massive billion-dollar frauds exposed in recent times, such as Bernie Madoffs Ponzi scheme, frauds in the subprime mortgage market, the...
-
Managing Scope Changes Case Study Scope changes on a project can occur regardless of how well the project is planned or executed. Scope changes can be the result of something that was omitted during...
-
What are the premises for successful paleostress analysis?
-
Make an argument for the taxi company and its passengers that Hertzs insurance coverage did apply.
-
White light falling on two long narrow slits emerges and is observed on a distant screen. If red light ( 0 = 780 nm) in the first-order fringe overlaps violet in the second-order fringe, what is the...
-
Define the correlation coefficient, \(ho_{X Y}\).
-
Rembrandt Company acquired a plant asset at the beginning of Year 1. The asset has an estimated service life of 5 years. An employee has prepared depreciation schedules for this asset using three...
-
One of the products that the sporting - goods retail chain, Sports World, sells is parachutes. In the first quarter of 2 0 2 4 , Sports World sold 6 5 0 parachutes. Budgeted sales for the remainder...
-
The Kentucky Derby is held the first Saturday in May at Churchill Downs in Louisville, Kentucky. The race track is one and one-quarter miles. The following table shows the winners since 2000, their...
-
The speed of light is approximately 3.0 X 10 8 meters per second (670,616,629 miles per hour). The distance from Earth to Mars varies because their orbits around the Sun are independent. On average,...
-
Is there any need to have components in object oriented design? Justify your answer.
-
How would you derive the market demand curve for a private good and a public good?
-
Define a consumers budget constraint, and explain why it matters when making optimal consumption decisions.
-
What is an attribute? Give its types.
-
List the techniques of OOA based on similarity-based analysis.
-
The preclosing trial balance at December 31, 20X1, for Lone Wolf's general fund follows. Cash Property Taxes Receivable-Delinquent Allowance for Uncollectibles-Delinquent Due from other Funds...
-
Briefly discuss the implications of the financial statement presentation project for the reporting of stockholders equity.
-
In February 2012, the Wall Street Journal reported that Diamond Foods Inc. fired its CEO and CFO, and would restate financial results for two years. The restatement was required after the company...
-
The following questions address issues concerning internal control. Ford 10-K and Toyota 20-F a. Both Ford and Toyota management comment on the fact that internal control over financial reporting has...
-
Refer to Exhibit, which describes the AICPAs rules of conduct. Read Rule 301 and answer the following questions. a. Distinguish between confidential information and privileged communication. b....
-
Randomly list the 10 examples you identified, keeping the rationale for each hidden. Exchange lists with another group. Each group should discuss the list given to it by the other group and classify...
-
Identify at least five products or brands that probably could not use that strategy. Develop a clear rationale to support each example. Heineken is the second-largest brewer in the world, with sales...
-
Identify at least five products or brands you are familiar with that could use the same three-step approach perfected by Heineken for entering foreign markets. Develop a clear rationale to support...
Study smarter with the SolutionInn App