Equifax, an Atlanta, Georgia-based data analytics firm, drew flak from the US Senate as the latter left no stone unturned in criticizing the Atlanta based firm on its 2017 data breach incident.
Earlier, in 2017, data specialist Equifax suffered a major data breach, potentially affecting around 146 million US consumers. As per the company reports, hackers made their way through by exploiting an application vulnerability in a US website, allowing them access to certain files. The data breach incident happened from mid-May 2017 through to July 2017.
Last year, in May 2018, Equifax submitted a letter explaining the impacted customers and additional insights on the data breach to several US Congressional committees. As per the company, data elements impacted include: social security numbers, address information, and 209,000 payment card details (number and expiry date).
In response, the Senate released a detailed 71-page investigation report, subtly titled: “How Equifax neglected cybersecurity and suffered a devastating data breach”. The report bluntly puts how the Atlanta-based analytics firm failed to prioritize cybersecurity, and further goes on criticizing it in a repetitive manner raising firm eyebrows on Equifax’s actions and them waiting six long weeks to reveal the breach.
The report going into the details and technicalities of the breach explains how Equifax, which had no standalone written corporate policy governing the known cyber vulnerability patching until 2015, when conducted an audit of its patch management efforts, identified a heavy backlog of over 8,500 known vulnerabilities yet to patched.