1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

9/8/2017

0 Comments

Equifax Says Cyber Attack May Expose Data of 143 Million Customers

 
Equifax data breach

Equifax Says Cyber Attack May Expose Data of 143 Million Customers

​Equifax, one of the top consumer credit reporting agencies in the US, UK and Canada, publicly acknowledged that it was a victim of a cyber attack that may have exposed data of 143 million US customers – almost half of the total population of the US.
 
The consumer credit reporting agency added that hackers have gained access to limited personal information for certain Canadian and UK customers. The agency further revealed that credit card numbers of close to 209,000 US customers and certain dispute documents with personal identifying information for nearly 182,000 US costumers were accessed by cyber criminals.
 
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” Richard F. Smith, Chairman and Chief Executive Officer of Equifax, said in a statement.
 
While this recent Equifax data breach isn’t the biggest data breach on record – the Yahoo data breach affected one billion customers, this recent Equifax data breach may be the worse in terms of severity.
 
“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” Avivah Litan, a fraud analyst at Gartner told the New York Times.     
 
Aside from credit card numbers, personal identifying information such as names, Social Security numbers, birth dates, addresses and driver’s license numbers were harvested by the hackers in the recent Equifax cyber attack. According to Equifax, cyber criminals gained access to the sensitive files of its customers from mid-May 2017 to July 2017. The company said it discovered the data breach only on July 29 of this year.
 
The May 2017-July 2017 cyber attack wasn’t the only data breach that Equifax experienced. The company has experienced two other data breaches prior to this incident in the past two years.
 
Another data breach incident occurred on the website of TALX – a wholly owned subsidiary of Equifax – between the period of April 17, 2016 to March 29, 2017. Hackers harvested W-2 tax forms of the employees of corporate clients of TALX. On May 15 of this year, the Counsel for TALX Corporation, informed the Attorney General of New Hampshire about the data breach incident. TALX offers payroll-related services for companies.
 
Another data breach incident happened on W-2 Express website, a site owned and managed by Equifax. Hackers again stole W-2 tax forms of the employees of corporate clients of Equifax, including Kroger (the second largest private employer in the US with 443,000 employees) and Stanford University. Between May 2016 to April 2016 Kroger and Stanford informed their current and former employers that they may be vulnerable to tax fraud after hackers downloaded W-2 tax forms from Equifax’s W-2 Express website.
 
W-2 tax forms are used by cyber criminals to file fraudulent tax refunds before the US Internal Revenue Service (IRS). According to the US Department of Treasury (PDF), the US Government issued refunds worth $490 million on 63,000 fraudulent tax returns.

Causes of Data Breaches

​1. W-2 Express Data Breach
Based on a letter sent by Kroger to its employee, as reported by Krebs on Security, hackers gained access to Equifax’s W-2 Express website by using two default log-in information: Social Security number and date of birth.
 
Danger Sign:
A default login using Social Security number and date of birth is a dangerous practice as many customers don’t change this default login. The use of Social Security number and date of birth as login details are also considered as security risk as many data breaches in the past have already gotten hold of these two personally identifiable information.   
 
2. TALX Data Breach
According to TALX, cyber criminals gained access to the website of TALX and harvested W-2 tax forms of customers by successfully answering personal questions used to reset “PlNs” or passwords to access the website.
 
“Because the accesses generally appear legitimate (e.g., successful use of login credentials), TALX cannot confirm forensically exactly which accounts were, in fact, accessed without authorization, although TALX believes that only a small percentage of these potentially affected accounts were actually affected,” TALX said.
 
Danger Sign:
A PIN or one password authentication is an outdated and insecure cyber security measure. A two-factor authentication is a better option, such as one-time tokens sent to a mobile device or email address.
 
3. The 143-Million Data Breach
For the recent data breach, Equifax said that hackers gained access to millions of its customers’ sensitive data by exploiting its US “website application vulnerability”. The company didn’t name the specific vulnerability.
 
Danger Sign:
According to a New York Times article, Equifax was criticized for not learning from past data breaches and for failing to stop thieves “to get the company’s crown jewels through a simple website vulnerability.”
 
Equifax could have put in place multi-layered cyber security defense system on its website so that when hackers manage to break into one layer of defense, it could be stopped by other subsequent defense systems.
 
“We may think one layer of security will protect us – for example, antivirus. Unfortunately for that approach, history has proven that, although single-focus solutions are useful in stopping specific attacks, the capabilities of advanced malware are so broad that such protections inevitably fail,” SANS in its whitepaper "Layered Security: Why It Works" said. “Organizations operating in the digital world today need layers of security ...."
 
The consumer credit reporting giant is currently under scrutiny after three of its managers sold their Equifax shares days after the major data breach at the company was discovered.
 
According to Bloomberg, Chief Financial Officer John Gamble sold shares worth $946,374; president of US information solutions Joseph Loughran exercised options to dispose of stock worth $584,099; and president of workforce solutions Rodolfo Ploder sold $250,458 worth of stock on August 2 of this year – four days after the data breach discovery.
 
Just hours after the official data breach announcement, Equifax shares tumbled 13%, this according to Bloomberg.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit