News & Press: Industry News

Equifax Megabreach: What Not to Do

Thursday, September 14, 2017   (0 Comments)
Posted by: Mary Mack
Share |
Equifax Megabreach: What Not to Do

Equifax, reeling after the alleged executive stock sales prior to disclosure of a breach impacting 143 million consumers’ aggregated credit data, suffered a major stock drop. 

ABA Legal Rebel, Josh Browder, modified his parking ticket bot to generate the small claims forms to sue Equifax for $25,000 without a lawyer. Browder, whose information was part of the breach, is quoted as saying, “I hope that my product will replace lawyers, and, with enough success, bankrupt Equifax.”

Zeynap Tufekci, in the New York Times, cuts most deeply comparing the credit impacting consequences of her late library book return to the consequences the executives at Equifax for the breach.  She calls the breach “maddening” because of the “unforgiving way” the credit industry handles the smallest credit blemishes.

Originally blaming an open source software vulnerability for the breach, the company later named an unpatched Apache Struts application.

According to Bloomberg, Rene Gielen, vice president at the Apache Software Foundation, said in an email to Bloomberg Thursday that the group doesn’t have reliable information on how long it takes companies to apply patches for vulnerabilities. While firms usually act within hours or days after an announcement, some companies don’t patch for years, he said.

According to Ars Technica, in its coverage last March of the mitigation of the Struts vulnerability, patching the “security hole was labor intensive and difficult, in part because it involved downloading an updated version of Struts and then using it to rebuild all apps that used older, buggy Struts versions.”  

MoFo’s John P. Carlin and  David Newman critique the Equifax response, with tips for future breaches in CNBC.  MoFo stated that the response should never be part of the problem. Initially, consumers inquiring about whether their information was part of the breach appeared to need to waive future litigation rights.

As shocking as this breach was, it is not the first and is not the last. Kim Crawley compares some of the more recent high profile breaches, including root causes and the public relations handling in this article

What our customers say?

©2018 Association of Certified E-Discovery Specialists
All Rights Reserved