GAO Equifax Report: The company has left vulnerable private data on many fronts



[ad_1]

A new report from a government watchdog concludes that Equifax has left vulnerable information on several fronts, which has led hackers to access sensitive personal information from millions of Americans.

The Government Accountability Office released Friday its report on the first anniversary of Equifax's public disclosure after being instructed to write it by Senator Elizabeth Warren, Massachusetts Democrat, who defended the creation of the Office of financial protection of consumers. Elijah Cummings, Democrat of Maryland, who is the eminent member of the House Committee on Government Oversight and Reform.

The GAO report describes in detail how hackers exploited significant vulnerabilities in

EFX -0.11%

to access sensitive personal information of more than 145 million Americans.

According to the GAO, "Equifax determined that several important factors had facilitated the ability of attackers to successfully access its network and retrieve information from databases containing [personally identifiable information]"And that" the key factors behind the violation were in the areas of data identification, detection, segmentation and governance ".

In addition, according to the GAO report, the absence of restrictions at Equifax on the frequency of database queries allowed attackers to execute approximately 9,000 queries without detection from Equifax or its listeners internal or external. .

"As described in the GAO report, since the cybersecurity incident in 2017, Equifax has taken significant steps to strengthen data security protocols and controls, assess and adjust data governance processes and adjust our structure to improve cybersecurity risk management. A declaration. "While we do not agree with all the features of the report, we appreciate the time and effort provided by the US Government Accountability Office to conduct the cybersecurity incident assessment in 2017 and cooperate in good faith .

See also: Equifax auditors are in demand for risk control related to data security

Two Democrats said the report highlights the absence of any enforcement action by the Office of Consumer Financial Protection and the Federal Trade Commission, the two bodies responsible for oversight of credit reporting agencies .

"One year after publicly disclosing the massive violation of 2017, Equifax and other major credit reporting agencies continue to take advantage of a business model that rewards their inability to protect personal information – and the Republican-controlled Congress did nothing. a press release, which called for the adoption of a law called the law on the prevention and compensation of breaches of privacy.

Warren concluded in a previous report that Equifax:

• implement a faulty system to prevent and mitigate data security issues;

• has not informed consumers, investors and regulators of the breach in a timely and appropriate manner;

• took advantage of flaws in federal contracts and failed to adequately protect sensitive data from IRS taxpayers;

• Provided inadequate assistance and information to consumers as a result of the violation.

"This violation and Equifax's response illustrate the need for federal legislation setting appropriate fines for credit reporting agencies that authorize serious cyber security breaches and entitle the Federal Trade Commission to establish basic standards to ensure that agencies given, "recommended Warren.

Lily: The Equifax data breach, in a graph

See also: Still have questions about Equifax a year later? We have the answers

Equifax representatives also briefed Cummings and House oversight committee staff in October 2017 on the actions of its senior officials regarding massive data breach. "It's unclear why the company waited three days to inform the FBI, and it's also unclear whether Equifax contacted [the federal Computer Emergency Readiness Team] During this period, especially since the agency had warned of this vulnerability a few months earlier, "Cummings wrote to the chairman of the committee, Trey Gowdy, a Republican from South Carolina.

Cummings responded to the GAO report: "Now that we know more about what led to the Equifax breach, it is essential to develop serious and concrete proposals to help the Americans who are suffering the consequences of these cyberattacks. devastating. the failures of those responsible for securing their personal information. "

Warren and Senator Mark Warner, a Democrat from Virginia, have sponsored a bill to keep credit reporting agencies like Equifax responsible for data breaches. Under this law, Warren claims that Equifax would have paid at least $ 1.5 billion in penalties for the latest data breach.

Also: Equifax faces the biggest litigation threat from Attorneys General

Lily: Equifax Eliminates Charge of Violation to Claim Earnings Gain

Warren also raised concerns over a $ 7.2 million contract with IRS attributed to Equifax despite the company's recent massive breach. The IRS subsequently issued a stop-work order to suspend Equifax's performance under this short-term sole-source contract. The GAO rejected Equifax's appeal on October 16, 2017 and the IRS chose Experian

EXPN, + 0.43%

for the taxpayer's identity and audit services instead, according to the GAO report.

Do you want news from Europe delivered in your inbox? Subscribe to MarketWatch's free Europe Daily newsletter. register here

[ad_2]
Source link