The senator also sent letters to federal agencies to ascertain their authorities to prevent and respond to cybersecurity incidents. She also sought information from Experian and TransUnion regarding their cybersecurity practices, and she wrote to the IRS seeking information regarding the agency’s decision to award a contract to verify taxpayer identities to Equifax. The Senator requested information from Equifax and questioned the former CEO during a Senate hearing. Senator Elizabeth Warren’s office conducted its own investigation of the Equifax data breach. The bill passed the House in 2016 but stalled in the Senate. The report emphasized the importance of implementing modern IT technology both in the private sector and the federal government and noted the Committee’s passage of the Modernizing Government Technologies Act. The Committee recommended that the federal government review whether the FTC has sufficient authorities to effectively monitor CRA’s, that the GAO review current identity monitoring and protection practices, that OMB establish clear requirements for federal contractors to reduce cybersecurity risks, and that the executive branch explore alternatives to Social Security numbers as a means of identification and authorization. For the private sector, the Committee’s report recommended that credit reporting agencies (CRA) increase transparency in their data collection practices and in its cybersecurity measures and prioritize investment into modernized tools and technology. The investigators determined that the security breach could have been prevented had Equifax monitored its cybersecurity risks and acted to secure the data. The House Committee on Oversight and Government Reform launched an investigation to identify the conditions that allowed for the breach to occur.
The four were members of China’s 54th Research Institute. The FBI led a multinational investigation into the data breach and traced the attack to Chinese military-backed hackers Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei. Under Mulvaney, the CFPB did not order subpoenas or seek interviews with Equifax executives. However, Cordray resigned in November, and Mick Mulvaney, the new Director, halted the probe. The Consumer Financial Protection Bureau Director at the time, Richard Cordray, authorized an investigation into the the data breach. Equifax was unable to detect the breach due to an expired security certificate, and the infiltration was not discovered until July 30th, 76 days after the attack was initiated. On May 13th, attackers infiltrated Equifax’s system and located unencrypted usernames and passwords which allowed access to systems outside of ACIS.
EQUIFAX DATA BREACH SETTLEMENT 2021 INSTALL
However, Equifax failed to install the patch on its Automated Consumer Interview System (ACIS).
EQUIFAX DATA BREACH SETTLEMENT 2021 SOFTWARE
The vulnerability was publicly disclosed on March 7, 2017, the Department of Homeland Security notified Equifax of the threat posed by the vulnerability on March 8th, and on March 9th Equifax’s Global Threat and Vulnerability Management team emailed Equifax employees instructing all who were running Apache Struts software to install the patch. The security breach originated with a vulnerability in the Apache Struts software that Equifax used to run certain applications. On September 17, 2017, Equifax announced that a cybersecurity breach had exposed the information of 143 million consumers, a number that was later amended to 148 million.
0 kommentar(er)
