A Brief History of Equifax Security Fails

September 18, 2017
Forbes

In one case, it had to change its ways following a class action lawsuit over an alleged lapse in security. That suit related to a May 2016 incident in which Equifax's W-2 Express website had suffered an attack that resulted in the leak of 430,000 names, addresses, social security numbers and other personal information of retail firm Kroger. Lawyers for the class action plaintiffs argued Equifax had "wilfully ignored known weaknesses in its data security, including prior hacks into its information systems."

Equifax sought to have the case thrown out with prejudice (i.e. the matter would be closed permanently), arguing the plaintiffs were basing their demand for compensation, as much as $5m, on "speculative and hypothetical injuries." In the end, the case was dropped without prejudice (i.e. the claims could be brought again), with the stipulation that Equifax fix a glaring security issue. The flaw was the result of an Equifax decision to have client employees access their data with the use of default PIN numbers. The PINs, according to the plaintiff complaint, consisted of the last four digits of an individual's social security number and their four-digit year of birth. A determined hacker could gather such information by scouring the web, or duping a target into coughing up the information. In closing the case, Equifax agreed to stop using those default PINs.

But problems with PINs appeared to have continued after that settlement in September last year. As independent cybersecurity reporter Brian Krebs reported in May 2017 an Equifax note to customers that hackers had used personal information to guess personal questions of employees in order to reset the 4-digit PIN given and stolen tax data. In its disclosure, Equifax said the unauthorized access to the information occurred between April 17 2016 and March 29 the following year.

In January 2017, Equifax was forced to confess to a data leak in which credit information of a "small number" of customers at partner LifeLock had been exposed to another user of the latter's online portal.

Read Full Article

    RELATED CONTENT

    RELATED VIDEOS

    Global Supply Chain Management Regulation & Compliance Supply Chain Security & Risk Mgmt High-Tech/Electronics
    KEYWORDS Global Supply Chain Management High-Tech/Electronics Regulation & Compliance SC Security & Risk Mgmt
    Forbes

    From Virtual Restaurants to Exclusive Pop-Ups, the New War in Food Delivery Is in the Kitchen

    More from this author

    Popular Stories

    Digital Edition

    Cover nov 24 scb q4 2024

    Supply Chain Innovation 2024: A Formula for Thriving in the Age of Disruption

    VIEW THE LATEST ISSUE

    Case Studies

    Visit Our Sponsors

    AutoStore Beumer Group Brightdrop
    CHEP Cleo Coenterprise
    Comarch Commport Cycle Labs
    Dassault Descartes Enveyo
    Eva Air Exiger ForwardX Robotics
    Frayt Generix Geodis
    Georgetown University GEP Holman Logistics
    iGPS Integrity Staffing JLL
    Kinaxis Korber LoadSmart
    Lucas Systems Manhattan Associates Netstock
    OWD Old Dominion Ortec
    PartnerLinQ (Visionet) Plante Moran Quickbase
    RapidRatings Rockwell Automation SAP
    S&P Global Mobility TADA Tecsys
    Werner Enterprises Zebra Technologies