Equifax Data breach
In 2017 Equifax one of the largest consumer credit reporting agency announced a data breach which exposed over 147 million individuals and their personal information including personal name, home address, phone number, drivers license and credit card numbers.
Information Security disaster happens without prior notice. There were number of security lapses in the system of Equifax and majorly there was Web application vulnerability. According to several reports, the attackers were able to move the data from web portal to another server because the network was not properly segmented from one another. Attackers were able to access the user name and password which were stored as plain text.
In that time there was one vulnerability CVE-2017-5638 was discovered in Apache struts (Open source development framework) for creating enterprise java applications that most of the companies use in their website, including Equifax. That time the patch was not updated by the IT department and ignored the vulnerability. So for the next two months (approximate to 76 days) the attackers (Chinese military) were able to access all the customer data. However those data were unavailable on dark web site, as per researchers. $1.4 Billion was invested by Equifax later to upgrade the security after the incident occurred.
Later it was known that the breach was happened only on the purpose of espionage. So data governance is the key here, to keep in mind where data is all about your business. The organization have prime responsibility to keep all those data secure way.
For more information please refer to below page:
https://www.investopedia.com/news/was-i-hacked-find-out-if-equifax-breach-affects-you/
Thanks
-DR
