Home arrow Politics & Politicians arrow Federal Issues arrow Congress to Equifax - You Can't Fix Stupid
User Login





Lost Password?
No account yet? Register
Guard My Credit Menu
Home
- - - THE ISSUES - - -
Videos
Fraud and Scams
Credit Issues
Identity Theft
Privacy Issues
Our Children
Politics & Politicians
- - ACTION CENTER - -
Guard My Credit Links
Helpful Pamphlets
- - - - - - - - - - - - - - -
About ACCESS
Contact Us
About Our Site
Join the Fight
ACCESS is a non-profit, tax exempt consumer advocacy group.

Donations are tax deductable.
Guard My Credit Hits
11062173 Visitors
Congress to Equifax - You Can't Fix Stupid PDF Print E-mail

October 5, 2017 - During congressional testimony, Equifax's former CEO - Richard Smith - tried to explain how the huge data breach at the company happened, eventually blaming it on human error. What became clear during his testimony is that the breach was entirely preventable. It is also pretty clear that once the breach was discovered it could have, and should have, been fixed much more quickly. The attempted explanation eventually led to an obviously exasperated statement from U.S. Rep. Greg Walden (R-Ore.) in which he said, "I don’t think we can pass a law that fixes stupid." That may have been an understatement.

Image Image

To understand why Rep. Walden made that statement, you need to know the timelines of the breach. Based on the testimony Smith became aware of the potential breach on July 31st of this year. On August 2nd, he hired an outside firm to look into the breach but didn't bother to ask what information had actually been breached or to check back in with them for more than two weeks. Once he did eventually get an update on the matter, it took several more weeks before the breach was made public. In all, from discovery to announcement took around six weeks. But it gets better!

The vulnerability that allowed the hack to take place had been identified by Apache (the server used by Equifax) earlier in the year. Apache released a security patch for it and notified Equifax about the problem on March 8. That's five and a half months prior to the company becoming aware of the breach. Equifax never bothered to install the Apache patch.

According to Smith, the failure was because one person in their IT security department never told anyone that the installation was needed. Apparently that department - which has over 200 employees - is completely unsupervised.

Rep. Walden didn't hold back. He said, “It’s like the guards at Fort Knox forgot to lock the doors and failed to notice the thieves were emptying the vaults.” We have to agree with him but would add, this breach now appears to be caused by gross negligence, and it has been made worse still by the company's slow response. At this point, it is pretty clear that Equifax probably violated a number of state data breach notification laws and they should be held accountable. We also urge both the states and the federal government to look into the possibility of filing criminal charges against Equifax and its executives… including Mr. Smith. 

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Follow me on Twitter:

Jim Malmberg has 8112 followers on Twitter

 

Follow ACCESS
Comments
Search
Only registered users can write comments!

3.25 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."
 
Guard My Credit Polls
#1 - Why did you visit our site today?
 
.•*´¯☼ ♥ ♥ Your Support of These Links Is GREATLY Appreciated ♥ ♥ ☼¯´*•.
Advertisement
 
Go to top of page
Home | Contact Us |About Us | Privacy Policy
eXTReMe Tracker
04/19/2024 11:23:10