Sorry, you need to enable JavaScript to visit this website.

 Blog

CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

GAO Report Provides New Details on Equifax Breach

GAO Report Provides New Details on Equifax Breach
September 12, 2018
Equifax Data Breach

The Government Accountability Office released a report detailing last year’s massive Equifax data breach and how hackers were able to infiltrate the company’s systems to gain access to the personal information of at least 145.5 million individuals.

According to the report, the hackers took advantage of a recently announced vulnerability in a web server technology called Apache Struts, which Equifax failed to patch or address and that left their systems vulnerable for weeks.

Compounding the Apache Struts vulnerability was a misconfigured network security device that was supposed to inspect incoming traffic for signs of malicious activity. The misconfiguration went unnoticed for 10 months. According to the report, “during that period, the attacker was able to run commands and remove stolen data over an encrypted connection without detention.”

The GAO report also showed that in addition to the failure to patch Apache Struts and the misconfiguration of the security tool, Equifax identified an insecure database structure that “allowed the attackers to gain access to additional database containing PII [personally identifiable information].”

Lax Data Governance standards were also cited, which let the attackers gain “access to a database that contained unencrypted credentials… such as user names and passwords.”

Read the report here.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started