Key Equifax executives departing after huge data breach

The unfair vilificaition of the Equifax CSO's music degrees

A few days later, Equifax brought in security consulting firm Mandiant, now a unit of FireEye and associated with many high-profile forensics investigations including the Yahoo breach previous year, when data on more than 1 billion accounts were exposed. Equifax used it to support its online dispute portal - where Equifax customers go to log issues with their credit reports.

On Friday last week, the beleaguered company announced that its chief information officer and chief security officer were "retiring" with immediate effect.

The company has hired Mandiant, a business often brought in to deal with major security problems at big companies, to conduct a forensic review.

However, the statement raises more questions than it answers.

It said Mandiant was brought in on August 2 after Equifax's security team initially observed "suspicious network traffic" on July 29 U.S. time.

Equifax had said earlier that it identified a weakness in an open-source software package called Apache Struts as the technological crack that allowed hackers to heist the data from the massive database maintained primarily for lenders.

A new report says Equifax knew about the hack in March, nearly five months before the date it publicly disclosed the hack. The particular vulnerability in Apache Struts was identified and disclosed by US CERT in early March 2017.

"Equifax's Security organization was aware of this (CVE-2017-5638) vulnerability at that time, and took efforts to identify and to patch any vulnerable systems in the company's IT infrastructure", Equifax stated. The closest Equifax gets to explaining that?

Equifax has said it discovered the data breach on July 29.

Consumers calling the number Equifax set up initially complained of jammed phone lines and uninformed representatives, and initial responses from the website gave inconsistent responses. "The company will release additional information when available", it said.

The retirements and more details about the company's mega-breach are revealed in a new entry to equifaxsecurity2017.com in which the company describes what it knew, when it knew it, and how it responded.

The Federal Trade Commission and FBI are investigating Equifax and lawsuits are pending by state attorneys general.

"Selling a fee-based product that competes with Equifax's own free offer of credit monitoring services to victims of Equifax's own data breach is unfair", Jepsen said. The executive retirement announcements come as a direct result of the massive data breach revealed by Equifax on September 7. Three senior Equifax executives sold shares worth a total of $1.8 million on August 1st and 2nd, a few days after the discovery of the breach on July 29th.

Related:

Comments


Other news