Two Practical Lessons from the Equifax Breach Report
Posted on December 20, 2018 by
Last week, Congress released the full Equifax Breach Report.
https://oversight.house.gov/wp-content/uploads/2018/12/Equifax-Report.pdf
To briefly recap the breach, attackers exploited an Apache Struts vulnerability on the Equifax ACIS web servers (accessed at ai.equifax.com). They then pivoted from these servers to gain further access and query multiple databases within Equifax. As a result, the personal information of 148 million US Citizens was stolen.
It’s a fantastic document that not only explains HOW the breach happened, but WHY it happened. It’s a document that everyone in IT, from the new Service Desk Tech to the seasoned CIO, should read.
The report explains that the breach was the result of many contributing factors that will be familiar to anyone who has worked in IT. Let’s go through the list. (more…)