https://www.cyberscoop.com/equifax-breach-report-house-oversight-committee/
By Sean Lyngaas
CYBERSCOOP
DEC 10, 2018
The devastating 2017 breach of credit-reporting company Equifax, which exposed
data on 148 million people, was "entirely preventable" had the company applied
proactive security measures, a congressional investigation has concluded.
"Had the company taken action to address its observable security issues prior
to this cyberattack, the data breach could have been prevented," says the
report issued Monday by Republicans on the House Oversight and Government
Reform Committee.
The committee's 96-page report lays out why the hack, which compromised
people’s names, social security numbers, addresses, credit card numbers, and
other identifiers, has become a case study in failed IT leadership and software
patching.
A "lack of accountability and no clear lines of authority in Equifax's IT
management structure" meant key security protocols were neglected, the House
panel found: Equifax allowed over 300 security certificates to expire,
including 79 for monitoring “business-critical” domains.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
