Equifax ex­ecs quit over cy­ber­crime fi­asco

The Nation - - WORLD -

EQUIFAX yes­ter­day said two ex­ec­u­tives en­trusted with watch­ing over its com­put­ers are re­tir­ing, their de­par­tures com­ing af­ter its ma­ligned han­dling of a ma­jor hack at the credit re­port­ing agency.

The Equifax chief in­for­ma­tion of­fi­cer and head of se­cu­rity will re­tire, ef­fec­tive im­me­di­ately, as “part of the com­pany’s on­go­ing re­view of the cy­ber se­cu­rity in­ci­dent” that re­sulted in per­sonal data of 143 mil­lion US cus­tomers be­ing stolen by hack­ers.

An un­spec­i­fied num­ber of Cana­dian and Bri­tish cus­tomers may have also been af­fected by the hack at Equifax, one of the three ma­jor credit bu­reaux that col­lect con­sumer fi­nan­cial data.

The breach is con­sid­ered one of the worst- ever be­cause of the na­ture of data col­lected: bank and so­cial se­cu­rity num­bers and per­sonal in­for­ma­tion of value to hack­ers and oth­ers.

An in­ter­nal in­ves­ti­ga­tion into the hack con­tin­ues and the com­pany is work­ing with the FBI, ac­cord­ing to Equifax.

Word that top ex­ec­u­tives re­spon­si­ble for de­fend­ing Equifax com­puter sys­tems are out came on the same day that the Cana­dian pri­vacy com­mis­sioner an­nounced an in­ves­ti­ga­tion into the mas­sive theft of per­sonal data from the US credit agency.

“The in­ves­ti­ga­tion is a pri­or­ity for our of­fice given the sen­si­tiv­ity of the per­sonal in­for­ma­tion that Equifax holds,” the of­fice of the pri­vacy com­mis­sion of Canada said in a re­lease.

A law­suit by Cana­dian con­sumers whose data was stolen in the Equifax hack was launched this week, seek­ing class ac­tion sta­tus and dam­ages of US$450 bil­lion (Bt16 tril­lion).

A se­nior US se­na­tor this week asked the Fed­eral Trade Com­mis­sion, one of the few bod­ies with over­sight pow­ers over loosely-reg­u­lated credit raters, to ex­am­ine Equifax’s se­cu­rity practices and its “widely-panned re­sponse” to con­sumers po­ten­tially im­pacted by the breach.

Se­na­tor Mark Warner, a mem­ber of the pow­er­ful Se­nate Bank­ing Com­mit­tee, ac­cused the com­pany of “ex­cep­tion­ally poor cy­ber se­cu­rity practices” that con­tin­ued even af­ter the hack be­came known.

He also said the com­pany’s woe­ful re­sponse to peo­ple whose data may have been lost – in­clud­ing try­ing to charge them for pro­tec­tion – was “alarm­ing”.

“The vol­ume and sen­si­tiv­ity of the data po­ten­tially in­volved in this breach raises se­ri­ous ques­tions about whether firms like Equifax ad­e­quately pro­tect the enor­mous amounts of sen­si­tive data they gather and com­mer­cialise.”

Equifax col­lects con­sumers’ fi­nan­cial data in or­der to rate their cred­it­wor­thi­ness to banks, home sell­ers, auto sell­ers and oth­ers who de­pend on con­sumer credit in mar­ket­ing.

The data the com­pany ad­mit­ted to los­ing on Septem­ber 7 in­cludes peo­ple’s names, so­cial se­cu­rity num­bers, ad­dresses, credit card num­bers, and other fi­nan­cial de­tails.

Such data is of­ten used by crim­i­nals to steal peo­ple’s iden­ti­ties for fi­nan­cial gain.

US of­fi­cials are in­ves­ti­gat­ing the data hack but have not re­vealed if they know who was be­hind it, though for­eign hack­ers are widely sus­pected.

The breach took place from midMay through July 2017 via a web­site ap­pli­ca­tion vul­ner­a­bil­ity that US cy­ber se­cu­rity com­pa­nies say they had iden­ti­fied in March.

Congress has ex­pressed out­rage at the hack and the com­pany’s man­age­ment of it. Par­tic­u­lar anger has been aimed at al­le­ga­tions that three Equifax of­fi­cials sold their stock in the com­pany be­fore the hack was made public.

US Se­na­tor El­iz­a­beth War­ren on Fri­day fired off let­ters to credit re­port­ing agen­cies Equifax, Tran­sUnion and Ex­pe­rian as well as to sev­eral gov­ern­men­tal agen­cies as part of “a new, broad in­ves­ti­ga­tion” into the breach and how it was han­dled, ac­cord­ing to a re­lease.

“Equifax has failed to pro­vide the nec­es­sary in­for­ma­tion de­scrib­ing ex­actly how this hap­pened, and ex­actly how your se­cu­rity sys­tems failed,” War­ren said in a let­ter to the com­pany.

“Equifax’s ini­tial ef­forts to pro­vide cus­tomers in­for­ma­tion did noth­ing to clar­ify the sit­u­a­tion and ac­tu­ally ap­peared to be ef­forts to hood­wink them into waiv­ing im­por­tant le­gal rights.”

While not the largest breach – Ya­hoo at­tacks leaked data on as many as one bil­lion ac­counts – the Equifax in­ci­dent could be the most dam­ag­ing be­cause of the na­ture of data col­lected: bank and so­cial se­cu­rity num­bers and per­sonal in­for­ma­tion of value to hack­ers and oth­ers.

The House En­ergy and Com­merce Com­mit­tee has sched­uled an Oc­to­ber 3 hear­ing with Equifax chief ex­ec­u­tive Richard Smith, who has openly apol­o­gised for the breach. The At­lantabased com­pany dis­closed the breach in a re­lease that did not ex­plain why it waited more than a month to warn those af­fected about a risk of iden­tity theft.

US At­tor­ney-Gen­eral Jeff Ses­sions speaks about a global cy­ber­crime crack­down.

Newspapers in English

Newspapers from Thailand

© PressReader. All rights reserved.