On a Saturday night, a security engineer at Equifax was updating an SSL certificate on a Network Intrusion Detection System (NIDS). Immediately after, suspicious connections were detected. After a more in-depth investigation, it became evident that the situation was far graver than anticipated. A service had to be promptly shut down to prevent further exploitation, but by that point, the damage was already done. Malicious actors had been exfiltrating data for several months and had already collected personal information from 163 million customers.
  • Querk [they/them]@discuss.tchncs.deEnglish
    4·
    1 year ago

    Conclusion

    The Equifax data breach from 2017 stands out as one of the largest data breaches in history, impacting millions of individuals. It is the result of several mistakes made by Equifax:

    • Insufficient knowledge of their legacy systems.
    • Poor password storage practices.
    • Lack of rigor in the patching process.
    • Lack of network segmentation.
    • Lack of Host-Based Intrusion Detection System (HIDS)
    • Lack of alerting when security tools fail.

    That’s what happens when corps cheap out on IT security. Storing so much personal sensitive data and not putting in the work needed to properly safeguard it. Good IT is hard, but not impossible.