Search

» » Equifax's lax cyber defense made for easy target

Equifax's lax cyber defense made for easy target

Reuters

By Gina Chon

(The author is a Reuters Breakingviews columnist.)

WASHINGTON, Oct 3 (Reuters Breakingviews) - Equifax's lax cyber defenses made it an easy target. Former CEO Richard Smith told Congress the company's failure to maintain software led to its data hack, and admitted he didn't ask hard questions. The mistakes should be a lesson for other firms, and a spur for the White House as it considers replacing Social Security numbers.

On top of that, Smith failed to ask basic questions when he was notified of suspicious activity on July 31. He didn't inquire whether personal data was stolen and insisted that at that time there was no indication of a breach. That stance might have passed muster a few years ago, but hacks at Yahoo, Target and elsewhere show it's warranted to think of worst-case scenarios from the start. Exasperated lawmakers at the hearing asked "what the heck" it could've been if not a hack. It wasn't until Aug. 24 that the board was notified, about 15 weeks after hackers first accessed Equifax's system.

Smith blamed human and technological errors, which can't be eradicated. That's why the White House is looking at what else the government can do to alleviate hacks. During a conference Tuesday, White House cyber-security coordinator Rob Joyce said Social Security numbers, which were first issued in 1935, may be a relic and the administration was looking at more modern methods, such as a public-private key. As breaches like Equifax pile up, there is more urgency for new thinking about the old ways of doing things.

On Twitter

CONTEXT NEWS

- Former Equifax CEO Richard Smith told U.S. lawmakers on Oct. 3 that he was "deeply sorry" for a cyber hack that was thought to have exposed personal information for 143 million customers. The consumer credit-score company disclosed on Oct. 2 that an additional 2.5 million people were affected. Smith also told a House energy and commerce subcommittee that he was disappointed by the initial response. "The scale of this hack was enormous and we struggled with the initial effort to meet the challenges that effective remediation posed," Smith said.

- Smith said it appears the first time hackers accessed sensitive information was on May 13 but suspicious activity wasn't discovered by the company until July 29. The company disclosed the breach on Sept. 7. Equifax announced he would retire on Sept. 26. Smith will also testify in two other congressional hearings during the week.

- Separately, the administration of President Donald Trump is considering replacing the use of Social Security numbers as personal identifiers in the wake of the Equifax hack, White House cyber-security coordinator Rob Joyce said at a conference on Oct. 3, Bloomberg reported.

Smith statement



Referenced Symbols:EFX,

Let's block ads!(Why?)

Read Again Equifax's lax cyber defense made for easy target : http://ift.tt/2xP9FCv

Let's block ads! (Why?)



Bagikan Berita Ini

0 Response to "Equifax's lax cyber defense made for easy target"

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger.