Experts Commentary On Equifax Settlement

Reuters is reporting that credit-reporting company Equifax Inc will pay up to a record $650 million to settle U.S. federal and state probes into a massive 2017 data breach of personal information, authorities said on Monday. The largest-ever settlement for a data breach draws to a close multiple probes into Equifax by the Federal Trade Commission, the Consumer Financial Protection Board and nearly all state attorneys general.  


EXPERTS COMMENTS
Chris Kennedy, CISO and VP of Customer Success ,  AttackIQ
July 29, 2019
They spent $250 million on cybersecurity investments—yet still suffered one of the worst data breaches of all time.
The Equifax 2017 breach was articulated as a ‘failure to patch’ but the reality is the security failures were far more broad. Poor IT governance, vulnerability discovery, application architecture, identity and privileged access management and other factors led to 147 million consumers’ highly sensitive records being exfiltrated. Because the company was not practicing continuous monitoring of ....
[Read More >>]
Ben Goodman, Senior Vice President, Global Business and Corporate Development,  ForgeRock
July 29, 2019
To avoid a similar fate – and huge $700 million fine – organizations must adopt an identity-centered, Zero Trust security program.
Even though Equifax’s breach is largely due to the company’s failure to remediate the gap in Apache Struts, the attackers were successful in siphoning 147 million Americans’ sensitive personally identifiable information (PII) due to Equifax’s lack of data governance. Equifax failed to set risk-based limits on access to important information such as usernames and passwords, therefore allowi ....
[Read More >>]
Alex Calic, Strategic Technology Partnerships Officer,  The Media Trust
July 29, 2019
Unfortunately, the missteps that led to the breaches reflect widespread poor data governance and digital asset security.
The past two weeks’ stiff penalties for data security and privacy mishaps here in the US and across the pond, signal a sea change in how companies across the world must handle the consumer data they amass and distribute. Unfortunately, the missteps that led to the breaches reflect widespread poor data governance and digital asset security. These breaches are avoidable, however, with an effective ....
[Read More >>]
Adam Laub, CMO,  STEALTHbits Technologies
July 29, 2019
There’s no silver bullet. There’s no one thing that mitigates the exposure.
I’m far from an Equifax apologist, but the truth is it could have been anyone. It’s not an excuse, but rather the reality we live in. The best outcome isn’t Equifax making the situation right – although that is important for all of those affected – it’s everyone else learning that the price to be paid outweighs the inconvenience of ensuring proper measures are taken to secure the data ....
[Read More >>]
Pravin Kothari, CEO,  CipherCloud
July 29, 2019
This sets a new precedent and a wake-up call to all businesses to be extremely careful.
We’ll see more and more regulators to “bring the hammer down” and levy some of the largest fines ever seen to raise the sense of urgency on businesses to protect their client sensitive information. This time it’s FTC, next could be European GDPR, then upcoming California Consumer Privacy Act, and then many other privacy regulators worldwide. European GDPR has a fine of up to 4% of glob ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article