Data Breaches: Equifax and Sony Playstation Network
Added on 2023-01-04
12 Pages3413 Words75 Views
Running head: DATA BREACHES
Data Breaches
[Name of the Student]
[Name of the University]
[Author note]
Data Breaches
[Name of the Student]
[Name of the University]
[Author note]
DATA BREACHES
1
Part 1A:
Equifax Data Breach:
During the time span of April-August 2015-2018 there are several of attack that has led
to computer security breach. In these cases of security related breaches Equifax data breach was
one of the most highlighting security breach which was happened on July 29, 2017 (Zou et al.,
2018). This data breach affected millions of users in this segment. Equifax is one of the largest
credit reporting organization which faced this issue and due to this issue identity theft related
issue occurred among 145.5 million US customers.
The main Problem: In this data breach incident the main problem was regarding unauthorised
access of data. The problems due to this data breach has been announced by the Equifax on
September 7 of 2017. On that day the Equifax clearly defined a cyber-security related attack was
performed on their servers where the attackers accessed several of data of the customers in an
unauthorised way (Zou & Schaub, 2018). This unauthorised data accessed was performed by the
attackers starting on the mid May to throughout the July 2017. This data breach was discovered
by the Equifax on July 29 and immediate actions was taken by the Equifax to solve this data
breach issue. In this case data which was compromised was the personally identifiable
information. This type of data mainly consists the personal information which includes names,
birth dates, addresses, any type of licence numbers and social security numbers.
Occurrence of this Problem: How this data breach of the Equifax is occurred is still mostly
unknown. The recent researches in this data breach issue highlighted that the possible occurrence
of this type of issues was regarding a flaw in the web application which helped the attacker to
gain access to the sensitive information stored by the Equifax (Robbins & Sechooler, 2018). In
1
Part 1A:
Equifax Data Breach:
During the time span of April-August 2015-2018 there are several of attack that has led
to computer security breach. In these cases of security related breaches Equifax data breach was
one of the most highlighting security breach which was happened on July 29, 2017 (Zou et al.,
2018). This data breach affected millions of users in this segment. Equifax is one of the largest
credit reporting organization which faced this issue and due to this issue identity theft related
issue occurred among 145.5 million US customers.
The main Problem: In this data breach incident the main problem was regarding unauthorised
access of data. The problems due to this data breach has been announced by the Equifax on
September 7 of 2017. On that day the Equifax clearly defined a cyber-security related attack was
performed on their servers where the attackers accessed several of data of the customers in an
unauthorised way (Zou & Schaub, 2018). This unauthorised data accessed was performed by the
attackers starting on the mid May to throughout the July 2017. This data breach was discovered
by the Equifax on July 29 and immediate actions was taken by the Equifax to solve this data
breach issue. In this case data which was compromised was the personally identifiable
information. This type of data mainly consists the personal information which includes names,
birth dates, addresses, any type of licence numbers and social security numbers.
Occurrence of this Problem: How this data breach of the Equifax is occurred is still mostly
unknown. The recent researches in this data breach issue highlighted that the possible occurrence
of this type of issues was regarding a flaw in the web application which helped the attacker to
gain access to the sensitive information stored by the Equifax (Robbins & Sechooler, 2018). In
DATA BREACHES
2
the press conference Equifax also admitted that they were aware about this security flaw before
the attacker performed the attack. In the brief statement the Equifax stated that attackers were
able to gain access to the data due to the tool which was known as the Apache Struts. This tool
was not only used by the Equifax but also this was used by several of other government and
business organizations (Wang & Johnson, 2018). This tool was used by the Equifax to support its
customers through the on-line portal provided by the Apache Struts. The main flaw was in this
tool. The customers of Equifax used this on-line tool for logging their issues with the credits
reports of them. Due to this single flaw the attacker was able to take control over the website.
This flaw in the Apace Struts was knows by the Equifax and they were working on this to fix this
issue. While they were working on this issue the hackers identified this security flaw in the
system and gained access through it to the sensitive data of the users.
Possible Solutions: There are numerous number of activity that must be done by the Equifax
and the users of it after this type of data breaches occurred within the system. This type of credit
related data breach can lead to financial loss to the users so users always need to take some
approach at end of themselves for possible solution of this type of cases (Gressin, 2017). For the
organization the Equifax must discover some specific way for patching the existing system so
that data breach can be stopped immediately. After that other security measures also need to be
implemented by the Equifax for securing the data of the customers. The Equifax also need to
ensure that while they are patching the system other type of security issues does not occurs
within the system.
At the end of the users they also need to take some precautions. In this type of situations
first of all the customers must check their credit accounts for any type of suspicious activity. This
is the first step of analysing any type of data breach (Xu, 2015). However, only monitoring the
2
the press conference Equifax also admitted that they were aware about this security flaw before
the attacker performed the attack. In the brief statement the Equifax stated that attackers were
able to gain access to the data due to the tool which was known as the Apache Struts. This tool
was not only used by the Equifax but also this was used by several of other government and
business organizations (Wang & Johnson, 2018). This tool was used by the Equifax to support its
customers through the on-line portal provided by the Apache Struts. The main flaw was in this
tool. The customers of Equifax used this on-line tool for logging their issues with the credits
reports of them. Due to this single flaw the attacker was able to take control over the website.
This flaw in the Apace Struts was knows by the Equifax and they were working on this to fix this
issue. While they were working on this issue the hackers identified this security flaw in the
system and gained access through it to the sensitive data of the users.
Possible Solutions: There are numerous number of activity that must be done by the Equifax
and the users of it after this type of data breaches occurred within the system. This type of credit
related data breach can lead to financial loss to the users so users always need to take some
approach at end of themselves for possible solution of this type of cases (Gressin, 2017). For the
organization the Equifax must discover some specific way for patching the existing system so
that data breach can be stopped immediately. After that other security measures also need to be
implemented by the Equifax for securing the data of the customers. The Equifax also need to
ensure that while they are patching the system other type of security issues does not occurs
within the system.
At the end of the users they also need to take some precautions. In this type of situations
first of all the customers must check their credit accounts for any type of suspicious activity. This
is the first step of analysing any type of data breach (Xu, 2015). However, only monitoring the
DATA BREACHES
3
credit account data will not help the customers in this case. The customers or the users
immediately need to change their login id and the respective passwords for the further safety of
them. The Equifax data breach was the personally identifiable information type of data breach in
which their personal information was breach. Thus, it is very likely that the users will can also
face attacks on their other on-line accounts also which includes bank accounts, e-commerce
accounts and the social media accounts. Thus, the users must change all the passwords and
important credentials for each of the account (Sun, Liu & Xie, 2016). With that the users of
Equifax must also freeze their credit accounts so that any type transaction cannot be happen
anonymously. Though adding freeze and removing freeze from accounts is chargeable from the
end of the service provider and the charge can vary for different kind of situations. Still the
freezing of the accounts is the only solutions in this type of data breach cases.
Part 1 B:
The fence register is associated with providing of abilities related to the relocation. For
the purpose of separating the two user areas they are provided with a start address which is also
known as the base address which is being provided. Along with all this each and every program
present in the specific user area are offset from the base address (Van Schaik et al., 2017). In
addition to all this a user who is associated with the usage of the address space might be seen to
be exceeding beyond its limit, for this reason the upper bound is also very important for the
purpose of restricting the user from entering into another user area. The upper bound register is
also known as the bound register. For this reason, in order to provide separation along with the
maintenance of the integrity of data the base or the bound register scheme is very important
which needs to be implemented (Stevens, 2016). A pair of base or bound register is associated
with providing the lower and upper limits of the area specific to that user, so it is not possible for
3
credit account data will not help the customers in this case. The customers or the users
immediately need to change their login id and the respective passwords for the further safety of
them. The Equifax data breach was the personally identifiable information type of data breach in
which their personal information was breach. Thus, it is very likely that the users will can also
face attacks on their other on-line accounts also which includes bank accounts, e-commerce
accounts and the social media accounts. Thus, the users must change all the passwords and
important credentials for each of the account (Sun, Liu & Xie, 2016). With that the users of
Equifax must also freeze their credit accounts so that any type transaction cannot be happen
anonymously. Though adding freeze and removing freeze from accounts is chargeable from the
end of the service provider and the charge can vary for different kind of situations. Still the
freezing of the accounts is the only solutions in this type of data breach cases.
Part 1 B:
The fence register is associated with providing of abilities related to the relocation. For
the purpose of separating the two user areas they are provided with a start address which is also
known as the base address which is being provided. Along with all this each and every program
present in the specific user area are offset from the base address (Van Schaik et al., 2017). In
addition to all this a user who is associated with the usage of the address space might be seen to
be exceeding beyond its limit, for this reason the upper bound is also very important for the
purpose of restricting the user from entering into another user area. The upper bound register is
also known as the bound register. For this reason, in order to provide separation along with the
maintenance of the integrity of data the base or the bound register scheme is very important
which needs to be implemented (Stevens, 2016). A pair of base or bound register is associated
with providing the lower and upper limits of the area specific to that user, so it is not possible for
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
IT Security: Equifax Data Breach, Quantum Key Distribution, and Firewall Typeslg...
|12
|2997
|59
The Benefits of Risk Management Planninglg...
|12
|2705
|16
Web Application Security Report 2022lg...
|6
|1029
|20
Summary of Attack | Computer and Network Securitylg...
|7
|1353
|29
Cybersecurity Threats Assignmentlg...
|5
|1057
|121
MANAGEMENT INFORMATION SYSTEM.lg...
|3
|335
|347