The Benefits of Risk Management Planning
Added on 2022-08-13
12 Pages2705 Words16 Views
Running head: EQUIFAX DATA BREACH
EQUIFAX DATA BREACH
Name of student
Name of university
Author’s note:
EQUIFAX DATA BREACH
Name of student
Name of university
Author’s note:
1
EQUIFAX DATA BREACH
Table of Contents
Introduction....................................................................................................................2
Discussion......................................................................................................................2
Cause of the breach....................................................................................................2
Benefit of risk management in the organisation........................................................4
Solution of the breach................................................................................................6
Conclusion......................................................................................................................8
References......................................................................................................................9
EQUIFAX DATA BREACH
Table of Contents
Introduction....................................................................................................................2
Discussion......................................................................................................................2
Cause of the breach....................................................................................................2
Benefit of risk management in the organisation........................................................4
Solution of the breach................................................................................................6
Conclusion......................................................................................................................8
References......................................................................................................................9
2
EQUIFAX DATA BREACH
Introduction
Equifax, who are considered to be the largest agency of consumer credit reporting in
USA, made the announcement around September 2017 that there has been a significant
breach in the systems and significantly personal data of almost 148 million Amercians has
been revealed. The data that has been compromised mainly comprised of the home addresses,
names, date of birth, phone numbers as well as the social security numbers. This report
intends to analyse the breach and determine how the implementation of extensive risk
management strategies would have helped the company. The analysis of this breach has been
executed extensively and risk management for the company has been analysed.
Discussion
Cause of the breach
Around September 7, 2017, the company Equifax made an announcement that there
has been a breach in the company and the breach led to the theft of over 143 million US
consumers. The similar announcement also stated that some of the Canadian and the UK
consumers were also affected extensively but no accurate number has been provided by the
company. It has been stated by the company that the significantly unauthorised access
happened around mid-May all through July 2017 [1]. It was determined that alleged hackers
did not extensively contact any data from the core databases of consumer credit reporting of
the company nonetheless from web browser of online dispute portal of US of the company.
The main data that has been breached from the company are the names, the, addresses, social
security numbers the driver’s license numbers as well as birth dates. It was later discovered
that the core vulnerability that had initiated this breach had been the vulnerability Apache
Struts CVE- 2017-5638.
EQUIFAX DATA BREACH
Introduction
Equifax, who are considered to be the largest agency of consumer credit reporting in
USA, made the announcement around September 2017 that there has been a significant
breach in the systems and significantly personal data of almost 148 million Amercians has
been revealed. The data that has been compromised mainly comprised of the home addresses,
names, date of birth, phone numbers as well as the social security numbers. This report
intends to analyse the breach and determine how the implementation of extensive risk
management strategies would have helped the company. The analysis of this breach has been
executed extensively and risk management for the company has been analysed.
Discussion
Cause of the breach
Around September 7, 2017, the company Equifax made an announcement that there
has been a breach in the company and the breach led to the theft of over 143 million US
consumers. The similar announcement also stated that some of the Canadian and the UK
consumers were also affected extensively but no accurate number has been provided by the
company. It has been stated by the company that the significantly unauthorised access
happened around mid-May all through July 2017 [1]. It was determined that alleged hackers
did not extensively contact any data from the core databases of consumer credit reporting of
the company nonetheless from web browser of online dispute portal of US of the company.
The main data that has been breached from the company are the names, the, addresses, social
security numbers the driver’s license numbers as well as birth dates. It was later discovered
that the core vulnerability that had initiated this breach had been the vulnerability Apache
Struts CVE- 2017-5638.
3
EQUIFAX DATA BREACH
Struts has been found to be significantly susceptible to the attacks of remote
command injection using the incorrectly parsing of the invalid content-Type HTTP header of
any attackers. This Struts vulnerability mainly permits the commands with being executed
underneath extensive Web server privileges. This is complete isolated command running and
it is dynamically exploited within the wild from any kind of early disclosure. This particular
vulnerability mainly happens due to the fact that Content-type has not been escaped
afterwards the error, and is utilised by the function “LocalisedTextUtil.findText” for
developing the error message. This function would deduce any supplied message as well as
whatever within the ${...} would be extensively treated as the Object Graph Navigation
Library (OGNL) expression and then valued like it. The conditions could be leveraged by the
attacker for executing the OGNL expressions, which would in turn execute the system
commands.
Apache Struts has been considered as the popular framework for the creation of Java
Web applications that are managed by the Apache Software Foundation [2]. This foundation
mainly released the statement that announced the discovery of vulnerability and then issued
the patch around March 7, 2017. That subsequent day, the Department of the Homeland
Security made contact with the company along with Experian, TransUnion for notifying them
regarding this particular vulnerability. Around March 9, 2017 the internal email
announcement had been transferred to the administrators of the Equifax company regarding
the deployment of the Apache patch. The information security department of Equifax ran
several scans on 15th March, 2017 that had been directed towards the direction of identity
systems that has been discovered to be extensively vulnerable to issue of the Apache Struts,
but all these scans were not able to recognise this vulnerability. This particular vulnerability
was not patched until 9th, 2017 when the department of information security of Equifax found
EQUIFAX DATA BREACH
Struts has been found to be significantly susceptible to the attacks of remote
command injection using the incorrectly parsing of the invalid content-Type HTTP header of
any attackers. This Struts vulnerability mainly permits the commands with being executed
underneath extensive Web server privileges. This is complete isolated command running and
it is dynamically exploited within the wild from any kind of early disclosure. This particular
vulnerability mainly happens due to the fact that Content-type has not been escaped
afterwards the error, and is utilised by the function “LocalisedTextUtil.findText” for
developing the error message. This function would deduce any supplied message as well as
whatever within the ${...} would be extensively treated as the Object Graph Navigation
Library (OGNL) expression and then valued like it. The conditions could be leveraged by the
attacker for executing the OGNL expressions, which would in turn execute the system
commands.
Apache Struts has been considered as the popular framework for the creation of Java
Web applications that are managed by the Apache Software Foundation [2]. This foundation
mainly released the statement that announced the discovery of vulnerability and then issued
the patch around March 7, 2017. That subsequent day, the Department of the Homeland
Security made contact with the company along with Experian, TransUnion for notifying them
regarding this particular vulnerability. Around March 9, 2017 the internal email
announcement had been transferred to the administrators of the Equifax company regarding
the deployment of the Apache patch. The information security department of Equifax ran
several scans on 15th March, 2017 that had been directed towards the direction of identity
systems that has been discovered to be extensively vulnerable to issue of the Apache Struts,
but all these scans were not able to recognise this vulnerability. This particular vulnerability
was not patched until 9th, 2017 when the department of information security of Equifax found
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Equifax Data Breach of 2017: Overview, Causes, and Impact | Deskliblg...
|13
|596
|118
Data Breaches: Equifax and Sony Playstation Networklg...
|12
|3413
|75
Data Breach Equifaxlg...
|12
|2129
|319
Summary of Attack | Computer and Network Securitylg...
|7
|1353
|29
Equifax Data Breach: Incident Report and Analysislg...
|13
|4146
|67
IT Security: Equifax Data Breach, Quantum Key Distribution, and Firewall Typeslg...
|12
|2997
|59