Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Equifax Data Breach: Incident Report and Analysis

Verified

Added on 2023/01/11

AI Summary

This document provides a detailed incident report and analysis of the Equifax data breach, including a timeline of events, technical analysis, assessment of threats and risks, and recommendations for future prevention.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Incident Report

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Contents
INTRODUCTION...........................................................................................................................1
Time line of events and actions.......................................................................................................1
Technical analysis............................................................................................................................2
Assessment of threats and risks.......................................................................................................6
Organisational response...................................................................................................................7
Recommendations............................................................................................................................7
CONCLUSION................................................................................................................................9
REFERENCES..............................................................................................................................10

INTRODUCTION
Equifax is one of the three largest credit rating agencies in US. It announced in September
2017 that their systems had been breached and data of approx. 148 million Americans was
compromised. The data breached includes the information related to names, phone numbers,
addresses, date of birth, social security numbers and driver’s license numbers. This was also
admitted that credit card numbers of approx. 209000 consumers were also breached. There were
many breaches were done in past within another organisation but the sensitivity of information
holds by Equifax made the event more unprecedented. The attackers were able to breach because
of vulnerability in Apache Software, inability of internal staff and non-renewal of encryption
certification (Alavi, Islam and Mouratidis, 2016). This resultant into breach without any kind of
detection. The investigation of breach was carried out by security firm named Mandiant. As
future response, this organisation was also created separate domain equifaxsecurity2017.com and
provide safety from phishing through purchase of similar domains.
Time line of events and actions
The number of events were performed during the occurrence of incident. This incident was
started on March 7, 2017 where announcement was done regarding vulnerability. On march 9,
2017 internal e-mail was sent to Equifax for patching Apache. On 15 March, 2017 information
security department of Equifax ran scans but not able to found the vulnerability. This
vulnerability unpatched till the date of July 29, 2017. This date Equifax information security
department discovered the unsuspicious network traffic associated with its online dispute portal
and applied the Apache patch. On July 30, 2017 another suspicious activity was observed and in
action they closed the web application. After three days, organisation hired cybersecurity firm
Mandiant to conduct investigation. This investigation further revealed that 145.5 million people
were affected due to this data breach. The date on which they publicise this incident was
September 8, 2017. Allegations was proposed regarding insider trading because top executive
sold their stock in the month of August. It was assumed as the reason of one month delayed
publication of information within the public. The precedent event that provided information
about week security was the breach of tax and salary data of around 431000 people from Equifax
(Anisimov, Zegzhda, Anisimov and Bazhin, 2016).
1

In response of this incident, Equifax created the separate domain named as
equifaxsecurity2017.com. This was prepared for the consumers regarding identification that
information was compromised or not in this breach. Also, the developer Nick Sweeting bought
the domain named securityequifax2017.com to demonstrate that the organisation was
considerable towards elimination of phishing attacks.
Technical analysis
Equifax is credit report agency. This is also known as credit bureaus in US. This belongs
from the three major credit reporting agencies in US. This organisation as information of 800
million individual consumers and more than 88 million businesses at global level. The main
work of credit reporting agency is creating the reports on individuals that provides the detailed
information upon history of person’s credit along with any due of loan and credit card payments.
The CRA organisations does not collect the information from individuals directly. They grab the
information from businesses, credit card companies, banks, employers, landlords and others.
This information will be further used in case of credit application by an individual. Here, lender
will apply to CRA organisations like Equifax for the ascertaining information about their
payment history on repayment of earlier debts (de Gusmão and et.al. 2016). The positive history
of debt payment has good impact that allows the lender to increase the amount of credit along
charging of appropriate interest rate. Other than lenders, landlords are also calling credit reports
before accepting the person as tenant and employers to hire within an organisation. This clearly
states the impact of credit reports has major over the lives of people.
On September 7, 2017, Equifax made the announcement that data of around 143 million US
consumer was breached. In the same announcement, organisation was mentioned that the
consumers of UK and Canada also get affected. It was stated by an organisation that this
occurred in mid of the May and July 2017. The data was not only breached by hackers from the
Equifax core consumer credit reporting data bases, but also from the organisational US online
dispute portal web application. The data that was attained by hackers related to consumer
includes;
 Names
 Social Security Numbers
 Birth Dates
 Addresses
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

 Driver’s License Numbers
The emergency started in March of 2017. In that month, a powerlessness, named CVE-2017-
5638, was found in Apache Struts, an open source improvement system for making endeavour
Java applications that Equifax, alongside a large number of different sites and employments use
for operating their business operations. On the other hand, that invaders sent HTTP demands
with malevolent code tucked into the substance type header, Struts could be fooled into
executing that code, and conceivably opening up the framework Struts was running on to
promote interruption (Han, Huang, Li and Ren, 2016). On March 7, the Apache Software
Foundation discharged a fix for the vulnerabilities; on March 9, Equifax overseers were advised
to apply the repair to any influenced frameworks, however the worker who ought to have done
so didn't. Equifax's IT division ran a progression of sweeps that should recognize unpatched
frameworks on March 15; there were in certainty different immobilised frameworks, including
the previously mentioned web-based interface, yet the outputs appeared to have not worked, and
none of the helpless frameworks were hailed or fixed.
Panicked by a progression of occurrences in which lawbreakers had utilized Social Security
numbers taken from somewhere else to sign into Equifax destinations, the credit organization
had employed the security counselling firm Mandiant to survey their frameworks. Mandiant
cautioned Equifax about numerous unpatched and misconfigured frameworks, and the
relationship degenerated into in bitterness inside half a month. Crime scene investigation
dissected sometime later uncovered that the underlying Equifax information break date was
March 10, 2017: that was the point at which the web-based interface was first penetrated by
means of the Struts powerlessness. However, the aggressors don't appear to have done quite a bit
of anything right away. It wasn't until May 13, 2017 — in what Equifax alluded to in the GAO
report as an "independent episode" — that aggressors started moving from the undermined server
into different pieces of the system and exfiltrating information decisively (Hoffmann,
Kiedrowicz and Stanik, 2016).
From May through July of 2017, the assailants had the option to access numerous Equifax
databases containing data on a huge number of individuals; as noticed, various poor information
administration rehearses made them cavort through Equifax's frameworks conceivable. Presently
showed up at another shocking Equifax screw-up. In the same way as other cyber thieves,
Equifax's assailants encoded the information they were moving so as to make it harder for
3

administrators to spot; in the same way as other huge undertakings, Equifax had instruments that
unscrambled, dissected, and afterward re-scrambled inside system traffic, explicitly to track
down information exfiltration occasions this way. However, so as to re-encode that traffic, these
instruments need an open key endorsement, which is bought from outsiders and must be every
year restored. Equifax had neglected to recharge one of their testaments almost 10 months
already — which implied that encoded traffic wasn't being reviewed (Johnson and et. al. 2016).
The lapsed authentication wasn't found and restored until July 29, 2019, so, all in all Equifax
directors very quickly started seeing all that recently jumbled dubious movement; this was when
Equifax first thought about the penetrate. It took another entire month of inside examination
before Equifax promoted the penetrate, on September 8, 2017. Many top Equifax officials sold
organization stock toward the beginning of August, raising doubts that they had stretched out
beyond the unavoidable decrease in stock value that would follow when all the data came out.
They were cleared, however one lower-level executive was accused of insider exchanging
(Equifax data breach, 2020).
It is clear from the above description that there were number of security lapses that
allows the attackers to enter within secure systems and exfiltrate terabytes of data. The overall
picture of breaching process understood from the above description is presented below:
 Initially, organisation was hacked via a consumer complaint web portal. Attackers are
considered as widely known vulnerability that should have been patched on time. This
was not done due to the failure of Equifax internal processes.
 The inappropriate segmentation of system allowed the attackers to move from the web
portal to other servers. This was also provided the option of finding usernames and stored
passwords through which they accessed further systems.
 The failure of Equifax to renew an encryption certificate on one of their internal security
tools provided the option of data pulling from the network in encrypted form and
undetected in nature.
 Equifax also hide the information of breach for more than one month from its
identification. This was further used as insider trading where stocks are sold by top
executives (Kim and Choi, 2020).
The consumer reporting industry has poor history of cybersecurity. The scope of the
activities like data breach is well extended towards another organisation beyond to Equifax.
4

There were many instances happened in past with Equifax and other organisations that showed
the need of security development. No action was taken Equifax at that time which leads into data
breach of 2017. The information about other past instances is provided below that happened with
Equifax and other organisations;
In May, 2016 thieves stole the data related to tax and salary of more than 431000 persons
from Equifax. In October 2015, Experian breached the record of 15 million T-Mobile customers
that included names, addresses, SSNs, date of birth and identification numbers. The three
organisations simultaneously breached by thieves named Equifax, Experian and TransUnion
where credit report of celebrities was exposed in march 2013 (Li and et. al. 2018). These were
the few examples. There were many due to increment in the number of breach cases at global
level. The information about these are provided below;
 The yahoo breach in the year 2013 where hackers stole the names, birth dates and
passwords of more than 3 billion users. This was considered as the largest on record data
breach.
 Data breach in year 2015 at the office of personnel management where they
compromised the personal data along with biometric identifiers of more than 20 million
people. The many of these were related to security clearances.
 Activities of data breach that impacted Chipotle, Home Depot and Target through stolen
of the credit card numbers relating to 100 million people.
 The acts of data breach were also seen in large banks, educational institutions, healthcare
providers and many other businesses.
The theft of identity information is serious problem for consumers. In report of Federal Trade
Commission mentioned that 39925 cases of identity theft were exist in year 2016. Out of this,
29% of personal data was used for the purpose of tax fraud. On the other hand, 32% of personal
data is used for the purpose of credit card fraud which was 16% more the number attained in year
2015. One of the report of Department of Justice in year 2015 stated that 86% of the victims of
identity theft experienced the fraudulent use of existing account information in respect to credit
card and bank account information. The same report also stated that this had cost to the US
economy up to $15.4billion (Semin, Shmakova and Los, 2017).
The theft related to personal identify information derails the financial future of person.
The criminals who theft such information is further used for the purpose of opening bank counts,
5

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

credit cards, taking out of loans and other financial activities on the name or identity of
someone’s other. The negative consequences of these has to bear by consumers like;
 Not allowed in future to tale credit cards and loans
 Not allowed to rent a house or its finding at any other place
 Increment of the interest rates in existing credit cards
 Ascertaining difficulties in getting a job
 They have to suffer from sever distress and anxiety
Assessment of threats and risks
There were numerous vulnerabilities that created the security lapses within an overall
incident. These are mentioned below:
 Failure of internal staff and processes to identify along with patching of vulnerabilities.
 Non segmentation of systems that allowed movement from one web portal to other
servers
 Failed to renew the encryption certification that resulted into breach of information
without any kind of detection (Shameli-Sendi, Aghababaei-Barzegar and Cheriet, 2016).
 Presence of vulnerabilities in Apache Struts. This is the open source development
framework that uses for creating enterprise Java applications.
All these vulnerabilities have contribution towards the occurrence of this incident. The major
threat that resultants into harm in the case of Equifax was issue in Apache software and non-
renewal of encryption certification. The vulnerability in Apache leads the breach in web portal
via Struts and on the other hand, non-renewal allowed pulling of encrypted data without
detection. The end impact was ascertained by an organisation in the form of losing identity data
of around 145.5 million people.
There are many other number of risks persist within information system environment that
resultant into the breach of confidential information. The understanding of these risks is
important for the purpose of improving security and brining stability within working of this
industry. This will further provide the opportunity to create the trust of locals over this industrial
functions and higher contribution towards development of an economy. The description of such
different number of risks are provided below;
Hardware and Software failure: This is the issue related to power loss and data corruption
that further creates the risk of data loss or breach.
6

Malware: This is the software designed for the purpose of disrupting computer operation.
This can be further used for the purpose of data breaching.
Viruses: These are the computer codes that copy itself and spread from one computer to
another. This resulted into disruption of computer operations that further creates the opportunity
for data breach.
Spam, Scams and Phishing: These are unsolicited e-mails to fool people regarding
revealing of consumer personal details. This further can be used for ascertaining personal
information (Singh, Joshi and Gaud, 2016).
Human error: Human error like careless data disposal resulted into data breach.
Hackers: These are the persons who illegally break the systems to ascertain private
information.
Fraud: The exercise of manipulating for taking illegal benefits. This further can be used for
the purpose of data breach.
Denial of service: These are online attacks that denied the access to authorised users. This
can be done for ascertaining personal information.
Security breaches: This is about physical breaks along with online intrusion. The role of
these is also high towards personal information breach (Soomro, Shah and Ahmed, 2016).
Organisational response
Equifax made a different space—equifaxsecurity2017.com—for customers to see whether
their data was undermined in the break. This made the site be hailed as a phishing risk by
programmers. Designer Nick Sweeting purchased the domain securityequifax2017.com to
exhibit that Equifax's was much concerned about the safety of consumers from phishing attack.
Recommendations
This section includes the recommendations to improve security within an organisation. The
main purpose of these is to bring strong working culture so nothing will be happened in future
that resultants into data breach. It includes both short term and long term recommendations
which are defined below:
Short term recommendations
7

This includes the activities related to recovery from the impact of breach and necessary
amendments so improvement will be ascertained in working at quick level. The
recommendations in this respect are provided below:
Training of cyber security staff: Training of cyber security staff is necessary because it
help in development of their skills and knowledge. The breach was not occurred if internal staff
able to identify the vulnerabilities and attacks on time. So, training is important to improve
technical knowledge (Thomas and Galligher, 2018).
Regular review of policies and procedures: The regular reviews of policies and applied
procedure is important. This help in performance of work with effective focus so nothing will be
missed. If, this was done within an organisation then able to protect themselves from breach
because non-renewal of encryption certificate was one of the major cause of data breach.
Deployment of annual staff training: This is important to get the feedback from
employee’s over the working conditions and other possibilities of improvement. This help in
acceptance of new innovations frequently within an organisation as per the needs along with
removal of existing issues.
Prioritise risk assessments: Prioritisation of risks is important. In information security
industry, safety of data is prime. This is must for every organisation to give priority to this aspect
instead of enhancing business or profit through removal of other hindrances (Webb and et. al.,
2016).
Assess and improve: This is the technique of regular assessment and improvement. This
help in regular implementation of new changes as per the security needs for the protection of
personal data of consumers.
Long term recommendations
This includes the activities, strategies and plan for ascertaining long term security within an
organisational operation. These main purpose is to build strong working structure with safety that
cannot be breached in future. The recommendations in this regard are provided below:
Designing of safe systems: This is about the development of safe systems so no one is able
to breach at any cost.
Keeping all software up-to-date: This about regular updating of software’s. This will
provide the opportunity that no bugs can be used for the purpose of breaching personal
information.
8

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Use of security software’s: This about the use of security software for the purpose of
tracing unauthorised activities. This will work in the direction of safeguarding the important
data.
Layering of securing software’s: Layering is important because this will provide the
opportunity of safeguarding against the high nature of risks. Layering help in further
identification and protection (Wei,Wu and Chu, 2018).
Contingency plan: The contingency plan helps to take effective actions in future as
includes the development of actions on the basis of different risks.
CONCLUSION
It has been concluded from the above report that information system security is important
towards minimising risk. This will provide the opportunity to an organisation work with level of
competencies within a market where no one is able to breach organisational operation. Regular
updating of software’s and training are the most important aspect that help in direction of
improving safety.
9

REFERENCES
Books and Journals
Alavi, R., Islam, S., & Mouratidis, H. (2016). An information security risk-driven investment
model for analysing human factors. Information & Computer Security.
Anisimov, V. G., Zegzhda, P. D., Anisimov, E. G., & Bazhin, D. A. (2016). A risk-oriented
approach to the control arrangement of security protection subsystems of information
systems. Automatic Control and Computer Sciences. 50(8). 717-721.
de Gusmão, A. P. H. & et.al. (2016). Information security risk analysis model using fuzzy
decision theory. International Journal of Information Management. 36(1). 25-34.
Han, Z., Huang, S., Li, H., & Ren, N. (2016). Risk assessment of digital library information
security: a case study. The Electronic Library.
Hoffmann, R., Kiedrowicz, M., & Stanik, J. (2016). Risk management system as the basic
paradigm of the information security management system in an organization.
In MATEC Web of Conferences (Vol. 76, p. 04010). EDP Sciences.
Johnson, P. & et. al. (2016, October). Quantitative information security risk estimation using
probabilistic attack graphs. In International Workshop on Risk Assessment and Risk-
driven Testing (pp. 37-52). Springer, Cham.
Kim, S., & Choi, M. (2020). Educational requirement analysis for information security
professionals in Korea. Journal of Information Systems Education. 13(3). 11.
Li, S. & et. al. (2018). An improved information security risk assessments method for cyber-
physical-social computing and networking. IEEE Access. 6. 10311-10319.
Semin, V. G., Shmakova, E. G., & Los, A. B. (2017, September). The information security risk
management. In 2017 International Conference" Quality Management, Transport and
Information Security, Information Technologies"(IT&QM&IS) (pp. 106-109). IEEE.
Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of information
security risk assessment (ISRA). Computers & security. 57. 14-30.
Singh, U. K., Joshi, C., & Gaud, N. (2016). Information security assessment by quantifying risk
level of network vulnerabilities. International Journal of Computer
Applications. 156(2). 37-44.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more
holistic approach: A literature review. International Journal of Information
Management. 36(2). 215-225.
Thomas, J., & Galligher, G. (2018). Improving backup system evaluations in information
security risk assessments to combat ransomware. Computer and Information
Science. 11(1).
Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2016). Foundations for an intelligence-
driven information security risk-management system. Journal of Information
Technology Theory and Application (JITTA). 17(3). 25-51.
Wei, Y. C., Wu, W. C., & Chu, Y. C. (2018). Performance evaluation of the recommendation
mechanism of information security risk identification. Neurocomputing. 279. 48-53.
Online
Equifax data breach. 2020 [Online]. Available Through: <
https://epic.org/privacy/data-breach/equifax/>
10

1 out of 13

+13062052269

info@desklib.com

Equifax Data Breach: Incident Report and Analysis

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Equifax Data Breach of 2017: Overview, Causes, and Impact | Desklib

Data Breach Equifax

Summary of Attack | Computer and Network Security

IT Security: Equifax Data Breach, Quantum Key Distribution, and Firewall Types

MANAGEMENT INFORMATION SYSTEM.

The Benefits of Risk Management Planning