Equifax breach5/11/2023 Organizations often have huge troves of data that they share with their partners or even third parties that help them with their operations. Sharing information between organizations In any case, businesses should look into alternative methods of authenticating customers’ identities, and the authentication process must have more variation and must not rely heavily on one specific identifier. There are biometric options as well as tokens and unique passwords that can be given to each individual. Privacy and security experts have recommended more modern ways of authenticating an individual’s identity. Most notoriously, the SSN is a key piece of information used to commit identity theft.” Unfortunately, this universality has led to abuse of the SSN. As stated on its website: “The universality of SSN ownership has in turn led to the SSN’s adoption by private industry as a unique identifier. Even the Social Security Administration has noted that the universality of SSN collection has led to its abuse. But the Equifax breach has highlighted the complications of using SSN as a standard way of authenticating a person’s identity, which was never its intended use. Most financial institutions like Equifax rely on social security numbers (SSN). Train employees or any individual who handles data on proper security policies, and emphasize the importance of proper data protection.Īuthenticating an individual is a necessary part of most businesses, and there are many different identifiers that can be used.Rank data from low-value to high-value and assign protection based on the ranks.Operate on a need-to-know basis so that access to sensitive data is granted only to people who absolutely need it.There are effective and comprehensive ways to classify and secure data. Protecting the PII of employees and customers should be top of mind for any organization. Sensitive and valuable data, of course, should be given priority in terms of security - and a prime example of sensitive and valuable is PII. The sheer amount of data stored by organizations requires some form of data management and classification. Organizations that store PII or other sensitive data should be even more careful and always be wary of current threats many attacks use old exploits and can be prevented through updated patches. Any organization, be it a small business or a large multinational, should create an effective patching regimen that fits its enterprise. Patching may involve operational disruptions or additional resources, but the benefits outweigh the inconveniences. Taking those factors into consideration, it should have been a priority to patch for any organization despite the difficulties involved. CVE-2017-5638 was classified as a critical vulnerability with remote code execution risks, and was actively being exploited. The vulnerability was already being exploited in March to compromise web servers of large institutions - attacks were “highly reliable and trivial to carry out,” according to experts. ![]() Some experts noted that it required more resources and labor than usual to patch, which might be why many organizations did not update their systems accordingly. The vulnerability is not new it was publicly disclosed in the beginning of March and was patched soon after. PatchingĪccording to the website Equifax put up to manage the crisis, attackers took advantage of the known vulnerability Apache Struts CVE-2017-5638 to access the data. ![]() Listed below are some general guidelines and best practices that organizations should take note of. Companies who store customer data should have strict policies and be very vigilant about their security since the data they collect is becoming an increasingly valuable commodity for hackers. ![]() Sensitive personal data like PII is a particularly tempting target for criminals because it can be abused in a number of ways. The breach has shone a spotlight on the need for strict and effective policies on data management and protection. ![]() The incident reportedly affected 143 million customers of the credit reporting company, as their social security numbers, addresses, birth dates and other personally identifiable information (PII) were stolen by hackers. Equifax announced earlier this month that it was hit by a security breach that resulted in the loss of valuable data.
0 Comments
Leave a Reply. |