nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

What's that, Equifax? Most people expect to be notified of a breach within hours?

Go on, you're the breach expert

By John Leyden, 19 Sep 2017

Equifax hasn't found time for a houseclean and is making claims of authority and competence about security breaches that, following its own recent high profile breach, come off as pretty cringeworthy.

An autumn 2016 whitepaper from Equifax - still available here at the time of publication – attempts to position the credit scoring agency as a go-to firm for organisations unfortunate or careless enough to suffer a security breach.

How would you reassure your customers – and satisfy regulators – if your business experienced a data breach?

Equifax is ideally placed to help businesses if they experience a data breach. We have one of the largest sources of detailed consumer data in the UK.

Equifax knows breaches

The offer is particularly out of place in the wake of Equifax's widely criticised response to a breach at the credit reference agency that exposed the personal details of 143 million US consumers and 400,000 Brits.

Perhaps Equifax execs might want to re-visit their own Identity Theft and Data Breach whitepaper themselves, assuming they still have a job that is. Perhaps it would interest them that 63 per cent of punters want to know about a breach within hours of its occurrence? Not, er, the months it took Equifax to reveal its own dirty secret.

Alternatively, they might want to talk to experts at FireEye Mandiant, the incident response arm of the security firm, who have been brought in to help sort out the mess at consumer credit scoring agency.

Last week we reported how FireEye removed an Equifax case study from its website in response to the recently disclosed mega-breach at the credit reference agency.

Equifax’s endorsement of FireEye’s zero-day detections capabilities no longer counted as much of a recommendation after Equifax was comprehensively pwned by hackers who exploited an unpatched Apache Struts vulnerability. ®

Hat-tip

A tip of the hat to vulture-eyed reader Laurence M for the heads-up on Equifax’s promised expertise.

Bootnote

Equifax was also hacked back in March, separately to this summer's intrusion, it is reported. Apparently, the miscreants who broke in at the start of the year were the same ones who returned to lift millions of customer records.

The Register - Independent news and views for the tech community. Part of Situation Publishing