![]() ![]() To understand how exactly all these crises intersected, let's take a look at how the events unfolded. Equifax did not publicize the breach until more than a month after they discovered it had happened stock sales by top executives around this time gave rise to accusations of insider trading.The attackers pulled data out of the network in encrypted form undetected for months because Equifax had crucially failed to renew an encryption certificate on one of their internal security tools.The attackers were able to move from the web portal to other servers because the systems weren't adequately segmented from one another, and they were able to find usernames and passwords stored in plain text that then allowed them to access still further systems.The company was initially hacked via a consumer complaint web portal, with the attackers using a widely known vulnerability that should have been patched but, due to failures in Equifax's internal processes, wasn't.A top-level picture of how the Equifax data breach happened looks like this: General Accounting Office, and an in-depth analysis from Bloomberg Businessweek based on sources inside the investigation. Most of the discussion in this section and the subsequent one comes from two documents: A detailed report from the U.S.
0 Comments
Leave a Reply. |