Former Equifax CEO blamed for "entirely preventable" data breach

US House Committee believes string of strategic acquisitions left Equifax systems overloaded with data

Equifax on phone

The Equifax data breach in 2017 that affected approximately 146 million users worldwide was "entirely preventable", according to a US House of Representatives Committee, which concluded that the company failed to use even the most basic of security measures to prevent unauthorised access.

The House Oversight and Government Reform Committee released a staff reportfollowing a 14-month investigation into the Equifax data breach, one of the largest data breaches in US history.

The Committee reviewed over 122,000 pages of documents, conducted transcribed interviews with three former Equifax employees directly involved with IT, and met with numerous current and former Equifax employees, in addition to work conducted by Mandiant, the forensic firm hired to probe breach.

The findings point a finger at former Equifax CEO Richard Smith, who the committee said embarked on an aggressive growth strategy in 2015, leading to the acquisition of multiple companies, IT systems and data.

While the acquisition strategy was successful for Equifax's bottom line and stock price, the growth brought increasing complexity to Equifax's IT systems and expanded data security risks.

"In August 2017, three weeks before Equifax publicly announced the breach, Smith boasted Equifax was managing 'almost 1,200 times' the amount of data held in the Library of Congress every day," the report said.

"Equifax, however, failed to implement an adequate security program to protect this sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable."

Equifax revealed it had been hit by hackers in September 2017, with criminals stealing sensitive personal information on 146 million customers in the US, UK and Canada.

Of the 15 million UK users affected, it was thought that 30,000 of these had their email addresses leaked, and around 15,000 had partial credit card information stolen alongside basic personal information. But, it later emerged that hackers were also able to access US taxpayer ID numbers and their associated email addresses and phone numbers.

The verdict is damning for Equifax, but Chris Morales, head of security analytics at Vectra feels its a little unrealistic in this age of data security.

"I don't believe prevention will ever be 100%. That is unrealistic. I bring this up because the report states the breach was entirely preventable. I don't believe that to be true," he said.

"All networks have become highly complex and the failure comes down to people and process, not necessarily technology. As long as a motive exists, attackers will continuously attempt to compromise networks until they succeed. It is the same notion as building a wall would stop the drug trade. The criminal build tunnels instead."

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
The Xbox Series X shows how far the cloud still has to go
Cloud

The Xbox Series X shows how far the cloud still has to go

25 Sep 2020