Former Equifax CEO blamed for "entirely preventable" data breach

US House Committee believes string of strategic acquisitions left Equifax systems overloaded with data

Equifax on phone

The Equifax data breach in 2017 that affected approximately 146 million users worldwide was "entirely preventable", according to a US House of Representatives Committee, which concluded that the company failed to use even the most basic of security measures to prevent unauthorised access.

The House Oversight and Government Reform Committee released a staff reportfollowing a 14-month investigation into the Equifax data breach, one of the largest data breaches in US history.

The Committee reviewed over 122,000 pages of documents, conducted transcribed interviews with three former Equifax employees directly involved with IT, and met with numerous current and former Equifax employees, in addition to work conducted by Mandiant, the forensic firm hired to probe breach.

The findings point a finger at former Equifax CEO Richard Smith, who the committee said embarked on an aggressive growth strategy in 2015, leading to the acquisition of multiple companies, IT systems and data.

While the acquisition strategy was successful for Equifax's bottom line and stock price, the growth brought increasing complexity to Equifax's IT systems and expanded data security risks.

Advertisement - Article continues below
Advertisement - Article continues below

"In August 2017, three weeks before Equifax publicly announced the breach, Smith boasted Equifax was managing 'almost 1,200 times' the amount of data held in the Library of Congress every day," the report said.

"Equifax, however, failed to implement an adequate security program to protect this sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable."

Equifax revealed it had been hit by hackers in September 2017, with criminals stealing sensitive personal information on 146 million customers in the US, UK and Canada.

Of the 15 million UK users affected, it was thought that 30,000 of these had their email addresses leaked, and around 15,000 had partial credit card information stolen alongside basic personal information. But, it later emerged that hackers were also able to access US taxpayer ID numbers and their associated email addresses and phone numbers.

The verdict is damning for Equifax, but Chris Morales, head of security analytics at Vectra feels its a little unrealistic in this age of data security.

Advertisement - Article continues below

"I don't believe prevention will ever be 100%. That is unrealistic. I bring this up because the report states the breach was entirely preventable. I don't believe that to be true," he said.

"All networks have become highly complex and the failure comes down to people and process, not necessarily technology. As long as a motive exists, attackers will continuously attempt to compromise networks until they succeed. It is the same notion as building a wall would stop the drug trade. The criminal build tunnels instead."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020