Former Equifax CEO blamed for "entirely preventable" data breach

US House Committee believes string of strategic acquisitions left Equifax systems overloaded with data

Equifax on phone

The Equifax data breach in 2017 that affected approximately 146 million users worldwide was "entirely preventable", according to a US House of Representatives Committee, which concluded that the company failed to use even the most basic of security measures to prevent unauthorised access.

The House Oversight and Government Reform Committee released a staff reportfollowing a 14-month investigation into the Equifax data breach, one of the largest data breaches in US history.

The Committee reviewed over 122,000 pages of documents, conducted transcribed interviews with three former Equifax employees directly involved with IT, and met with numerous current and former Equifax employees, in addition to work conducted by Mandiant, the forensic firm hired to probe breach.

The findings point a finger at former Equifax CEO Richard Smith, who the committee said embarked on an aggressive growth strategy in 2015, leading to the acquisition of multiple companies, IT systems and data.

While the acquisition strategy was successful for Equifax's bottom line and stock price, the growth brought increasing complexity to Equifax's IT systems and expanded data security risks.

Advertisement - Article continues below

"In August 2017, three weeks before Equifax publicly announced the breach, Smith boasted Equifax was managing 'almost 1,200 times' the amount of data held in the Library of Congress every day," the report said.

"Equifax, however, failed to implement an adequate security program to protect this sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable."

Equifax revealed it had been hit by hackers in September 2017, with criminals stealing sensitive personal information on 146 million customers in the US, UK and Canada.

Of the 15 million UK users affected, it was thought that 30,000 of these had their email addresses leaked, and around 15,000 had partial credit card information stolen alongside basic personal information. But, it later emerged that hackers were also able to access US taxpayer ID numbers and their associated email addresses and phone numbers.

The verdict is damning for Equifax, but Chris Morales, head of security analytics at Vectra feels its a little unrealistic in this age of data security.

"I don't believe prevention will ever be 100%. That is unrealistic. I bring this up because the report states the breach was entirely preventable. I don't believe that to be true," he said.

"All networks have become highly complex and the failure comes down to people and process, not necessarily technology. As long as a motive exists, attackers will continuously attempt to compromise networks until they succeed. It is the same notion as building a wall would stop the drug trade. The criminal build tunnels instead."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019

Five signs that it’s time to retire IT kit

29 Nov 2019