Former Equifax CEO blamed for "entirely preventable" data breach

US House Committee believes string of strategic acquisitions left Equifax systems overloaded with data

Equifax on phone

The Equifax data breach in 2017 that affected approximately 146 million users worldwide was "entirely preventable", according to a US House of Representatives Committee, which concluded that the company failed to use even the most basic of security measures to prevent unauthorised access.

The House Oversight and Government Reform Committee released a staff reportfollowing a 14-month investigation into the Equifax data breach, one of the largest data breaches in US history.

The Committee reviewed over 122,000 pages of documents, conducted transcribed interviews with three former Equifax employees directly involved with IT, and met with numerous current and former Equifax employees, in addition to work conducted by Mandiant, the forensic firm hired to probe breach.

The findings point a finger at former Equifax CEO Richard Smith, who the committee said embarked on an aggressive growth strategy in 2015, leading to the acquisition of multiple companies, IT systems and data.

While the acquisition strategy was successful for Equifax's bottom line and stock price, the growth brought increasing complexity to Equifax's IT systems and expanded data security risks.

"In August 2017, three weeks before Equifax publicly announced the breach, Smith boasted Equifax was managing 'almost 1,200 times' the amount of data held in the Library of Congress every day," the report said.

"Equifax, however, failed to implement an adequate security program to protect this sensitive data. As a result, Equifax allowed one of the largest data breaches in U.S. history. Such a breach was entirely preventable."

Equifax revealed it had been hit by hackers in September 2017, with criminals stealing sensitive personal information on 146 million customers in the US, UK and Canada.

Of the 15 million UK users affected, it was thought that 30,000 of these had their email addresses leaked, and around 15,000 had partial credit card information stolen alongside basic personal information. But, it later emerged that hackers were also able to access US taxpayer ID numbers and their associated email addresses and phone numbers.

The verdict is damning for Equifax, but Chris Morales, head of security analytics at Vectra feels its a little unrealistic in this age of data security.

"I don't believe prevention will ever be 100%. That is unrealistic. I bring this up because the report states the breach was entirely preventable. I don't believe that to be true," he said.

"All networks have become highly complex and the failure comes down to people and process, not necessarily technology. As long as a motive exists, attackers will continuously attempt to compromise networks until they succeed. It is the same notion as building a wall would stop the drug trade. The criminal build tunnels instead."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Roadmap 2021: What’s coming from 3CX
Advertisement Feature

Roadmap 2021: What’s coming from 3CX

30 Mar 2021