Equifax in Hot Water for Misleading Timeline of Data Breach

By:  |  Category: Blog, Security Tuesday, September 19th, 2017  |  No Comments

Equifax not only exposed your data to hackers–they also mislead victims regarding the date of the breach. Hackers absconded our data in March (I say “our”…because my personal data was exposed too),  five months before they claimed to have been hacked, according to Bloomberg.

In response, Equifax suggested the March breach did not correspond to the hack that exposed the personal and financial data of 143 million US consumers and 400,000 UK consumers. But one of Bloomberg’s sources noted that the breaches involved the SAME gang of cyber attackers.

Equifax hired Mandiant, a cyber security firm, on both occasions. It appears they had the initial breach under control, but had to bring specialists back when it detected suspicious activity again on the 29th of July.

This new information will continue to drag down the 118-year-old company, whose lackluster response has been likened to Enron, the energy trading company that collapsed in 2001, whose lavish excess and spending were regarded as the epitome of the 1990s financial boom.

The US Department of Justice has initiated a criminal investigation into the data breach, with a special emphasis on the stock sales made by Equifax executives.

Regulatory filings on 1 August and 2 August show that the chief financial officer John Gamble sold shares worth nearly a million dollars, and Joseph Loughran, president of US information solutions disposed stock of $584,099.

Rodolfo Ploder, president of workforce solutions sold a quarter of million dollars worth of stock. None of the filings were scheduled as part of the company’s trading plans. Gamble had earlier sold 14,000 shares – to the value of $1.91m on May 23.

If it is shown that the executives sold stock knowing that either the March or July data breaches were likely to damage the company’s reputation they could be charged with insider trading.

However, Equifax stands by it’s executives, insisting they “had no knowledge that an intrusion had occurred at the time”.

Regardless, the firm will be scrutinized as to why the  details of the March breach had not been revealed at an earlier date, and for a clear timeline of events. The most pressing concern is how the dates of the cyber breaches match the “sold by” dates of the executives.

Equifax will also have to deal with nearly 40 US states that have joined a probe of the firm’s handling of the data breach, Congress is also probing the hack, and Equifax will have to gear up for a number of lawsuits to be filed against it.

On Friday, the company announced that its CIO and chief security officer had ‘retired’.

If your business is concerned about cybersecurity preparedness give EnhancedTECH a call at 714-970-9330 or contact us at [email protected] for a complimentary consultation.


Source image: https://www.pexels.com/photo/woman-s-hand-on-laptop-1799342/

Leave a Comment
Read previous post:
data center
Make Sure You Have the Right Data Center for your Business

Before you consider purchasing a new data center for your business, it’s important to determine which approach is most cost-effective....