Patching and Passwords: Equifax Failures

Unless you live under a rock chances are you have heard about the May Equifax breach where hackers made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers.  Their former CEO appeared before congress last week and blamed the massive data breach on "both human error and technology failures." 

The company's processes to patch software bugs and identify hackers both failed.  Equifax received a government notice, prior to the breach, that one of the software programs they employed had a vulnerability and needed to be patched.  This patch, or update, was not performed.  To make matters worse, the company did not catch the suspicious website traffic until July 29, a full two and a half months after the initial breach.  

In September, Equifax was hacked again.  This time the company's Argentina Operation was breached.  How did this happen again?  Simply put, a terrible password practice.  An online employee tool could be accessed by typing 'admin' as both a login and password. This gave access to thousands of South American employees' personal information.

Due to poor IT practices Equifax now faces dozens of legal claims, the loss of it's CEO, a federal investigation and loss of consumer confidence.  In this day and age, companies of all sizes are at risk for cyber crime.  In order to best protect your company and it's sensitive data, please be sure that you are installing the updates or patches as they become available and make sure that you are utilizing good password practices.