Incident Overview
In 2017, Equifax, a major credit reporting agency, suffered a breach that exposed the sensitive data of 145.9 million people, including Social Security numbers, birth dates, addresses, and some credit card numbers. This breach is considered one of the most damaging in history due to the scale and sensitivity of the information compromised.
How It Happened
-The attackers exploited an unpatched vulnerability (CVE-2017-5638) in Equifax’s online dispute portal. Despite a patch being available, it was not applied in time.
-The breach occurred in March 2017, but the attackers remained undetected for months, moving laterally through the network due to insufficient network segmentation.
-Attackers exfiltrated data between May and July 2017. The breach went unnoticed because Equifax’s security monitoring tools were disabled due to an expired TLS certificate.
Impact
- Data Exposure: The breach affected 147.9 million U.S. residents, including some in Canada and the UK. Exposed data included Social Security numbers, birth dates, addresses, and around 200,000 credit card numbers.
- Financial Consequences: Equifax faced up to $700 million in settlements and fines, including compensation for affected consumers.
- Reputation Damage: The breach severely impacted Equifax’s credibility, leading to a loss of trust from consumers and business partners alike.
Lessons Learned
- Regularly update and patch software vulnerabilities to prevent exploitation.
- Enforce network segmentation to limit attacker movement within systems.
- Maintain up-to-date security certificates to ensure proper monitoring of data traffic.
