Profile picture
Headsnipe01 @Headsnipe011
, 17 tweets, 5 min read Read on Twitter
WASHINGTON, DC – House Oversight and Government Reform Committee Republicans released a staff report after the Committee’s 14-month investigation into the Equifax data breach, one of the largest data breaches in U.S. history.
Through the investigation, the Committee reviewed over 122,000 pages of documents, conducted transcribed interviews with three former Equifax employees directly involved with IT, and met with numerous current and former Equifax employees,
in addition to Mandiant, the forensic firm hired to conduct an investigation of the breach.

Read the full report here.

oversight.house.gov/wp-content/upl…
Key Findings

• Entirely preventable. Equifax failed to fully appreciate and mitigate its cybersecurity risks. Had the company taken action to address its observable security issues, the data breach could have been prevented.
• Lack of accountability and management structure. Equifax failed to implement clear lines of authority within their internal IT management structure, leading to an execution gap between IT policy development and operation.
Ultimately, the gap restricted the company’s ability to implement security initiatives in a comprehensive and timely manner.
• Complex and outdated IT systems. Equifax’s aggressive growth strategy and accumulation of data resulted in a complex IT environment. Both the complexity and antiquated nature of Equifax’s custom-built legacy systems made IT security especially challenging.
• Failure to implement responsible security measurements. Equifax allowed over 300 security certificates to expire, including 79 certificates for monitoring business critical domains.
Failure to renew an expired digital certificate for 19 months left Equifax without visibility on the exfiltration of data during the time of the cyberattack.
• Unprepared to support affected consumers. After Equifax informed the public of the data breach, they were unprepared to identify, alert and support affected consumers.
The breach website and call centers were immediately overwhelmed, resulting in affected consumers being unable to access information necessary to protect their identity.
Recommendations

As one of the largest consumer reporting agencies in the United States, Equifax has a heightened responsibility to protect consumer data. The government also plays a key role in partnering with the private sector to prevent and mitigate cyberattacks.
The Committee’s report details seven recommendations to protect consumers, increase oversight, accountability, and transparency, and modernize IT security solutions. These recommendations will require the work of Congress, the executive branch, and the private sector.
Read the Committee’s full list of recommendations here.

oversight.house.gov/wp-content/upl…
Background

• On September 7, 2017, Equifax announced a cybersecurity incident affecting 143 million consumers. This number eventually grew to 148 million – nearly half the U.S. population and 56 percent of American adults.
• On September 14, 2017, the Committee opened an investigation into the Equifax data breach.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Headsnipe01
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!