Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
GAO's Equifax report: Company left private data vulnerable on several fronts
https://www.marketwatch.com/story/gaos-equifax-report-company-left-private-data-vulnerable-on-several-fronts-2018-09-07GAO’s Equifax report: Company left private data vulnerable on several fronts
Published: Sept 8, 2018 7:56 a.m. ET
By
Francine McKenna
A new report from a government watchdog concludes that Equifax left information vulnerable on several fronts that led to hackers getting access to the sensitive personal information of millions of Americans.
The Government Accountability Office on Friday released its report on the one-year anniversary of the public disclosure at Equifax after being commissioned to write it by Sen. Elizabeth Warren, the Massachusetts Democrat who championed the creation of the Consumer Financial Protection Bureau, and Rep. Elijah Cummings, the Maryland Democrat who is the ranking member of the House Committee on Oversight and Government Reform. Oregon Senator Ron Wyden, the ranking member of the Senate Finance Committee and Rep. Trey Gowdy, the chairman of House Oversight were co-requesters with Warren and Cummings.
The GAO report describes in detail how hackers exploited significant vulnerabilities at EFX, +0.11% to gain access to the sensitive personal information of more than 145 million Americans.
According to the GAO, “Equifax determined that several major factors had facilitated the attackers’ ability to successfully gain access to its network and extract information from databases containing [personally identifiable information]” and that “key factors that led to the breach were in the areas of identification, detection, segmentation, and data governance.”
In addition, according to the GAO report, the lack of restrictions at Equifax on the frequency of database queries allowed the attackers to execute approximately 9,000 such queries without detection by Equifax or its internal or external auditors—many more than would be needed for normal operations.
(snip)
Two Democrats say the report highlights the lack of any enforcement action yet by the Consumer Financial Protection Bureau and the Federal Trade Commission, the two agencies responsible for oversight of credit reporting agencies.
(snip)
2 replies
= new reply since forum marked as read
= new reply since forum marked as read
Kick in to the DU tip jar?
This week we're running a special pop-up mini fund drive. From Monday through Friday we're going ad-free for all registered members, and we're asking you to kick in to the DU tip jar to support the site and keep us financially healthy.
As a bonus, making a contribution will allow you to leave kudos for another DU member, and at the end of the week we'll recognize the DUers who you think make this community great.