Author: Kevin Robinson-Avila / Journal Staff Writer / Source: Albuquerque Journal
ALBUQUERQUE, N.M. — Cybersecurity experts say the massive breach of credit-reporting company Equifax Inc.’s data systems may be a needed wake-up call to galvanize business and government into much more aggressive action to protect online data in today’s hyperconnected cyber world.
Fallout from the breach, which could impact about 143 million U.S. consumers, is mounting, as federal and state-level agencies assess the full extent of the damage. Larger data breaches have occurred in recent years, but the Equifax breach exposed sensitive personal data – names, Social Security numbers, birth dates, and addresses for fully half of the U.S. population.
Equifax faces congressional investigations, class-action lawsuits, inquiries by the Federal Trade Commission and the Consumer Financial Protection Bureau, and action by attorneys general from around the country.
That includes New Mexico Attorney General Hector Balderas.
“Equifax needs to make right by our families,” Balderas said in a public statement last week. “We launched an immediate investigation into Equifax, the circumstances surrounding the breach, and the delay in disclosure to New Mexicans. Our office is working to hold Equifax accountable.”
Equifax is under fire for its actions before and after the data breach, particularly its decision to wait six weeks to publicly disclose the attack after discovering it on July 29.
Details are still scarce, but apparently hackers broke into Equifax through a flaw in the Apache Struts software package that runs one of its online web portals. That generated even more intense criticism, because that software vulnerability had already been publicly known since March, with a software patch available to fix it, but Equifax didn’t apply it until after its website was breached.
That apparently lax security, plus the immense damage cybercriminals could now inflict on consumers and businesses, may convert Equifax into a watershed event that pushes government and industry into much more aggressive efforts to fight cybercrime, according to industry experts.
“Awareness unfortunately comes from attacks like these,” said John Yun, marketing director for California-based cybersecurity firm ZingBox. “They almost need to happen to wake up to the possibilities of hacking. It brings a lot more awareness to the industry and security vendors themselves, as well as consumers.”
Cybercrime had already reached epidemic proportions. Nearly 1.1 billion identities were stolen worldwide through data breaches last year, almost double the 2015 tally, according to the latest annual Internet Security Threat Report released last spring by global cybersecurity firm Symantec Corp.
In the last eight years, such breaches have exposed more than 7.1 billion identities worldwide.
Attacks are radically escalating on all fronts, including massive heists with billions of dollars stolen, and chronic blackmail of businesses and consumers through ransomware that, in the U.S., is forcing victims to pay an average of $1,077 each time to retrieve control of their systems, according to Symantec. The number of ransomware attacks grew 36 percent…
Click here to read more