House Republicans spent 14 months investigating the 2017 Equifax breach only to reach the same conclusions that about everyone else with a head did in the quick wake of the company ’s disclosure . The severance was “ entirely preventable , ” lawmakers found , and the credit reportage agency ’s shit management did dead nothing to harbor consumers from this mess .
Luckily for Equifax , the same lawmakers who helped create a raw reputation have wangle to pop off precisely zero law that would discourage future acts of carelessness on this scale . The only compensation consumers have been offered isfree credit freezes constantly — a utilitarian tool for the next time 147 million people minding their own business get screwed with their pants on .
The full report , published by House Oversight and Government Reform Committee Republicans on Monday , is96 pageboy longand offers Equifax some becoming , if not totally obvious , advice , such as : “ melt off use of Social Security Numbers as personal identifier ” and “ enforce modernized IT solutions , ” wo n’t you please .
But there ’s really no need to register past the summary unless you enjoy do your blood roil . It spells it all out pretty clearly . And though we ’ve all known this information for some clip , now it ’s all write out underneath a fancy and very official - looking seal .
Here ’s a summary of the findings in full :
Entirely preventable . Equifax go bad to fully value and mitigate its cybersecurity risks . Had the troupe take action to call its observable security issues , the data breach could have been prevent .
Lack of answerability and management social system . Equifax flunk to implement unmortgaged lines of government agency within their interior IT management construction , lead to an execution crack between IT insurance policy developing and operation . Ultimately , the gap restricted the company ’s power to follow through security initiatives in a comprehensive and timely way .
Complex and outdated IT organization . Equifax ’s belligerent growth strategy and accumulation of data leave in a complex IT environs . Both the complexness and antiquated nature of Equifax ’s custom - built legacy system of rules made IT security especially challenging .
Failure to go through responsible certificate measurements . Equifax allowed over 300 security department certificates to pop off , include 79 security for monitor business decisive domains . Failure to renew an expired digital certificate for 19 months left Equifax without visibility on the exfiltration of data during the fourth dimension of the cyberattack .
Unprepared to support affected consumers . After Equifax informed the public of the data point breach , they were unprepared to identify , alert and support touch consumer . The falling out site and call center were immediately overwhelmed , resulting in affected consumer being unable to access data necessary to protect their identity .
you’re able to afull copy of the theme herein all its unfathomable gloriole .
The debate over how to handle this case of collective malfeasance spiked last twelvemonth , and although Facebook seemed to have reignite it this summertime with its own legion data - relate unsuccessful person and executive showing of ignorance and disrespect , it ’s anyone ’s guess whether Congress will ever get its shite together .
However , some lawmakers have do to the conclusion that this will never end and that we ’re bound to watch “ Equifax - corresponding ” tragedy take place over and over until the government starts imposing monumental fines and peril todrag corporate executive off to poky .
That programme seems perfectly reasonable — after all , we ’ve already try not give anybody accountable , and thatdoesn’t really appear to be figure out .
EquifaxPrivacySecurity
Daily Newsletter
Get the best tech , science , and culture newsworthiness in your inbox daily .
News from the future , delivered to your present .
You May Also Like
