Separate domain and webpage to deal with all of the information that needed to be disseminatedĪnd to communicate with affected users and stakeholders (Equifax, 2019). Handling of the notification of the breach was met with great criticism. Ultimately, this resulted inĪnnouncements that the personal information of some 145 million Americans, 8,000 Canadians,Īnd 693,000 British citizens’ information had been compromised due to a data breach.Įquifax’s lackluster response to the notification of the vulnerability and bumbled Initial investigation indicated that many files were breached. Three days and later hired an external cybersecurity firm to conduct a forensic investigation. Equifax took the application off-line and During this time, the security department atĮquifax noticed suspicious activity on the network. Unpatched and unprotected until July 29, 2017. Report did not show a vulnerability to the Apache Struts issue. Vendor, Equifax conducted a scan of its systems (Marinos & Clements, 2018). Notification from the Department of Homeland Security, and six days after notification from the On Masome eight days after the patch announcement, seven days after On March 8, 2017, theĭepartment of Homeland Security contacted Equifax as well as the other credit reportingĪgencies to notifying them of the system’s vulnerability and directed them to install the patch.Įquifax systems administrators were contacted on Maby the Apache Softwareįoundation, who also directed them to install the patch. Then they made an announcement to the world to inform them of the issue (Marinos The Apache Software Foundation discovered the potential vulnerability and made a patch Target for various cyber criminals because it can offer a potential entry point to a great number of This useful product is used by many organizations, thereby making it an exceptional Popular framework for creating streamlined Java applications (The Apache Software Foundation,Ģ018). Means of crafted: Content-Disposition, Content-Type, or Content-Length HTTP header with aĬontent-Type header containing the characters #cmd=string (NIST, 2018). This vulnerability allows enablesĪttackers from a remote location to execute arbitrary commands that can be created remotely by Multipart parser of the software when users go to upload files. This vulnerability takes advantage of exception handling issues in the Jakarta The vulnerability that enabled miscreants toĮnter the Equifax systems and effect the data breach was a vulnerability called Apache StrutsĬVE-2017-5638. In the initial announcement, Equifax stated that miscreants had infiltrated their systemsįrom May through July of 2017 (Gressin, 2017). The borrowers credit risk, which is used to make a lending decision. When someone wants to borrow money, the new lender checks this information to assess Institutions report the information about payment history, balances, and other key information Rather than the individuals listed in the database. Further, the system is not an opt in system, as the data is gathered from businesses The data stored by Equifax contains each person’s personalĬredit history, which includes personal identifying information, known addresses, and account Running head: A Case Study Analysis of the Equifax Data Breach 1Ī Case Study Analysis of the Equifax Data Breach The user has requested enhancement of the downloaded file. Jason Thomas American Military UniversityĪll content following this page was uploaded by Jason Thomas on 13 December 2019. Some of the authors of this publication are also working on these related projects: See discussions, stats, and author profiles for this publication at: researchgate/publication/ A Case Study Analysis of the Equifax Data Breach 1 A Case Study Analysis of the Equifax Data Breach
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |