Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday September 18 2017, @09:41AM   Printer-friendly
from the retired-or-fired dept.

Submitted via IRC for SoyCow5743

On Friday, Equifax announced that two top executives would be retiring in the aftermath of the company's massive security breach that affected 143 million Americans.

According to a press release, the company said that its Chief Information Officer, David Webb, and Chief Security Officer, Susan Mauldin, would be leaving the company immediately and were being replaced by internal staff. Mark Rohrwasser, who has lead Equifax's international IT operations, is the company's new interim CIO. Russ Ayres, who had been a vice president for IT at Equifax, has been named as the company's new interim CSO.

The notorious breach was accomplished by exploiting a Web application vulnerability that had been patched in early March 2017.

However, the company's Friday statement also noted for the first time that Equifax did not actually apply the patch to address the Apache Struts vulnerability (CVE-2017-5638) until after the breach was discovered on July 29, 2017.

Source: https://arstechnica.com/tech-policy/2017/09/equifax-cio-cso-retire-in-wake-of-huge-security-breach/

Also at https://www.bleepingcomputer.com/news/security/equifax-releases-new-information-about-security-breach-as-top-execs-step-down/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Monday September 18 2017, @12:16PM (7 children)

    by Anonymous Coward on Monday September 18 2017, @12:16PM (#569719)

    Can someone more familiar explain whether this company can survive somehow? Who are their actual customers? Do they still want to do business with Equifax?

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1  
  • (Score: 4, Interesting) by Thexalon on Monday September 18 2017, @12:32PM (2 children)

    by Thexalon (636) on Monday September 18 2017, @12:32PM (#569724)

    Their "actual customers" are businesses that want to run credit checks on ordinary people. Which, since many businesses use credit rating as a measure of overall responsibility, is more than you might think. For instance, it's pretty common for employers to run credit checks on people they're considering hiring (which makes it harder if you have bad credit to get a job, making it harder to fix your credit).

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 0) by Anonymous Coward on Monday September 18 2017, @05:43PM

      by Anonymous Coward on Monday September 18 2017, @05:43PM (#569822)

      So we need to cross our fingers that whoever is behind this breech sells it to their "actual customer" for less and undercuts Equifax's business.

    • (Score: 2) by frojack on Wednesday September 20 2017, @07:02PM

      by frojack (1554) on Wednesday September 20 2017, @07:02PM (#570786) Journal

      run credit checks on ordinary people.

      Gee, its too bad Equifax is powerless to protect credit rating of the ordinary people [equifax.com] who's data was breached.

      --
      No, you are mistaken. I've always had this sig.
  • (Score: 5, Interesting) by bradley13 on Monday September 18 2017, @12:37PM (2 children)

    by bradley13 (3053) on Monday September 18 2017, @12:37PM (#569725) Homepage Journal

    Their customers are companies considering giving credit cards or loans to individuals. They pay Equifax, and get information on the individual. Supposedly, this is the same information that you see when you ask for a copy of your credit report. However, numerous anecdotes would seem to indicate that that there is additional information that they only show their real customers.

    Can they survive? That depends on the lawsuits. Given the size of this breech, it seems entirely likely that the judgements will drive Equifax bankrupt. That doesn't mean much - that's just a way of limiting the financial damage. The company will almost certainly rise again, under cover of the bankruptcy laws, and continue where it left off. If it gets really bad, maybe they will sell their business assets to a new entity (formed for the purpose), so that they can resume business under a new name.

    Most importantly, be assured that none of the executives will suffer. Remember the 2008 financial crisis? The one that nearly brought down the entire international banking system? A couple of years after the crisis, I checked on the executives of the companies most to blame for the mess. Without exception, they all found soft landings. Either they retired, or - if they were younger - they were in new CxO positions at other banks, private equity firms, or whatever. Aside from a bit of momentary embarrassment, the results of their malfeasance didn't personally inconvenience them at all.

    --
    Everyone is somebody else's weirdo.
    • (Score: 4, Insightful) by bob_super on Monday September 18 2017, @07:04PM

      by bob_super (1357) on Monday September 18 2017, @07:04PM (#569858)

      > it seems entirely likely that the judgements will drive Equifax bankrupt

      They'll settle out of court with the DOJ for a ridiculously small amount, and people will be rewarded for a job well done.

      Can we attack the real problem: Why the [bleep] is your SSN, DOB and address all anyone needs to completely impersonate you?
      I thought we celebrated that 21st century thingy, a long while back. Some systems didn't get the memo...

    • (Score: 2) by nobu_the_bard on Monday September 18 2017, @09:30PM

      by nobu_the_bard (6373) on Monday September 18 2017, @09:30PM (#569936)

      There is additional information they show their real customers, yes.

      Among them: you have a separate credit score for car buying, for example. In my experience it is typically lower than your main credit score. This is not included among the free ones you can request. There is also a separate one for something home related, I think getting home mortgages. There are probably another two or three besides.

  • (Score: 0) by Anonymous Coward on Monday September 18 2017, @03:59PM

    by Anonymous Coward on Monday September 18 2017, @03:59PM (#569782)

    Apparently it is a spying company, the most lucrative business today. (see e.g. goog) Such scum flourish mostly because stupid and naive people spill their guts on the internet (especially "social media" interactions and unprotected web browsing in general). I don't know whether they will survive this giant fuckup but if they do, you'll want to buy some shares. Looking at how past similar situations have evolved, they'll probably go unscathed or at worst get a slap on the wrist. Humanity is pretty well fucked.

    If you don't know what a hosts file is, do yourself and the rest of us a favor and do find out. Could you live your online life without JavaScript and cookies? Or at least radically reduce your exposure? (see NoScript, consider allowing only cookies that YOU need) Do you use a proprietary operating system that spies on you all the time? You know, there are alternatives that offer a much improved e-hygiene.