Stories
Slash Boxes
Comments

SoylentNews is people

Former Equifax CEO Says Breach Boiled Down to One Person Not Doing Their Job

posted by cmn32480 on Monday October 09 2017, @09:22AM   Printer-friendly
from the shit-rolls-downhill dept.

MrPlow writes:

Submitted via IRC for Fnord666_

In a continued effort to pass on any responsibility for the largest data breach in American history, Equifax's recently departed CEO is blaming it all on a single person who failed to deploy a patch.

Hackers exposed the Social Security numbers, drivers licenses and other sensitive info of 143 million Americans earlier this summer by exploiting a vulnerability in Apache's Struts software, according to testimony heard today from former CEO Richard Smith. However, a patch for that vulnerability had been available for months before the breach occurred.

Now several top Equifax execs are being taken to task for failing to protect the information of millions of U.S. citizens. In a live stream before the Digital Commerce and Consumer Protection subcommittee of the House Energy and Commerce committee, Smith testified the Struts vulnerability had been discussed when it was first announced by CERT on March 8th.

Smith said when he started with Equifax 12 years ago there was no one in cybersecurity. The company has poured a quarter of a billion dollars into cybersecurity in the last three years and today boasts a 225 person team.

However, Smith had an interesting explainer for how this easy fix slipped by 225 people's notice — one person didn't do their job.

"The human error was that the individual who's responsible for communicating in the organization to apply the patch, did not," Smith, who did not name this individual, told the committee.

Source: https://techcrunch.com/2017/10/03/former-equifax-ceo-says-breach-boiled-down-to-one-person-not-doing-their-job/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Former Equifax CEO Says Breach Boiled Down to One Person Not Doing Their Job | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by TheRaven on Monday October 09 2017, @11:13AM (5 children)

    by TheRaven (270) on Monday October 09 2017, @11:13AM (#579236) Journal
    If one person failing to do their job can cause a compromise on this scale, then that implies that the institutional procedures are dangerously wrong. That, in turn, implies that there is already one person failing to do their job: The CEO, who failed to appoint a competent CIO, who, in turn, failed to ensure the correct procedures were in place.
    --
    sudo mod me up
    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Touché=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 5, Insightful) by isostatic on Monday October 09 2017, @11:47AM (2 children)

    by isostatic (365) on Monday October 09 2017, @11:47AM (#579243) Journal

    If one person can screw up and accidentally destroy your company, imagine what 1 person who's out to actually do harm can do.

    • (Score: 2) by Gaaark on Monday October 09 2017, @04:09PM (1 child)

      by Gaaark (41) on Monday October 09 2017, @04:09PM (#579298) Journal

      "Equifax did not say in its statement what retirement packages the executives would receive."

      What? No jail time?
      REALLLLLLY feck with your customers, put a company into dire financial straits (haven't looked: just assuming) and.....drumroll.....you get a retirement package?

      Are they out of 'steel toe up the ass' boots?

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---

      • (Score: 4, Insightful) by Thexalon on Monday October 09 2017, @06:37PM

        by Thexalon (636) on Monday October 09 2017, @06:37PM (#579352)

        REALLLLLLY feck with your customers, put a company into dire financial straits (haven't looked: just assuming) and.....drumroll.....you get a retirement package?

        This is nothing new. For instance, Carly Fiorina ran HP into the ground, and HP paid her $40 million to go away.

        --
        The only thing that stops a bad guy with a compiler is a good guy with a compiler.

  • (Score: 2) by EvilSS on Monday October 09 2017, @05:55PM (1 child)

    by EvilSS (1456) Subscriber Badge on Monday October 09 2017, @05:55PM (#579337)
    Well wouldn't it really be the fault of the shareholders, who voted for the board of directors, who hired the CEO, who hired the CIO, who hired the SR VP, who hired the VP, who hired the Sr Director, who hired the director, who hired the manager who oversaw the cyber security team, which had that one guy who didn't do his job, in the hole at the bottom of the sea?

    • (Score: 0) by Anonymous Coward on Monday October 09 2017, @06:50PM

      by Anonymous Coward on Monday October 09 2017, @06:50PM (#579356)

      Well, responsible or not, the shareholders are going to get shafted. How about them CxOs?