Book a Demo

Infographic The true cost of the Equifax Breach

Elizabeth Gladen
1:40 PM on May 28, 2019
2 min. read

Who's Accessing Your Data? This Infographic is a timeline highlighting the cost of the Equifax breach… so far! It has reported clean-up costs of $ 1.4 billion to date. They received $125 million in cybersecurity insurance reimbursement and the costs continue to rise.

Cyberseer Inforgraphic - Who's Accessing Your Data? - The True Cost of the Equifax Breach...So Far!

Equifax reported 8th September 2017 that 143 million consumer records may have been stolen in a massive global data breach. Data included names, addresses and dates of birth, as well as credit card numbers in a smaller number of cases. With UK consumers, the information which may have been accessed is limited to:

  • Names
  • Dates of birth
  • E-mail addresses
  • Telephone numbers

Equifax stated that no UK consumers had residential addresses, passwords or financial data accessed.

The attack occurred between 13th May 2017 to 29th July 2017. It wasn’t discovered until 29th July 2017.

The UK ICO issued a £500,000 fine to Equifax for failing to protect the personal information of up to 15 million UK citizens during the cyber attack in 2017.

The Canadian Office of the Privacy Commissioner has required Equifax’s Canadian division to sign a compliance agreement mandating Equifax submit third-party audit reports on both its security as well as the security of its parent company every two years, for the next six years.

Equifax is paying the ultimate price as its latest figures report a loss of $559.9 million for its first quarter ending March 31st, 2019. The resulting legal costs and investigations haven’t stopped taking a big bite out of the company’s bottom line.

Impact:

  • 143 million consumers globally had data stolen (mainly US, Canada and 15 million UK citizens)

Five main factors of the cyber breach:

  1. Identification
  2. Detection
  3. Segmentation
  4. Data Governance
  5. Failure to rate-limit database requests

Failures that led to the Equifax breach:

  • The exploitation of a known vulnerability on an unpatched Apache Struts server. Homeland Security had issued details of the vulnerability some months beforehand.
  • Persistent attackers went undetected for months.
  • Discovery of an unencrypted file of passwords on one system allowed lateral movement across multiple other systems.
  • Attackers were unchallenged when they sent over 9000 queries to 51 databases containing unencrypted consumer credit data.
  • 265 separate data exfiltration opportunities were missed due to the network monitoring system being inactive for 19 months as its security certificate had expired.

The former CIO reported that had Equifax patched the vulnerability within 2 days of patch release, the breach could have been prevented.

Breach costs may continue and it is impossible at this time to estimate the additional possible loss in addition to the amount already accrued.

Cyber-attacks of this nature prove the reasons for investing in your security systems and why it’s important to do the basics and maintain them. You may also find Cyberseer's additional cybersecurity resources below useful:

8 reasons for detecting and investigating a security incident with a Managed Security Service Provider (MSSP) here

Cyberseer - Managed Security Service Partner
Infographic

Read On

Resources-View-SOC-Services-for-Darktrace

Interested in SOC Services for Darktrace?

Enhance your cybersecurity posture and embrace the future of threat detection with Cyberseer's SOC services for Darktrace.

Resources-Cyberseer-ebook-five-ways-to-boost-your-detection

eBook: Threats from Within

Review our eBook for 5 ways to boost your threat detection capability and capacity.

Contact-us

Contact Us

Have questions, need assistance, or ready to enhance your cybersecurity strategy? Our team at Cyberseer is here to help. Reach out to us for personalised guidance and expert advice.

Sign up to receive Cyberseer blogs directly to your inbox: