From cyberscoop.com
The devastating 2017 breach of credit-reporting company Equifax, which exposed data on 148 million people, was “entirely preventable” had the company applied proactive security measures, a congressional investigation has concluded.
“Had the company taken action to address its observable security issues prior to this cyberattack, the data breach could have been prevented,” says the report issued Monday by Republicans on the House Oversight and Government Reform Committee.
The committee’s 96-page report lays out why the hack, which compromised people’s names, social security numbers, addresses, credit card numbers, and other identifiers, has become a case study in failed IT leadership and software patching.
A “lack of accountability and no clear lines of authority in Equifax’s IT management structure” meant key security protocols were neglected, the House panel found: Equifax allowed over 300 security certificates to expire, including 79 for monitoring “business-critical” domains.