A Brief History of Equifax Security Fails

September 18, 2017
Forbes

In one case, it had to change its ways following a class action lawsuit over an alleged lapse in security. That suit related to a May 2016 incident in which Equifax's W-2 Express website had suffered an attack that resulted in the leak of 430,000 names, addresses, social security numbers and other personal information of retail firm Kroger. Lawyers for the class action plaintiffs argued Equifax had "wilfully ignored known weaknesses in its data security, including prior hacks into its information systems."

Equifax sought to have the case thrown out with prejudice (i.e. the matter would be closed permanently), arguing the plaintiffs were basing their demand for compensation, as much as $5m, on "speculative and hypothetical injuries." In the end, the case was dropped without prejudice (i.e. the claims could be brought again), with the stipulation that Equifax fix a glaring security issue. The flaw was the result of an Equifax decision to have client employees access their data with the use of default PIN numbers. The PINs, according to the plaintiff complaint, consisted of the last four digits of an individual's social security number and their four-digit year of birth. A determined hacker could gather such information by scouring the web, or duping a target into coughing up the information. In closing the case, Equifax agreed to stop using those default PINs.

But problems with PINs appeared to have continued after that settlement in September last year. As independent cybersecurity reporter Brian Krebs reported in May 2017 an Equifax note to customers that hackers had used personal information to guess personal questions of employees in order to reset the 4-digit PIN given and stolen tax data. In its disclosure, Equifax said the unauthorized access to the information occurred between April 17 2016 and March 29 the following year.

In January 2017, Equifax was forced to confess to a data leak in which credit information of a "small number" of customers at partner LifeLock had been exposed to another user of the latter's online portal.

Read Full Article

    RELATED CONTENT

    RELATED VIDEOS

    Global Supply Chain Management Regulation & Compliance Supply Chain Security & Risk Mgmt High-Tech/Electronics
    KEYWORDS Global Supply Chain Management High-Tech/Electronics Regulation & Compliance SC Security & Risk Mgmt
    Forbes

    From Virtual Restaurants to Exclusive Pop-Ups, the New War in Food Delivery Is in the Kitchen

    More from this author

    Featured Product

    Popular Stories

    Digital Edition

    2026 esg cover main scb q2 2026 cover

    SupplyChainBrain 2026 ESG Guide: ESG — The Supply Chain’s Biggest Secret

    VIEW THE LATEST ISSUE

    Case Studies

    Visit Our Sponsors

    4flow Arkieva Blue Yonder
    Carton Cloud CoEnterprise Dassault
    Duravant E2Open General Logistics Systems
    Hy-Tek iGPS Korber
    Lyngsoe Procurability Quinyx
    SAP Sikick Systech
    S&P Global Mobility TADA TransImpact
    US Bank Werner Enterprises WSI