Other Articles:


The Equifax Hack – A Huge Deal

Important Updates

9/13/17  - Since the last posting it was discovered that Equifax had the default login credentials of "admin" for user and password on an Argentina server which exposed the personal information of 14,000 employees.

9/14/17  - The actual exploit that disclosed the 143 million US credit records was CVE-2017-5638. It was announced/released March of 2017. This vulnerability is called the "Apache Struts", affecting all versions of Apache before 2.3.32 or on the 2.5 track all before 2.5.10.1.

We’ve certainly seen our fair share of big-news hacks over the last few years with household names like Home Depot, Target, HBO, and Anthem Health, to name a few.  Even as big as some of these data breaches were – Anthem was 80 Million records – they affected just one or two key areas of our lives, typically one credit card or a subset of our personal information. While still a big deal, the worst part for most people was an inconvenient afternoon updating auto payments on multiple vendor sites or monitoring bank statements a little closer.  Though serious in their own rite, they simply pale in comparison to the Equifax Hack – this is a very big deal.

The Equifax Hack affects virtually every aspect of your personal data protection.  Most pieces of data used to uniquely identify 143 MILLION people is out there: DOB, SSN, Driver’s License and potentially current and previous addresses, employment history, you name it. Combine that with the personal life information we now share so regularly on social media and you get pretty much everything needed to access accounts and perform password resets or open new accounts in your name. Every account is at risk for 143 million Americans, nearly everyone living in the United States with a credit history. This is no joke, this is not hyperbole, it affects you and it affects me. It is very much a HUGE DEAL!

We are not going to regurgitate the top 10 things everyone should do as a result of the Equifax Hack as there are at least 100 articles published on that already.  We are not going to scream for removal of the SSN as the unique identifier for medical services. Put simply, it doesn’t matter anymore. Just spend a few minutes thinking about the logic surrounding this – regardless of what is being used to prove your identity, this hack would have spilled it along with all necessary supporting documentation. It’s all out there and ripe for the picking.

…regardless of what is being used to prove your identity, this hack would have spilled it along with all necessary supporting documentation.

So, how could this happen?

PCI-DSS has strict guidelines to protect our credit cards and related transactions.  HIPAA has stringent regulations on PHI/ePHI and requires regular assessments. Most industries have regulations requiring steps that should, could or would have prevented this monumental breach.  So, how did it happen?  Did Equifax just not care?  Was this gross negligence?  The reality is

Read More

Cybersecurity Cultures Aren’t Built in a Day

Do your users look at every link in every email with suspicion – even if it appears to come from an internal email address?  Do they look at each social media link as a potential danger to the wellbeing of their friends and family? Or do they think it’s crazy they can’t share the latest … Continued

ePHI – Most Valuable Data Records Sold on the Dark Web

“HIPAA Security Officers – Your networks really ARE the PRIMARY target of the ‘Bad Guys’, ‘Bad Actors’, ‘Hackers’, etc. Whatever you want to call them, make no mistake – you are charged with safeguarding what they want. Do your security countermeasures rise to the level of the threat or are you simply content with being … Continued

What Cyber Security Certification Do We Need?

  That is the question (or something very similar) that I invariably get after presenting the results of a security engagement where the seemingly obvious were exploited.  These are the kinds of exploits that lead to administrator-level access to systems in hours (or even minutes), and that could expose sensitive organizational data or PII. Whenever … Continued

Find out how our friendly security experts can help you today

Get more info

Follow Spohn