![]() Barr said that ‘This was a deliberate and sweeping intrusion into the private information of the American people’. They hacked into the Equifax computer network and performed unauthorized access, stealing sensitive and personal information of millions of people. The US Department of Justice publicly announced the accused names who were the members of part of Chinese Military. The Equifax’s database architecture was violated with approximately nine thousand queries by the attackers and obtained sensitive information of the millions of individuals (US Department of Justice, 2020). Then they performed remote code execution. With this software issue, hackers were able to create server-side error which stopped system from protecting outsider’s SQL/Script injection. ![]() The concerning authorities who were using the Struts 2 were strongly recommended to upgrade to Struts 2.3.32 or Struts 2.5.10.1 (Gielen, 2017).įigure 2: Summary of the Apache Strut 2 Vulnerability (Gielen, 2017)Īccording to the formal accusation, the hackers exploited the above-mentioned security vulnerability in the Struts Web Framework that was used by the Equifax’s online portal. ![]() The struts version 2.3.5 – 2.3.31, 2.5 – 2.5.10 were affected from this vulnerability. On this security bulletin, it was mentioned that there was possibility to perform remote code execution while uploading file based on Jakarta Multipart parser. On March19 2017, a critical security vulnerability patch update was published by Apache Software Foundation on their software product which is open-source web application framework known as ‘Apache Struts 2’. Vulnerability that was exploited to breach This breach exposed the personal information like name, date of birth, social security number, address, credit card numbers, driver licence number (Leonhardt, 2019). Such exposure of critical personal information creates the chances of identity theft of the individuals/victims. The company admitted in the investigation that they were aware about the external intrusion in March that the hackers were able to exploit the vulnerability in specific system. The company publicly announced that the personal information of more than 147 million people was exposed during the massive data breach. On September 2017, Equifax Agency failed to protect its enormous data collection of the consumers and data breach existed. In the previous section, the importance of data protection and relevant information were discussed. The real-time analysis on live security threats is monitored by the dedicated security teams protecting company from 360-degree risk’s (Haas, 2019). The dedicated security team is responsible for bridging the gap of digital transformation on valuable information assets. The IT complexity of the organization needs to be well prepared for any upcoming security risks and possible data breaches. The US Federal Government aims at protecting consumer’s information by providing guidelines to companies for maintaining advanced execution on cybersecurity and data protection relevant act. Now it is clear how these credit rating agencies performs its business model in short, it is necessary to understand that this type of company based on civil people’s personal information, the privacy maintenance is to be their top priority. The credit rating agency collects bulk financial information on larger companies conducting brief analysis on operations, finances, governance then issues the credit ratings (International Finance Corporation, 2006). This way, such bureaus make revenue while it is different in case with credit rating agency. Credit Bureau sells the generated comprehensive credit report to creditors. ![]() These information are collected from creditors and available public sources on a borrower's credit history. Utilizing all the individual’s relevant information, Credit Bureau generates the potential deserving credit score. It collects relevant information like credit account details, payment history, account transaction activity, debt collections (Equifax, 2021). The company’s business model works by gathering general individual customer’s financial information, generates findings from the collected information and provides the potential credit rating. Figure 1: Logo of Equifax Credit Reporting Agency
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |