2017 Equifax Data Breach Incident Explained

Daphne Danfeng Yao

28 Jan 202105:32

Summary

TLDRThe Equifax breach of 2017 exposed sensitive information of over 145 million consumers, primarily due to the failure to patch a known vulnerability in Apache Struts. Despite having security measures in place, poor management and lack of network segmentation allowed attackers to navigate through systems undetected for months. The incident highlights critical lessons in cybersecurity, emphasizing the importance of timely patching, stringent data governance, and effective network segmentation to prevent unauthorized access. This breach serves as a reminder of the vulnerabilities that exist within even the largest organizations and the need for continual vigilance in data protection.

Takeaways

🔍 Equifax is one of the largest consumer credit reporting agencies in the U.S., along with Experian and TransUnion.
🔒 In 2017, Equifax experienced a significant data breach, exposing sensitive information of approximately 145.5 million U.S. consumers.
🕵️‍♂️ The breach was attributed to attackers exploiting a known vulnerability in Apache Struts that Equifax failed to patch for 146 days.
📅 The breach was publicly announced on September 7, 2017, nearly four months after it began.
🚫 Equifax's security lapses included inadequate segmentation of systems and storing usernames and passwords in plain text.
📉 Attackers exfiltrated terabytes of data undetected due to the failure to renew an encryption certificate on an internal tool.
⚠️ Security assessments by the consulting firm Mandiant revealed multiple unpatched and misconfigured systems.
🔑 Data governance is critical; access to sensitive information should be granted only on a need-to-know basis.
🚨 Suspicious database activity, such as the execution of 9,000 queries in a short time frame, should trigger alerts.
🔒 Effective segmentation of systems is essential to prevent lateral movement by attackers within the network.

Q & A

What is Equifax, and what role does it play in consumer credit reporting?
-Equifax is an American multinational consumer credit reporting agency, one of the three largest agencies alongside Experian and TransUnion. It collects information on over 800 million individual customers and more than 88 million businesses worldwide.
What was the scale of the 2017 Equifax data breach?
-The 2017 data breach affected approximately 145.5 million U.S. consumers and involved the exfiltration of hundreds of millions of customer records, including sensitive personal information.
How did attackers gain access to Equifax's systems?
-Attackers exploited a vulnerability in Equifax's web portal related to Apache Struts, which Equifax failed to patch for 146 days after the vulnerability was publicly disclosed.
What was a significant internal failure that contributed to the breach?
-Equifax failed to renew an encryption certificate for one of its internal security tools, allowing encrypted traffic to go uninspected and enabling attackers to exfiltrate data undetected for months.
What were some of the security lapses that allowed the breach to occur?
-Key lapses included failure to patch known vulnerabilities, inadequate segmentation of systems, and the storage of usernames and passwords in plain text.
What measures did Equifax take in response to growing security concerns before the breach?
-Equifax hired a security consulting firm, Mandiant, to assess its systems after noticing a series of incidents involving stolen Social Security Numbers used to access its sites.
What were the three main lessons learned from the Equifax breach?
-1. No network is invulnerable, highlighting the importance of regular patching. 2. Data governance is key, advocating for limited access based on necessity. 3. Effective system segmentation is crucial to prevent lateral movement by attackers.
How did the attackers manage to execute nearly 9,000 database queries without being detected?
-The attackers were able to execute numerous queries quickly due to poor monitoring and governance practices within Equifax's database access controls.
What role did the Apache Struts vulnerability play in the breach?
-The Apache Struts vulnerability, known as CVE-2017-5638, was the initial point of entry for attackers into Equifax's systems, which had a patch available but was not applied in time.
What could Equifax have done differently to prevent the breach?
-Equifax could have applied the available patches promptly, renewed its encryption certificates, limited access to sensitive data, and improved monitoring for unusual activities within its systems.