There have been numerous posts and tweets coming from the NonStop vendor community following RUG events worldwide: ETBC,...
A view from comForte on the Equifax Data Breach
The news headlines in the US for this first week of September 2017 were: Hurricanes Harvey and Irma, NFL season starts, and Equifax data breach of 143 million Americans. (I purposely left out any politico headlines)
Reading and listening to the details from various sources about the Equifax data breach, it sure sounds like another ‘here-we-go-again’ story. Here’s a quick summary:
- Sensitive information for about 143 million Americans was stolen by hackers – affects up to 44% of America
- names, Social Security numbers, birth dates, addresses, some driver’s license numbers
- about 209,000 US credit card numbers
- Criminals accessed files between mid-May and July 2017
- Equifax discovered the hack July 29, but waited until Sept 7 to warn consumers
- Equifax’s stock dropped 13 percent after announcing the breach
How did this happen? According to the Notice of Breach statement on Equifax’s website, it says: “criminals exploited a U.S. website application vulnerability to gain access to certain files…”
Just how bad was this data breach? “On a scale of one to 10, this is a 10 in terms of potential identity theft” – Gartner security analyst Avivah Litan
As what many of us do, who work for a technology company, I wondered what could our solution have done to help minimize or prevent the data breach. I work at comForte and we are software developers and one of our specialties is Data Protection. Hopefully most of the readers on the NonStop Insider have heard of comForte, but if not, here’s a link to our website https://www.comforte.com/products/protect/
I’m sure Equifax has a robust Data Security program – it’s the very foundation of the services they offer, being in the credit bureau business. There are many details left out of the data breach at this time – but the question I’m sure many people in the data protection business are asking – how was the sensitive data protected? Sure, we want to know how the hackers got in, what vulnerability was exploited, what intrusion detection was being used. But, as at the core of it all is the data – so what were they doing to protect it in the “certain files” that Equifax says the hackers accessed.
At comForte, for data protection, we recommend tokenization of the sensitive data. Replace the data in files with a token value so that if it is stolen, it has no exploitable value to a criminal. Imagine if Equifax tokenized their data, and 143 million elements of data didn’t show names, social security numbers, birth dates, credit card numbers, etc., but instead would show scrambled letters and numbers in their place. The hackers would have nothing of value, and most of all, millions of people would not have to worry about their personal info being sold off into the Dark Web for years to come!
If you are not sure how your company is protecting sensitive data, you might want to explore data protection with tokenization. Many of our high profile customers deploy this method today – unfortunately we have not had a chance to talk to Equifax… yet…