NonStop Insider

job types

Site navigation

Recent articles



For monthly updates and news.
Subscribe here
NonStop Insider

A view from comForte on the Equifax Data Breach




The news headlines in the US for this first week of September 2017 were: Hurricanes Harvey and Irma, NFL season starts, and Equifax data breach of 143 million Americans.  (I purposely left out any politico headlines)

Reading and listening to the details from various sources about the Equifax data breach, it sure sounds like another ‘here-we-go-again’ story.  Here’s a quick summary:


How did this happen?  According to the Notice of Breach statement on Equifax’s website, it says:  “criminals exploited a U.S. website application vulnerability to gain access to certain files…”

Just how bad was this data breach?  “On a scale of one to 10, this is a 10 in terms of potential identity theft” – Gartner security analyst Avivah Litan

As what many of us do, who work for a technology company, I wondered what could our solution have done to help minimize or prevent the data breach.  I work at comForte and we are software developers and one of our specialties is Data Protection.  Hopefully most of the readers on the NonStop Insider have heard of comForte, but if not, here’s a link to our website

I’m sure Equifax has a robust Data Security program – it’s the very foundation of the services they offer, being in the credit bureau business.  There are many details left out of the data breach at this time – but the question I’m sure many people in the data protection business are asking – how was the sensitive data protected?  Sure, we want to know how the hackers got in, what vulnerability was exploited, what intrusion detection was being used.  But, as at the core of it all is the data – so what were they doing to protect it in the “certain files” that Equifax says the hackers accessed.

At comForte, for data protection, we recommend tokenization of the sensitive data.  Replace the data in files with a token value so that if it is stolen, it has no exploitable value to a criminal.  Imagine if Equifax tokenized their data, and 143 million elements of data didn’t show names, social security numbers, birth dates, credit card numbers, etc., but instead would show scrambled letters and numbers in their place.  The hackers would have nothing of value, and most of all, millions of people would not have to worry about their personal info being sold off into the Dark Web for years to come!

If you are not sure how your company is protecting sensitive data, you might want to explore data protection with tokenization.  Many of our high profile customers deploy this method today – unfortunately we have not had a chance to talk to Equifax… yet…

For all contact information by region, turn to