Latest in Gear

Image credit:

House committee says Equifax data breach was 'entirely preventable'

Mismanagement, outdated tech and basic security steps were to blame.
Jon Fingas, @jonfingas
December 10, 2018
Share
Tweet
Share

Sponsored Links

Andrew Harrer/Bloomberg via Getty Images

Congress clearly didn't buy Equifax's attempt to pin its massive data breach on one lone technician. The House Oversight and Government Reform Committee has released a staff report declaring that the breach was "entirely preventable" and the result of widespread, systemic flaws in Equifax's security policies. The company didn't have "clear lines of authority" in its IT structure that would have properly enacted policies, for one thing. It also had "complex and outdated" systems that didn't keep pace with its growth, wasn't prepared to help victims and made basic security missteps. Equifax let more than 300 security certificates expire, for example, making it difficult to spot intrusions.

The committee also made a number of recommendations that it said would need the cooperation of Congress, the White House and private companies. It called for greater transparency on data collection and security risks, "modernized" IT, reduced uses of Social Security numbers as identifiers. The government should also determine whether or not the FTC's oversight is enough, keep federal contractors more accountable for their security and verify the effectiveness of post-breach services like identity protection.

In response, Equifax argued there were "significant inaccuracies" in the report and that it didn't have much time to review the findings, although TechCrunch said the ostensible errors were "nit-picks" such as the duration of credit monitoring offers and a state settlement that hasn't taken place. There weren't fundamental disagreements with the report's conclusions. Equifax added that it had implemented "meaningful steps" to bolster security and was "generally supportive" of the recommendations.

The larger question is whether or not anything will change as a result. It's easy to make recommendations, but it's another to have multiple parties implement improvements. And as we've seen, Equifax leadership hasn't always been forthright about what's going on. On top of its attempted scapegoating, it has also faced investigation for suspicious stock trades and made questionable claims that executives were 'retiring' in the wake of the breach. Equifax will have to show that it really did learn its lessons if it's going to regain trust, while officials will have to update laws and regulations to reduce the chances of a repeat.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
The best TV deals we could find for Black Friday

The best TV deals we could find for Black Friday

View
Amazon Web Services outage is affecting major sites and apps

Amazon Web Services outage is affecting major sites and apps

View
Sony's fantastic WH-1000XM3 ANC headphones reach a new low of $200

Sony's fantastic WH-1000XM3 ANC headphones reach a new low of $200

View
'Mortal Kombat 11' DLC brings back three actors from the 1995 movie

'Mortal Kombat 11' DLC brings back three actors from the 1995 movie

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr