The Equifax data breach is one of the most significant thefts of personal information in the history of hacking. Over 140 million customers were impacted — more than half the US population with people affected in the UK and Canada as well.
The depth of data stolen was also staggering — names, addresses, social security numbers, drivers license details — in short, everything an identity thief could ever want. The real question, though, is how did the breach happen in the first place, and could a properly encrypted online data storage solution like OfxCloud™ prevent other breaches of this nature?
The Cause of the Equifax Breach – A Web Development Tool
Hackers got into the Equifax system through an identified flaw in a piece of software called “Apache Struts” that supported their online dispute portal. Apache Struts had an identified vulnerability, which Equifax started patching but did not complete in time.
Once the vulnerability was known, hackers took advantage and found Equifax’s infrastructure to be vulnerable. Once they were into the system, they were then able to access other databases and information and pull out all of that sensitive information.
Lessons to Be Learned
Patching Needs to be Immediate
In large organizations, vulnerability patching can take time. This is clearly not ideal as it leaves a window for hackers to take advantage. Companies can get around this by moving away from legacy data storage and software to online solutions like OfxCloud ™— online solutions are patched immediately, so they are not vulnerable.
Unauthorized Access Must be Spotted Early
The hackers had access to the data for over two months before Equifax saw them. In addition to their own monitoring, using a hosted online solution would have provided an extra level of scrutiny, monitoring, and defense.
Data Needs to be Fully Encrypted at Every Stage
One of the biggest flaws in the Equifax data breach was the lack of encryption. Properly encrypted databases are much harder to hack, and even if data is extracted, it’s essentially useless. That’s where fully encrypted solutions like OfxCloud™ really have an advantage.
Data is encrypted by default, from the moment it’s created, and throughout its life. Whether the data is at rest, being accessed, shared, transmitted, managed, or archived, encryption must be part of an end-to-end information storage solution.
Every System and Storage Solution Should Have Independent Verification and Authentication
Finally, the hackers were able to get at so much Equifax information because the web development tool provided them with a backdoor — once they were into Apache Struts, they could access other large parts of Equifax’s internal data. Sensitive information should be properly protected at every level — there need to be clear, unbreachable walls around data and strong gatekeepers that demand robust authentication to get access.
Just one of these changes would have significantly reduced the threat of a breach at Equifax — all of them would have likely eliminated that threat completely. If you want to reduce any threats to your sensitive data, there’s really just one sensible choice— OfxCloud™.
The healthcare data experts at Panoptex strive to provide a unique, tailored big data storage, processing, and complex analysis solution that delivers optimum value as well as unrivaled security to customers. If you want to learn more about how we can help protect your organization’s healthcare data, contact us today at (407) 777-2555.