Antivirus and internet security company ESET drew attention to a development that was seen for the first time in the world economy and could set an example for the devastating effects of cyber breaches. Credit rating agency Moody’s downgraded the rating for Equifax from “stable” to “negative” due to the severe financial devastation of the 2017 attack. This security breach has cost the company $1.4 billion to date, excluding legal fees.
for the first time in the world
Moody’s decision is significant because it is the first time a company has changed its rating status because of the high cost of a security vulnerability. Of course, the controversial decline did not appear out of nowhere. Moody’s announced the downgrade in May, but also gave a clear message 7 months ago, in November 2018, that risks related to cyber attacks would begin to affect its rating.
What does Equifax do?
Equifax is one of the largest credit reporting agencies in the United States. Credit reporting companies analyze records of financial data covering a large number of consumers and then use that data to determine a person’s credit score. They usually get this information from credit card companies, banks and lenders.
Financial information of citizens of three countries was stolen
The cyber breach that Equifax faced two years ago was as follows: A patch was released on March 6, 2017 for a critical vulnerability in the Apache Struts web application structure, but Equifax failed to install the patch in a timely manner. On May 13, 2017, hackers begin to roam the firm’s network, thanks to a vulnerability that would not be discovered until July 29, 2017.
By September 7 of the same year, it is announced by Equifax that comprehensive information of half the people of the United States, as well as hundreds of thousands of Canadian and British citizens, was in the hands of the attackers. This number then increases and it is determined that the data of 148 million people was accessed without permission. This figure represents almost half of the US population of 320 million.
Loose cybersecurity policy
Much of the criticism Equifax faced was related to whether the firm had lax cybersecurity practices. Richard Smith, the firm’s former CEO, attributed the vulnerability to the failure of a person who was supposed to install the patch, while investigators said it was a sign of a much deeper problem. “Equifax’s long-standing shortcomings suggest that more attention should be given to cybersecurity preparations,” says a report by the US Senate Committee.
The thief is still unknown
Meanwhile, the identity of the thief or thieves is unknown and the stolen data is nowhere to be found. According to the information reached by the media organization CNBC; The investigation by a team of security experts, dark web data hunters and people involved in the investigation of the breach stated that the stolen data has not yet been sold in the dark corners of the internet or used for identity theft or malicious purposes, as expected.
You can find the English version of this article at the link here.