On December 10, 2018 the US House of Representatives Committee on Oversight and Government Reform issued a report on The Equifax Data Breach. The comprehensive 96-page report provides a detailed analysis of the data breach announced by Equifax on September 7, 2017, affecting 148 million consumers.
I testified to the Committee as part of their investigation and parts of my testimony are quoted throughout the report.
The Report concluded that “Equifax should have addressed at least two points of failure to mitigate, or even prevent, this data breach. First, a lack of accountability and no clear lines of authority in Equifax’s IT management structure existed….Second, Equifax’s aggressive growth strategy and accumulation of data resulted in a complex IT environment…Both the complexity and the antiquated nature of Equifax’s IT systems made IT security especially challenging”
Every IT and Cybersecurity leader should read this report. It provides some valuable lessons that will likely apply to all companies. I would encourage you to discuss the report with your Board.
Over the next few months I will be publishing some articles that further detail lessons learned from this and other major data breaches. If you are interested in reading this articles please subscribe to my Cybersecurity4Executives Lessons Learned mailing list.