Equifax data breach: treat encryption and data management with much more respect, says ShieldIO

Following the high-profile data breach at Equifax back in 2017, the details of a class-action lawsuit taken out against the company in the wake of the incident are now being revealed. The findings from this report underline a staggering level of negligence on the part of Equifax regarding the protection of sensitive data.

Simon Bain, CTO at encryption specialist ShieldIO, believes that lackluster approaches such as this are compromising the trust people have in companies.

He said: “According to the report, Equifax used the default ‘admin’ username and password to secure a portal containing sensitive customer information. If this is true, then this goes to the heart of why many people don’t trust organizations with their data. If such basic errors are being committed, why would a customer ever believe their data is in safe hands?

“Specifically, Equifax also committed a catalog of errors when it came to encryption. Unencrypted user data was stored on a public-facing server. The company didn’t encrypt its mobile apps. When it did encrypt data, it left the encryption keys on the same public servers. If you’re not treating encryption as a priority, your chances of compromise are infinitely heightened.

“Equifax, more than any other organization, should recognize that data is money. The company is effectively the policeman of the world’s right to the bank, so it stands to reason that it should be extra careful with customer data, and should not treat it with the contempt they seem to have done here.”

He concluded: “The lesson to learn here is simple: don’t leave data lying around for anyone to steal, use and abuse. Employ a common-sense approach to handling sensitive data and give encryption the attention it deserves, and you’ll be in a much better place in the long term.”