“Equifax lost a Goldmine of Information”: LogRhythm Comments

It has been revealed that Equifax, one of the three major consumer credit reporting agencies in the United States, has suffered a data breach where hackers had access to names, email addresses, social security numbers, driver’s license numbers and other sensitive information concerning 143 million of its customers.

Ross Brewer, vice president and managing director EMEA at LogRhythm, had the following comments:

“Equifax and its peers build their reputation on trust and the protection of consumers, so this breach becomes even more critical – and the immediate, dishonest actions of its executives will definitely come under scrutiny. It’s common practice to offer victims access to free credit monitoring in the aftermath of a data breach, but this incident now calls into question the integrity of all similar companies gathering, processing and storing such vast amounts of sensitive information. Whichever way you look at it Equifax lost a goldmine of information – and with that level of detail to hand, identity theft would be child’s play for even the most inexperienced cybercriminal.

“It is important that organisations such as Equifax understand the true value of the information that they hold, and take suitable measures to protect that data – at any given time.  With such a lucrative potential payoff, credit monitoring firms are likely targeted by some very sophisticated, determined hackers, and in response should invest in the right monitoring and alerting technologies for when (not if) one of those attackers breaks through their defences. Only then can the organisation reduce the time taken to detect and respond to threats down to minutes, and stop a significant data breach in its tracks.

“If anything, this is a solid reminder that even though British and European consumers may not directly deal with overseas businesses, those organisations might still hold – and ultimately lose – our personal data.  This is exactly why we need the incoming EU GDPR, to hand down appropriate penalties to those US companies collecting huge amounts of highly sensitive personal data on European citizens and then not protecting it.  Let’s not forget, if the ICO were to impose the highest level fine – four percent of Equifax’s turnover – it would be looking at a bill of over $100m.”