Blog / EQUIFAX Security Breach
The disturbing news is that the hacked data is enough for the hackers to perform identity theft. The data most likely will be sold to other criminals who specialize in identity-theft transactions. It may be months – perhaps years – before someone’s data is compromised in an identity-theft SCAM.
Karl Buckley, our Cyber Security Supervisor has been following the reports closely. Here is his latest take on the Canadian connection to this breach:
Last week the Security Newsletter talked about the data breach being investigated at EQUIFAX.
Well, as the situation has changed a bit, I figured we should do a periodic situation update.
Rather than have this update hijack the weekly Newsletter (and be restricted to once a week), it seemed the best option was to create an outlet specifically for EQUIFAX information. So, the next update will come whenever I get new reports.
A short summary of the situation is that back in May, an update was released for the webserver that one of EQUIFAX’s websites uses. EQUIFAX did not take immediate steps to apply the patch. Sometime between then and July, someone used this vulnerability to steal data from EQUIFAX.
At that point, it had been confirmed that a massive amount of data on US citizens and some data from UK citizens had been compromised. It had also been found that an Argentine employee portal had admin/admin login credentials. EQUIFAX set up a special website to provide people with updated information about the details of this breach.
Update 1 – Twitter mistakes
The first thing that happened is kind of comical, yet also sad. EQUIFAX made a blunder, a big blunder. Several tweets were sent out directing people to visit the website set up by EQUIFAX. The move to set up that special website on a separate domain, is one that has been slammed by Security professionals. The reason is simple: Why set up a new PREVIOUSLY UNKNOWN website? It’s just asking people to make copycat sites. This is exactly what one researcher did. He made a fake copy of their website in about 20 minutes and changed the information to say that this was a bad idea. EQUIFAX later tweeted this copycat URL not just once, but twice. In this situation, EQUIFAX (and anyone who they directed to go to that fake website) got very, VERY lucky:
janetwburns/2017/09/21/ equifax-was-linking-potential- breach-victims-on-twitter-to- a-scam-site/#640e95ea288f
9/20/16339612/equifax-tweet- wrong-website-phishing- identity-monitoring
future_tense/2017/09/20/ equifax_tweeted_the_wrong_url_ for_its_data_breach_website. html
Update 2 – Canadian data confirmed part of breach
Late last week it was reported in several news outlets that Canadian data was confirmed to be part of the breach (before that, it had simply been considered “Accessed.”) So far, what was exactly contained in that set of data, has not been mentioned. As of writing this, the website to check and see if your information was compromised, still appears to only allow US-based IPs to access it:
business/2017/09/19/equifax- says-100000-canadians-may- have-been-in-data-breach.html
Maybe once details about the Canadian data have been determined and published, the website will be unlocked and we can stop wondering
We’ll continue to monitor the situation and advise you if something important comes to light.
Trinus Technologies Inc