On September 7, Equifax, one of the three major credit agencies, announced that it had suffered a major data breach. Unidentified hackers exploited a vulnerability in the company’s website software to gain unauthorized access to company data from May through July, impacting as many as 143 million consumers.
The details of the attack - including the identity and nature of the attackers - are still developing. Nevertheless, the incident is yet another reminder that organizations should enhance and better coordinate their cybersecurity and anti-fraud controls, including those related to identity management, authentication, data encryption, fraud detection and analytics, and patching vulnerable applications.
This Financial crimes observer analyzes the risks associated with the data breach and provides our perspective on what organizations should be doing now.