Monday, October 30, 2017

EQUIFAX PROBLEMS SMELL LIKE A DEAD FISH

The news of that huge data breach against 145 million American credit files this summer appear to be only the tip of the iceberg.  It nowe comes out that their whole system had multiple breaches going back to late in 2016, that Equifax management was notified in December and that they did absolutely nothing about it until June.  During that time, just about anybody and everybody had access to the files and Equifax supposedly has no idea who could have used that access or how many times.  

The flaw was discovered on a web page that seemed to be a portal for employees, but anyone on the internet was able to access it and it contained multiple search boxes that allowed anyone to force the site to display the personal information of Equifax's customers. They didn't even need credentials to get to the search page! 

Why?  

Bear with me for a minute; this could be much bigger than we think.  It makes absolutely no sense that such a huge organization would knowingly subject itself to the risk involved by leaving the access portals open.  Any company in its right mind would close down all access until the vulnerabilities could be patched... to protect its clients and also to defend itself against lawsuits.  Logically, it must have been a conscious decision to leave the access open.   

Why?  

Could it have been an arrangement to allow the Clinton-Obama machine to obtain information to be used against their enemies?   I mean, now that they were out of office, their access to the use of government agencies to gather such evidence would be severely limited.  

Just something to digest over the morning news...


No comments: