1)
No. The leadership of the company found out about the data breach and what they did was offload their share. This was done in anticipation that the share prices of the company will plummet and they need to save their personal asset. The company did not come forward with the data breach information. If they would have, people across the country could have frozen their credit. This could have thwarted the cyber attackers or at least made their attacks inefficient for some time. Finally, from a technical point of view, the fixe for the Apache vulnerability was present from March-April of 2017. However, Equifax as a company did not use the fixe to update their system and plug the gaps.
2)
The only thing Equifax could have done is to use the fix provided by Apache foundation to reduce the vulnerability. The vulnerability in their system was due to the framework provided by Apache Struts. However, Apache had released a fix for this and the companies needed to update their software, apps, etc. Equifax did not do this immediately. If they would have, they could have prevented the data breach incident
0 comments