Who is to blame for Equifax?

Next story
Olivia Storey

The Equifax breach, disclosed back in July, saw 145.5 million of their customers have personal details stolen. Mark James looks at who could be to blame.

Personal data pertaining to 145.5 million Equifax customers was stolen during a data breach that ran from mid-May until July. The data stolen including names, birthdays, addresses, social security numbers and some driver's license numbers, as well as credit card numbers for more than 209,000 people.

Although Equifax are a US based company, they hold the data of 44 million customers from the UK, but have not yet disclosed how many could be affected. The UK Information Commissioner’s Office are investigating the data breach on behalf of the UK customers affected.

Mark James, ESET IT Security Specialist, explores who, if anyone, is to blame.

“From the perspective of the public, it would seem that the CIO is the one to blame when things go wrong.

“Indeed if someone has to be blamed, then in theory the buck stops there.

“Although, surely that can only happen if it’s a clear case of negligent behaviour, and decisions were made that caused lapses in the security of the specific areas of attack.

“In most cases this is not true; it’s often down to finances, resources, or even just plain knowledge.

“Someone needs to stand up and explain what happened, what they learned and what is going to be put in place from here on.

“However, if lessons are not learnt and things did not happen after the last breach, then that’s a different matter.

“The CIO or equivalent can protect themselves by doing their job.

“Understanding the needs of the organisations, and in particular the current threat landscape, which is constantly changing and not nearly as easy as it sounds.

“Ensuring that systems are kept as up to date as possible, and using the latest versions of all software from the core server Operating System right through to the individual roles and applications used throughout.

“Also, utilising the plethora of help available through external sources.

“No one person is going to keep your company safe, so providing it’s not immediately obvious they are at fault is it fair to blame one person when things go wrong?”

Who do you think is to blame in this case? Let us know on Twitter @ESETUK.

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.