Another Equifax Breach? New Concerns of Second Leak Have Equifax Reeling Again

Bad news again from Equifax there has been another cyber security breach. This one, Equifax claims, did not breach their systems. This latest breach involved a fictitious Adobe Flash update that was really adware. The malicious attack was only detected by 3 out of 65 antivirus vendors. While Equifax was confident their databases were not compromised, the new breach and compromise of their portal has shattered what little confidence that was left. The Internal Revenue Service (IRS), who defended their contract with Equifax, has even distanced themselves from the company. The IRS did this by freezing the contract until Equifax is able to prove they’re secure enough to handle sensitive data.

Another Equifax Breach? New Concerns of Second Leak Have Equifax Reeling Again

The Latest Data Breach

The notorious Adobe Flash strikes again, well on the surface it would appear so. However, the link is bogus and was appearing every time someone attempted to check their credit report. The breach was discovered by an independent security analyst named Randy Abrams. Abrams happened upon the compromise by accident when he was checking a discrepancy in his credit report. If someone fell for the trick an Adware called Eorezo would install on their computer. The portal took about four redirects to get to the malicious page.

READ ALSO: Equifax Data Breach: Who to Trust and What to Do Now

Leading security researchers strongly believe that the breach isn’t necessarily on Equifax’s website, but rather because of a third party analytics firm they work with. In either case. Equifax shut down the webpage and moved quickly to address the vulnerability. However, this was too little, too late. The damage had been done: stock prices dropped, IRS contract frozen, and swift media reporting.

The IRS Contract

Prior to the latest data breach, Equifax had been in the spotlight for allowing one of the worst data breaches in history to happen. This didn’t stop the IRS, at the time, from attempting to go forward with a contract with Equifax. The IRS was so determined to go forward with their Equifax contract that they defended the contract in the face of bipartisan outcry. The IRS’s main defense of the contract was that Equifax’s compromised systems doesn’t impact the ability of a hacker to compromise the systems of the IRS. The IRS also claimed that due to their labeling of Equifax as a “sole source order” that only they can carry out the service that the IRS needs.

This argument failed to convince lawmakers and the IRS already knew it was on thin ice. So when the latest breach happened to Equifax, the contract with the IRS was immediately frozen. Additionally the Government Accountability Office (GAO) made a comment to The Hill that “Congress gave agencies, like IRS, the tools to move forward under appropriate situations. They appear to be electing not to use it.”

Looking Forward

Equifax still has the confidence of the market. To some despite the stock price plummeting to a third of what it was valuated to be, some experts still believe Equifax to be overvalued. This signals that the market still bets on Equifax to recover from these incidents. Even if they’re the worst in cyber security history.

The Equifax data breaches may have forced a new cyber security frontier for the financial industry though. Due to the breach fundamentally compromising Social Security Number authentication measures, another form of authentication will have to be found or developed. It may take some time for the new measures to be seen in your day to day life though.

READ ALSO: After Equifax: How Private Institutions Can Restore Public Trust

The Equifax breach has certainly laid bare how vulnerable the entire credit and financial systems in the United States are right now. With one private institution, Equifax, now cyber criminals have access to almost every working adult’s information. Such information could be used for fraud or could be used as the basis for another cyber attack on other institutions. In either case it is best to take as many security precautions as possible.

Joshua Morales

Joshua Morales

Joshua Morales is a San Juan based writer who enjoys producing cyber-security insights for business leaders around the globe.
He can also be found writing about sustainability, capital markets, and open-source software. Joshua can be contacted at joshua@teramind.co

You may also like...

3 Responses

  1. October 31, 2017

    […] top priorities of cyber security and IT professionals. With the recent We Heart It, Pizza Hut and Equifax data breaches, it’s hard not to be paying close attention to how these stories play out. With […]

  2. November 14, 2017

    […] ALSO: Another Equifax Breach? New Concerns of Second Leak Have Equifax Reeling Again After Equifax: How Private Institutions Can Restore Public Trust Equifax Data Breach: Who to Trust […]

  3. November 16, 2017

    […] Security budgets overall will likely see an increase, because the impact of data breaches is severe. But protection will very likely remain as important, if not more so, going forward. A proper focus on protection and prevention will be key in light of public outcry in the aftermath of large-scale breaches such as Equifax. […]

Leave a Reply

Your email address will not be published. Required fields are marked *