Financial Services Cybersecurity Weekly Briefing 9-15-2017

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

FTC Opens Probe into Equifax Data Breach
The US Federal Trade Commission (FTC) has launched a formal investigation into the massive data breach of Equifax, which yesterday confirmed its failure to address a previously disclosed Apache Struts vulnerability that was exploited in the attack. Meanwhile, Equifax share prices continued to plummet this week – now 35% lower than before the breach – in an ominous sign of the breach’s potential financial devastation to the credit-monitoring firm.


On the Equifax Data Breach
Market failures like this can only be solved through government intervention. By regulating the security practices of companies that store our data, and fining companies that fail to comply, governments can raise the cost of insecurity high enough that security becomes a cheaper alternative. They can do the same thing by giving individuals affected by these breaches the ability to sue successfully, citing the exposure of personal data itself as a harm.


Equifax Data Breach Could Create Lifelong Identity Theft Threat

“It’s very problematic for hackers to have all that important information all in one place,” says John Ulzheimer, a credit expert who once worked for Equifax and credit-score firm FICO. “This information is perpetually valuable. You are not going to change your name or date of birth or Social Security number. In five years they will be the same, unlike a credit card that takes five minutes to cancel over the phone.”


Equifax Sued for Billions After 143 Million Data Hack

“Plaintiffs file this complaint as a national class action on behalf of over 140 million consumers across the Country harmed by Equifax’s failure to adequately protect their credit and personal information. This complaint requests Equifax provide fair compensation in an amount that will ensure every consumer harmed by its data breach will not be out-of-pocket for the costs of independent third-party credit repair and monitoring services,” the complaint reads.


Trust but Verify: New York Cyber Regs Mean Managing Third-Party Security

The challenges of 23NYCRR and other regulations can certainly be daunting, especially for smaller businesses that may be impacted, but tackling the seemingly insurmountable task of compliance can be achieved if businesses establish and execute against a solid cybersecurity plan. The first steps include designating a CISO and other parties within the organization who are responsible for the security plan and its implementation. Typically, the CISO will work with the Chief Information Officer (CIO) and report to the CEO and board.


The Equifax Cyber Breach and a Lifetime of Vulnerability

Many of these affected consumers are already organizing a massive class-action lawsuit, seeking damages of $70 billion. Equifax’s heartfelt apology from their chairman and CEO, offers people the opportunity to enroll in their subsidiary’s identity monitoring services at no cost for a period of one year. Herein a host of new consumer challenges emerge, especially with the latency of cyber threats, the vast secondary black market where personal data are sold, the lifelong nature of social security numbers and our performance-based credit system.


How Equifax Failed Miserably at Handling its Data Breach

Equifax has set up a site through which people can check whether they have been affected. Unfortunately for them, they can’t really trust the result of the check – the site will seemingly randomly provide either a confirmation or a denial of whether they’ve been impacted. It seems logical to assume, then, that Equifax doesn’t know which individuals have been affected. Still, they want everybody to sign up for their credit file monitoring and identity theft protection with TrustedID Premier, a credit monitoring service that is also operated by Equifax.


Israel, an Emerging Financial Tech Leader, Makes Gains in Digital Currency

The Israeli Securities Authority (ISA) recently announced that it will establish a committee to review potential regulations for initial coin offerings (ICOs) — a new form of raising capital with digital currency, akin to a stock market’s initial public offering (IPO). […] The Alignment incubator strives to assist, develop and fund “unique and high-quality projects” in Israel’s emerging digital currency ecosystem. The incubator is the collaborative creation of Israeli cryptocurrency investment groups BlockchainIL, CoinTree Capital and Singulariteam.


Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.