According to its now former CEO Richard Smith, the Equifax data breach that began in March this year was the fault of a single unnamed employee. This hapless member of staff had been tasked with communicating instructions to the security team to deploy a software patch that was issued as a result of a vulnerability tip-off from the Department of Home Security. This titbit of information, however, was not circulated, resulting in the exposure of nearly 146 million Equifax customers’ personal details.
According to Smith, Equifax had spent more than $250m on cybersecurity over the last three years. Despite this, a simple breakdown in communication will end up costing it far more in terms of compensation, reputation and senior staff replacement – alongside Smith, the CIO and COO have also departed.
The Digital Commerce and Consumer Protection subcommittee of the House Energy and Commerce committee was not impressed with the CEO’s buck-passing antics, suggesting that he was either incompetent or complicit. This is just the first of several hearings he is due to face – not to mention criminal proceedings in New York and San Francisco. The moral? When it comes to cybersecurity, don’t leave anything to chance.