+1(888) 481.5388
Linkedin ComodoSSLstore
View Cart

Equifax had not Encrypted its Data…Wait, What?

1 Star2 Stars3 Stars4 Stars5 Stars (10 votes, average: 4.40 out of 5)
Loading...

Equifax’s ex-CEO Richard Smith concedes in front of Congress that Equifax didn’t encrypt its hacked data

EQUIFAX HAD NOT ENCRYPTED ITS DATA. You heard that right. Still, don’t (want to) believe us? Let us spell it out for you once more. Equifax, one of the top three credit reporting agencies in the world had not encrypted their data.

Equifax Hacked Data

If you are as shocked (maybe even more!) as the girl in the image, you’re not alone.

What we saw with Equifax data breach was beyond the imaginative capabilities of our brains. Almost half of Americans got their personal data compromised in what was the most disastrous data breach ever. Such astounding ineptitude resulted in a number of people losing their jobs, including Richard Smith, Equifax’s then CEO.

On Tuesday, Richard Smith was present at three-hour long hearing before the House Energy and Commerce Committee. He had no option but to accept that the data breach was a result of human errors as well as Equifax’s technical negligence.

When asked specifically whether Equifax had encrypted its databases or not, Smith responded by saying “We use many techniques to protect data: encryption, tokenization, masking, encryption in motion, encrypting at rest. To be very specific, this data was not encrypted at rest.”

“So this wasn’t, but your core is?” he was further asked.

“Some, not all,” replied Smith. “Some data is encrypted, some is tokenized, some is in motion, some is masked. There’s varying levels of security techniques that the team deploys in different environments,” said Smith.

Mr. Smith answered a number of important questions that we all were desperately waiting for. He conceded in front of the committee that Equifax neglected a warning from Department of Homeland Security to patch a vulnerability in its software back in March. And the hack is said to have taken place on May 13.

Having said all this, would encryption have prevented this massive cyber attack? No, because that’s not what it protects. But would it have protected the valuable information stored on Equifax’s systems? Maybe yes, maybe no. However, that doesn’t mean it’s not needed. It’s always needed and will always be needed.

Concluding Thoughts

If we do a survey right now and ask if Encryption is a good practice or not, almost all of the people surveyed will say yes. However, when it comes to walking the talk, very few of them actually do it.

Whether it’s data in transit or data at rest, if you’re a small company or an industry titan, you must encrypt your data. Period.