Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

In a public statement released on September 7th 2017, the US credit reference agency Equifax revealed that on July 9th it discovered web site security had been compromised "from mid-May through July 2017", and that criminals had gained access to basic identity records for 143 million US customers including Social Security numbers, dates of birth, addresses and drivers licence numbers.  The company expressly states that they have no evidence that core credit data or customers from any other country have been affected.
In response the company is offering facilities to check whether identity records have been compromised and free credit file monitoring and identity theft protection for anyone affected at http://www.equifaxsecurity2017.com/. Oddly, the mechanism for registering requires knowledge of the Social Security number - which the criminals already have, so the enrollment validation process itself does not seem to have been altogether well thought out.  But at least Equifax are trying, although a delay of over a month between the breach being detected and informing the public seems to be a remarkably long time.
At the present time it is not known exactly how the web site was compromised, or how that same compromise was detected, but the immediate response to correct the issue and to engage (to use their words) a "leading, independent cybersecurity firm" may well have stopped a worse breach occurring.
This is just the latest in a string of incursion events which highlight the importance of pro-active web site security quality control.  Just one small chink in the armour is enough to allow a stealthy attacker to gain significant access.  Comprehensive infrastructure penetration testing, and web application testing come in can go a long way toward defending against such attacks.  Automated traffic monitoring and incident detection can also assist in detecting intrusions in the early stages.  Talk to us, we can help.