TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | A roundup of our Equifax breach coverage as it unfolded Related reading: Evolving privacy law 'exciting' for IAPP Westin Scholar

rss_feed

""

Consumer credit reporting agency Equifax announced in early September that hackers had breached some of its website application software, potentially affecting the sensitive personal information of approximately 143 million consumers. The data that was accessed included consumers’ names, Social Security numbers, birth dates, addresses, and, in some instances, driver’s license numbers. Here’s a roundup of the IAPP’s coverage of the news as it unfolded, in case you missed it due to living under a rock.

Breach of Equifax affects 143M consumers

(9/8/17) Consumer credit reporting agency Equifax announced late Thursday that hackers had breached some of its website application software, potentially affecting the sensitive personal information of approximately 143 million consumers. The data that was accessed included consumers' names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers. The incident may have also compromised credit card numbers for 209,000 U.S. consumers, as well as other "dispute documents" that contained identifying information for 182,000 consumers. In this report for The Privacy Advisor, Jedidiah Bracy, CIPP, rounds up the latest and shares insight from Wiley Rein Partner Kirk Nahra, CIPP/US, and Autodesk Senior Global Privacy and Data Security Counsel Alexandra Ross, CIPP/E, CIPP/US, CIPM, CIPT.

Fallout from Equifax breach continues, investigations launched

(9/11/2017) The fallout from last week's hack of consumer credit reporting agency Equifax, affecting the sensitive personal information of nearly 55 percent of Americans aged 18 and older, continues this week as lawmakers and regulators begin looking into the incident. So far, the U.S. Federal Bureau of Investigation, the Consumer Financial Protection Bureau, and as many as five different state attorneys general have all launched investigations, and several U.S. lawmakers have called for congressional testimony from the "Big Three" credit reporting companies, in addition to calls for new legislation related to the incident. At least two class-action lawsuits have also been filed. This post for The Privacy Advisor rounds up the latest news and reactions to the incident.

Podcast: Examining the Equifax mop-up

(9/12/2017) Last week, consumer credit reporting agency Equifax announced it had been hacked, and 143 million consumers' personal information had been accessed. It's early days, and we're still learning the details of how the breach happened, why the public notification took so many weeks, and how far-reaching the implications will be for consumers. But yesterday, The Privacy Advisor's Angelique Carson, CIPP/US, caught up with UnitedLex's Jason Straight, CIPP/US, who has been helping companies prevent or overcome breaches for the last 10 years, to discuss the breach and what privacy professionals should take away from the incident to protect their own brands.

What Equifax means for understanding the dangers of OSS

(9/19/2017) As the fallout from the data breach of Equifax continues, there are many lessons privacy pros can learn from such an incident. So far, reports note the breach took place via an unpatched vulnerability in Apache Struts 2, an open-source web application framework used by Equifax. The vulnerability was known and patchable at the time of the breach, but it appears that Equifax had not yet implemented the patch, which can be a difficult operation. And with a rise in the use of open-source software by companies and vendors, the Equifax breach should serve as an important lesson for other companies, Amanda O'Keefe, CIPP/US, points out. In this post for Privacy Tech, O'Keefe describes what privacy pros should consider when vetting vendors that use OSS and why failure to ensure OSS vulnerabilities are patched will not be considered a reasonable risk any longer. 

Mass. attorney general sues Equifax; other actions may follow

(9/20/2017) The Equifax data breach disclosed Sept. 7 — which exposed the personal information of approximately 143 million American consumers — continues to be one of the biggest stories of the year. The attorney general of Massachusetts has filed a lawsuit against the credit reporting agency pursuant to several Massachusetts consumer protection laws, but it stands to reason other regulators may also be eyeing the breach. In this piece for The Privacy Advisor, IAPP Westin Fellow Lee Matheson explores the potential legal liability Equifax faces in the United States. Given that thousands of U.K. and Canadian citizens were also affected by the incident, Equifax’s liability in the U.S. may just be the tip of the iceberg.

 

Comments

If you want to comment on this post, you need to login.