If the Equifax breach turns out like every other massive data breach we've seen for more than a decade, after a big brouhaha - from Congress, state attorneys general, consumer rights groups and class-action lawsuits - nothing will change, because that would require Congress to give Americans more privacy rights.
The massive Equifax data breach has already led to the filing of more than 30 lawsuits against the data broker - one demanding up to $70 billion in damages. At least five state attorneys general have launched formal investigations, while several Congressional committees have promised hearings.
A 10-digit PIN used by consumers to freeze access to credit reports with Equifax is based on dates and times, several observers have noticed. Equifax says it plans to change how the PIN is generated, but experts say it's another troubling development for a troubled company.
In the wake Equifax saying hackers may have stolen 143 million consumers' personal details, the company is already facing sharp questions over the robustness of its security defenses as well as reports that three executives sold stock after the breach was discovered, but before the news became public.
Leading the latest edition of the ISMG Security Report: Observations about America's standing as a global cybersecurity leader from Christopher Painter, who until earlier this summer served as the United States' top cyber diplomat. Also, threats posed by IoT devices.
The Equifax breach revealed on Thursday is more significant that other mega-breaches because of the nature of the data that was potentially exposed, says cybersecurity attorney Imran Ahmad. He'll be a featured speaker at ISMG's Toronto Fraud & Breach Prevention Summit on Tuesday.
Credit reporting agency Equifax said Thursday a web application flaw exposed 143 million U.S. consumers' records to hackers, a startling breach from a company that ironically offers services to protect consumers from identity theft.
Although there are many options for threat information sharing, there are not enough initiatives that are properly codified and defined so that enterprises can easily share relevant information with a business context in a structured and timely manner, says Avinash Prasad of Tata Communications.
Hackers that U.S. officials believe are linked to Russia have upped their activity against energy providers in the U.S., Turkey and Switzerland. The group has likely developed the expertise to shut down systems, security company Symantec warned Wednesday.
Two Russian hackers, members of a group called "Shaltay-Boltai" - Humpty Dumpty in Russian - that stole and sold high-level Russian officials' emails, have been sentenced to serve three years in prison. The case against them may tie to a high-profile Russian treason investigation.
MeitY has urged all ministries to allocate 10 percent of their IT budgets to cybersecurity following several high-profile hacks and breaches. But do the ministries understand the required security investments?
Security experts often contend that potential damage from cyberattacks can be avoided if organizations just patch their systems. But Bank of the West Deputy Chief Security Officer David Pollino says applying patches sometimes is more easily said than done.
Instagram is warning that more users were affected by a hack of its systems than it first suspected. While email addresses - and some phone numbers - for celebrities, including Emma Watson and Lady Gaga, appear to have been compromised, 6 million account holders in total may have been affected.