Hello Professor and Classmates,
One notable breach that stood out to me was the Equifax data breach in 2017. Equifax is one of
the three major credit reporting agencies in the United States, and this breach exposed the
sensitive personal information of approximately 147 million Americans. The breach was a
significant incident with far-reaching consequences, and it serves as an illustrative example of
the importance of encryption in preventing such breaches. The Equifax breach was primarily
caused by a vulnerability in the Apache Struts web application framework. Equifax failed to
apply a patch for a known security vulnerability in Apache Struts on time. Hackers exploited this
vulnerability to gain unauthorized access to Equifax’s network. The vulnerability, known as
CVE-2017-5638, allowed attackers to execute arbitrary code on the targeted server when
exploited [ CITATION Jos20 \l 1033 ]. The breach was a result of Equifax’s failure to promptly
apply a security patch for this known vulnerability.
Encryption could have prevented the breach. This plays a crucial role in protecting data, both at
rest and in transit. In the case of the Equifax breach, the sensitive data should have been
encrypted. If Equifax had implemented strong encryption for the sensitive data stored on its
servers, it would have made it significantly more challenging for the hackers to access and
exfiltrate the data even if they successfully breached the network. Encrypted data, when at rest, is
stored in a format that is unreadable without the encryption key. Therefore, even if attackers
gained access to the data files, they would not be able to decipher the information without the
appropriate encryption key. Proper encryption practices include robust key management. Equifax
should have securely managed and stored encryption keys, ensuring that even if attackers gained
access to the encrypted data, they would be unable to decrypt it without the keys. Effective key
management is crucial for the overall security of encrypted data.
References
Fruhlinger, J. (2020, Feburary 12).
CSO
. Retrieved from Equifax data breach FAQ: What
happened, who was affected, what was the impact?:
https://www.csoonline.com/article/567833/equifax-data-breach-faq-what-happened-who-
was-affected-what-was-the-impact.html#:~:text=Investigators%20believe%20that%20the
%20first,point%20and%20easy%20to%20exploit.
