Equifax security team gives itself good grades during breach; ‘shreds’ some internal documents
Congress once again hauled Equifax in front of a committee to testify about its 2017 hack on Thursday, and issued yet another report outlining a cascade of errors at the firm which led to the incident.
issued yet another report outlining a cascade of errors at the firm which led to the incident.
The Equifax hack is the subject of our 6-week investigative podcast, Breach. Click here to subscribe or press play below if the embedded player appears.
Before a grilling by the Senate Permanent Subcommittee on Investigations, the committee released a bipartisan report that largely echoed prior reports issued by the House Committee on Oversight and the General Accountability Office. There are some new nuggets in the Senate report, however. I offer some bullet points below, but the two items that caught my eye are what’s I’m calling the Equifax “HeckOfAJobBrownie” comments, and the “shredding” incident.
Working backwards, the Senate report laments that “the American public may never know the full story behind the 2017 Equifax breach because company officials failed to retain key records from that time.”
Equifax employees used Microsoft Lync, an instant-message style service that’s popular with corporations. In the early days of the breach, employees used Lync to talk about what was happening in real-time. Unfortunately, most of that chatter has vaporized. Equifax had previously determined that Lync messages didn’t need to be stored. Mid-incident, however, Equifax’s legal team realized it needed to start preserving all records — yet still, for several weeks, Lync messages were deleted.
“The records of extensive internal discussions among Equifax officials about the data breach in real time were determined by the company to be disposable,” the report says. Here’s more: