Around 143 million customers of credit report giant Equifax may be at risk of having their information accessed through a cyber security breach. Equifax have said that the cyber-criminals accessed data such as Social Security numbers, birth dates and addresses during the incident. This cyber security breach also had an effect on Equifax customers based in the UK and Canada.
Equifax said that the hackers accessed information between mid-May and the end of July when the company found out about this breach. These malicious parties managed to gain access to its systems by exploiting a ‘website application vulnerability’, which allowed them to access credit card numbers for about 209,000 customers, among other information.
Potential vulnerabilities regarding website applications, often originate from something simple such as not updating plugins on the website, poor code quality, or the re-usage of passwords within the company.
Easy actions that can be taken to ensure that your customer and corporate data is secure include;
- Using HTTPS headers on websites will ensure that any personal information entered by customers through website forms will not be at risk of theft, as the data will be encrypted – therefore unreadable to unauthorized parties.
- Complimentary to this; customer information stored should also be encrypted and enforced backup procedures should be in place. This will negate any threat of information being exposed to unauthorised parties and the potential for ‘cryptolocker’ attacks holding data at ransom.
- Ensuring that website technologies and underlying servers are frequently patched and updated will negate the risk of exploitation through vulnerable services and applications. Exploiting unmaintained or outdated infrastructure supporting an organisations website is a popular ‘attack vector’ for a malicious actor or hacker, as this can provide them with direct access to data stored through websites.
For more information Contact Us