Sunday, September 17, 2017

Who Was in Charge of Equifax Security?

If Google is now being sued for gender discrimination, one suspects that other lawsuits will soon be raining down on other tech titans. Considering that these companies and their management swears eternal fealty to the dogmas of the Church of the Liberal Pieties, one is not exactly chagrined to see them, in a slight variation on the bard's words, hoist on their own petard.

Some unenlightened souls have suggested that the paucity of female computer science concentraters must have something to do with this problem. To which the credit rating giant, Equifax, responded by hiring a music major to head data security. Yes, indeed, folks. Equifax hired a humanities major to be head of data security. Diversity is great, isn’t it?

You know what happened. Your and just about everyone else’s most personal information has been hacked… it is now floating around the dark web, to be used and abused by whomever.

 The New York Post explains it clearly:

It’s being called one of the biggest data hacks in history, and now the Equifax breach is spreading around the world.

After the Atlanta-based credit-rating organization admitted that the Social Security, credit-card and driver’s license numbers of up to 143 million American consumers were hacked from its computer systems over a two-month period last summer, the company’s affiliates on two other continents have also seen their data compromised.

“This is now an international problem with untold exposure that could impact hundreds of jurisdictions,” said Isaac Boltansky, a Washington-based policy analyst and vice president of Compass Point Research and Trading.

Hackers had access to the names, dates of birth and e-mail addresses of nearly 400,000 people in the United Kingdom, said Equifax’s British subsidiary in a statement last week.

In Canada, sensitive data belonging to 10,000 consumers may have been hacked in the breach, said a statement from the Canadian Automobile Association.

In Argentina, one of the company’s portals was so easily accessible that it allowed quick exposure to the personal information of more than 14,000 people.

Brett Arends asks how Susan Mauldin was hired to be in charge of data security, and why, by the by, efforts are now being made to cover it up:

Equifax “Chief Security Officer” Susan Mauldin has a bachelor’s degree and a master of fine arts degree in music composition from the University of Georgia. Her LinkedIn professional profile lists no education related to technology or security.

This is the person who was in charge of keeping your personal and financial data safe — and whose apparent failings have put 143 million of us at risk from identity theft and fraud. It was revealed this week that the massive data breach came due to a software vulnerability that was known about, and should have been patched, months earlier.

The last sentence is the most salient. Equifax knew about the vulnerability months earlier. The company should have repaired it repaired months earlier. But, at least, the chief security officer was a "highly qualified" woman. 


Jack Fisher said...

"But, at least, the chief security officer was a 'highly qualified' woman."

Do you think it's easy to to write about unrequited Love and sparkly vampires? That woman paid her dues, in her mind, she was a starving artist for years.

Ignatius Acton Chesterton OCD said...

The size and scale of these data breaches is remarkable. I would think they'd have security partitioned in tranches of records. Maybe they do. But it's strange how a hacker can get in and get ALL this information undetected. This kind of info doesn't fit on a thumb drive.

What kinds of consequences will the Equifax leaders face?

Ares Olympus said...

Stuart: ... the paucity of female computer science concentraters ...

I know paucity means something scarce, but I don't understand the meaning of concentraters. Google wants me to try "Concentrator" for a definition, but it's not much better. None of the 3 definitions seem to refer to people.

Not even Urban dictionary can help.

A couple early mornings ago I watched the final hour before Cassini was intentionally destroyed by flying into Saturn after a 20 year mission, and 40+ years of planning. I saw there was a good mixture of men and women in the control room, and Linda Spilker, was one of the leaders of the project since the beginning. It blows my mind that we can map and measure the solar system sufficiently to plan such complex orbital flights and without catastrophic errors.

Cybersecurity may not be rocket science, but clearly we'd be better of treating it as such. Perhaps every large company should hire its own dueling hackers who are paid exclusively to try to break into their own systems. That is, they could take turns on offense and defense.

Stuart Schneiderman said...

concentration in college is another word for major....

Sam L. said...

Sounds like Equifax is overdue for a visit by The Spanish Inquisition (or the government agency equivalent).

Jack Fisher said...

They won't be expecting that.

David Foster said...

I would not assume that because someone was a music major that he or she is unqualified to run a computer security group. There are a lot of excellent people in the computer field whose skills have been learned on the job rather than via academic seat-time and credentialing.

In this case, however, the apparent absence of any relevant professional experience in her background makes her selection for this position seem highly questionable.