The Equifax breach just hit the news last week, and already a class action suit has been proposed, seeking $70 billion dollars in damages due to the estimated exposure of personal information of over 143 million people. It also doesn’t help Equifax’s reputation when several executives dumped stock worth $1.8 million just days prior to the breach being made public.
While details of the breach are still being confirmed, it was reportedly exploitation of a known application vulnerability that allowed access. Why wasn’t there monitoring in place that could have triggered on unusual behavior patterns, such as exfiltration of data or unusual access or privilege escalation? Was this sensitive consumer data left unencrypted? Did security become lax because the company had only recently hired a VP of Security and did not leverage outsourced cyber security and compliance resources to help them identify areas of risk and recommend solutions to remediate them?
Let this massive reputational hit, loss of stock value (down more than 15% the day the breach was announced), and then pending lawsuit(s) and fines that are sure to follow serve as a cautionary tale and a lesson for any who are still not taking the protection of the data you process and store as a top priority.