{"id":9430,"date":"2017-10-05T13:01:05","date_gmt":"2017-10-05T20:01:05","guid":{"rendered":"https:drivesaversdatarecovery.com\/\/?p=9430"},"modified":"2026-03-05T05:34:26","modified_gmt":"2026-03-05T13:34:26","slug":"was-the-equifax-breach-preventable","status":"publish","type":"post","link":"https:\/\/drivesaversdatarecovery.com\/fr-fr\/blog\/was-the-equifax-breach-preventable\/","title":{"rendered":"La faille d'Equifax aurait-elle pu \u00eatre \u00e9vit\u00e9e ?"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t

Par Michael Hall, responsable de la s\u00e9curit\u00e9 de l'information<\/i><\/p>\n

Founded in 1899, Equifax is the oldest of the three largest credit agencies along with the other two being Experian and TransUnion. These companies offer credit and demographic data and services to businesses. They also sell credit monitoring and fraud-prevention services directly to consumers. Consumer information is gathered by these companies even for individuals who never sign up for their services.<\/p>\n

The Big Breach<\/h2>\n

On September 7, 2017 Equifax disclosed their systems had been hacked. The breach, which affected more than 169 million customers worldwide, included access to personal and financial data such as names, addresses, social security numbers, birthdates, driver’s license numbers, credit card numbers and other documents with personal identifying information.
\nAll of this stolen data can be sold on the dark web, an area of the World Wide Web which can be accessed using special software. The dark web allows users to remain anonymous and untraceable. For this reason, it has become a conduit for criminals to buy and sell stolen personal information.
\nThough the attack began in mid-May, the breach was not observed by Equifax until July 29, 2017, according to Equifax then CEO Richard Smith (resigned September 26, 2017). The hackers exploited a weakness in Apache Struts, web-application software widely used in enterprise computer systems. Apache says a patch to fix the vulnerability was issued on March 7 2017, months before the hack. Apache stated, \u201cThe Equifax data compromise was due to their failure to install the security updates provided in a timely manner.\u201d
\nAccording to a report by C\u00e2bl\u00e9s<\/a>, a representative of an analytics security firm said Equifax, like other users of the software, should have been aware of a fix for the vulnerability well in advance of the actual breach.
\n“There were clear and simple instructions of how to remedy the situation. The responsibility is then on companies to have procedures in place to follow such advice promptly,” Bas van Schaik, a product manager and researcher at Semmle, an analytics security firm, told Wired.
\n“The fact that Equifax was subsequently attacked in May means that Equifax did not follow that advice,\u201d van Schaik continued. \u201cHad they done so, this breach would not have occurred.”
\nRen\u00e9 Gielen, the vice president of Apache Struts, told Wired, “Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years.”<\/p>\n

The Big Impact<\/h2>\n

Equifax is an information juggernaut that manages huge amounts of data regarding creditworthiness of nearly 100 million companies and a billion individuals in the United States and two dozen other countries.
\nSmith, the former Equifax CEO, said in a speech at the Terry College of Business at the University of Georgia last month \u201cYou think about the largest library in the world \u2026 the Library of Congress, we manage almost 1,200 times that amount of content every day, around the world.\u201d
\nEquifax is now investigating the scope of the breach and working to get back in control. This includes an offer to victims for free identity theft protection and an Equifax credit file monitoring product for one year. Visit the Equifax website<\/a> to find out if your information was compromised and, if so, follow the necessary steps.<\/p>\n

Mettre r\u00e9guli\u00e8rement \u00e0 jour les logiciels de s\u00e9curit\u00e9<\/h2>\n

The key lesson? All companies with sensitive data on their systems must keep on top of updates to software and operating systems. One part of this is to stay up-to-date with any communications from software suppliers regarding potential problems and solutions for dealing with vulnerabilities.
\nWhether you are a huge enterprise like Equifax, a small neighborhood storefront or even an individual at home, this is a very important security step that everybody should take.
\nHackers are always exploring computer security measures to find and exploit weaknesses. In reaction, security software manufacturers are constantly developing patches and software updates to eliminate threats as they are discovered. If your IT department doesn\u2019t stay diligent, these known weaknesses remain like open doors inviting criminals into your business.
\nIdentify what firewalls, anti-spam, antivirus, antimalware and antispyware software the IT department may have installed company-wide and always insure updates are being installed as they are made available.
\nAdditionally, don\u2019t ever attempt to download any software (security or otherwise) without visiting trusted review sites and researching its legitimacy. Otherwise, you may accidentally download software designed for the purpose of stealing information or damaging computers within your network.<\/p>\n

What Victims of the Equifax Breach Can Do<\/h2>\n

It\u2019s always a good idea to regularly check your credit report to see if any suspicious activity has occurred without your knowledge. If you do see an unauthorized item, immediately call and file a report with your financial institution. You should also file a police report.
\nThe U.S. Federal Trade Commission (FTC) offers more information for individuals who need assistance or are looking for more information.<\/p>\n

Additional Cybersecurity Threats<\/h2>\n

Unpatched software and operating systems are not the only weaknesses that hackers exploit. The different types of malicious attacks are far too numerous to list here, but these are a few common methods.<\/p>\n

Ransomware<\/h3>\n

Ransomware<\/a> is a growing, dangerous trend in which hackers slip malicious code into an unknowing computer user\u2019s system. The code is used to encrypt the computer\u2019s contents, which will only be unlocked if the user pays the demanded ransom.<\/p>\n

Phishing<\/h3>\n

A lot of people are fooled every day by email messages that look genuine, but aren\u2019t. A phishing attempt uses an email message that looks like it comes from someone you know or from a familiar company. It may even appear to be sent directly from a friend\u2019s email address that has been hacked. Inside the message are links that look normal and inviting, but actually lead to disastrous consequences such as:<\/p>\n