Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
I think that I read that these sells were not that though.
According to Equifax they just "happened" to sell without any knowledge of problems.
Which is total BS. The CFO is the number 2 or 3 executive in companies today. If he as Equifax CFO wasn't aware of this situation then he is/was totally incompetent or else he is lying.
Either way, his career is over.
To be fair, it's not that outlandish with a company this large. They probably found out about it in their security team and then needed a few days to research and verify it before they presented the news to their boss, and then it takes a few days to get to the CSO until she packages it all up for presentation to the CEO, etc.
I work in a crisis management-related role at my company (another huge one) and it takes ages for us to do the research with all our vendors into the issue, root cause, etc. Then of course it takes a few days for each rung on the ladder to get with it and escalate it to their people.
Thats what they say. I bet they knew it much earlier. They being the CEO, CFO, CIO, legal, etc.
The real first one to know was probably one of their "normal joe" workers with a "Hey boss, look at this."
None of those execs do hands on with the systems.
To be fair, it's not that outlandish with a company this large. They probably found out about it in their security team and then needed a few days to research and verify it before they presented the news to their boss, and then it takes a few days to get to the CSO until she packages it all up for presentation to the CEO, etc.
LOL..yeah..got to make those charts look nice
With these huge corporations the wheels turn slow, almost as slow as the government.
Probably the best computer scientist of the scientist flavor I ever dealt with was a Phd in Biology. The field is relatively young and the practioners may come from all sorts of directions.
The problem of course is that these people do not understand the problem. Should have been no way anything in memory was not well encrypted. Simple as that. But standard systems would likely not have provided that capability in a big system.
And failure to patch is a stupid criteria. You need a system where you cannot get at the real data even if you gain access. Locals lacking ethics can always get at the data. You need systems that make it hard to gain clear access.
I don't think it is even really a tech issue. Any server system will get busted on occasion. What you need is relatively small domain encryption...Where you have to penetrate two or three or four different areas to actually get anything useful.
These guys appear to have clear information spinning. That will get you killed every time.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.