BlogLine

Equifax and SEC are Latest Victims of Cyber Attacks

9/25/17

By: Amy C. Bender
Two more powerhouses have fallen victim to a data breach.
News of the cyber attack on Equifax spread like wildfire, causing fear in the minds of credit holders everywhere as well as an almost immediate wave of individual and class action lawsuits. The breach – dubbed “absolutely the worst data breach in the history of the modern era” by consumer expert Clark Howard – compromised the personal information (name, Social Security number, date of birth, addresses, and, in some cases, driver’s license numbers) of more than 143 million consumers. As if the scope of the attack was not bad enough, Equifax’s response to the attack has come under criticism on several fronts. For example, many critics believe Equifax’s offer of free credit monitoring to affected consumers did not go far enough since the hackers already have access to consumers’ personal information (and potentially can use it for years to come). Also, Equifax’s dedicated breach website was a separate domain that required users to provide their name and a portion of their Social Security number – the very same information that was hacked in the first place – to determine whether they had been impacted by the breach, often without coming away with a clear answer. Further, the company’s official Twitter account, in response to inquiries, directed consumers to a fake phishing website. This apparently was done intentionally to educate consumers on the dangers of phishing sites, but understandably did not go over well, leading Equifax to apologize and remove the website.
The Securities and Exchange Commission also has been the subject of an unauthorized intrusion into its online system for company financial filings, EDGAR. Although the attack occurred and was discovered last year, the SEC only recently discovered that the attack may have resulted in incidents of insider trading. Moreover, word now is out that the U.S. Department of Homeland Security noted “critical” weaknesses in the SEC’s cybersecurity back in January. One silver lining is that the SEC does not believe any personally identifiable information was accessed due to the breach.
There are many lessons to be learned from this latest round of cyber attacks:

• Even the most sophisticated organizations are not immune from a cyber attack.
• Planning, implementation, and monitoring of cyber security is essential.
• How your organization responds to a cyber attack is critical and will be scrutinized closely by government agencies, your clientele, and the public.
• Be vigilant about checking your personal and financial accounts.

FMG’s Data Security, Privacy & Technology team has served as breach counsel in hundreds of successful incidents and is available to advise organizations on proactive measures to prepare for and protect against a data breach as well as to help respond effectively if and when an incident occurs.
If you have any questions or would like more information, please contact Amy C. Bender at abender@fmglaw.com.