Equifax and the Latest Round of Identity Theft Roulette

Question 1

What data was leaked in the Equifax breach?

Answer 1

The personal data on 145 million people

Question 2

What was the nature of the vulnerability?

Answer 2

Resulted from a known vulnerability in the Apache Struts server software

Question 3

What was the specific attack vector?

Answer 3

Execute commands via the #cmd in content-type HTTP headers

Question 4

According to Forbes Magazine, what penalties did the CEO of Equifax receive from the Board of Directors?

Answer 4

63 cents for every customer whose data was potentially exposed

Question 5

To what extent was information about the Struts vulnerability known before the attack?

Answer 5

To the full extent. They knew of the vulnerability

Question 6

Was Equifax aware that a patch was available for the Struts vulnerability? If so, how much time did they delay in applying the patch?

Answer 6

Yes. For 3 months

Question 7

What was the educational and training background of the Equifax CIO?

Answer 7

Music major

Question 8

What was the education and training background of the Equifax CISO?

Answer 8

Music composition

Question 9

Describe the “too big to fail era”?

Answer 9

When the accused institution is so large that its failure might damage the economy

Question 10

Are credit reporting companies held liable for PII data loss?

Answer 10

No