Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach
GAO-18-559: Published: Aug 30, 2018. Publicly Released: Sep 7, 2018
Fast Facts | Highlights | Full Report
Fast Facts
Hackers stole the personal data of nearly 150 million people from Equifax databases in 2017.
How did Equifax, a consumer reporting agency, respond to that event? Equifax said that it investigated factors that led to the breach and tried to identify and notify people whose personal information was compromised.
In addition, three federal agencies that use Equifax services made their own security assessments and modified contracts with Equifax. Moreover, other federal agencies that oversee consumer reporting agencies started investigating Equifax and gave further advice to consumers on how to protect themselves against security breaches.
What GAO Recommends
GAO is not making recommendations in this report. GAO plans to issue separate reports on federal oversight of CRAs and consumer rights regarding the protection of personally identifiable information collected by such entities. A number of federal agencies and Equifax provided technical comments which we incorporated as appropriate.
High-Risk Series:
Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the Nation
GAO-18-622: Published: Sep 6, 2018. Publicly Released: Sep 6, 2018.
Highlights | Full Report
What GAO Found
GAO has identified four major cybersecurity challenges and 10 critical actions that the federal government and other entities need to take to address them. GAO continues to designate information security as a government-wide high-risk area due to increasing cyber-based threats and the persistent nature of security vulnerabilities.
GAO has made over 3,000 recommendations to agencies aimed at addressing cybersecurity shortcomings in each of these action areas, including protecting cyber critical infrastructure, managing the cybersecurity workforce, and responding to cybersecurity incidents. Although many recommendations have been addressed, about 1,000 have not yet been implemented. Until these shortcomings are addressed, federal agencies' information and systems will be increasingly susceptible to the multitude of cyber-related threats that exist.
What GAO Recommends
GAO has made over 3,000 recommendations to agencies since 2010 aimed at addressing cybersecurity shortcomings. As of August 2018, about 1,000 still needed to be implemented.
Consumer Reports article. MarketWatch article and infographic. Bloomberg article.
No comments:
Post a Comment