In case you're trying to keep score at home in the Equifax mega breach fallout event, here is your one-stop play by play.
Let's start with the Equifax breach announcement and end (for now) with the IRS decision to suspend its identity management contract with Equifax.
Equifax breach timeline
Do you see why we needed to use bullet points for the Equifax incident response and fallout timeline?
So here we are on October 13, knowing that the IRS has put a short-term stop to its work with the credit reporting agency. Its statement, in part:
"Following new information available today, the IRS temporarily suspended its short-term contract with Equifax for identity proofing services.
During this suspension, the IRS will continue its review of Equifax systems and security. The IRS emphasized that there is still no indication of any compromise of the limited IRS data shared under the contract.
The contract suspension is being taken as a precautionary step as the IRS continues its review."
Forbes has a nice write-up of this latest twist. And it looks like this may be the way the IRS tries to get itself off of the hot seat, as the malware re-direct (in this case) was more of an embarrassment for Equifax than anything else.
Does it make sense to award a no bid-contract for identity management after a company's mega-breach but then suspend it when an application on the company's website is serving up low-level adware? Now there is something to ponder over the weekend.
Please share your thoughts below and share this story with your peers in InfoSec, using the social media or email tabs at the top of the page.
There are so many lessons to be learned and insights to discuss among cybersecurity and IT teams, including the 5 warnings that Equifax missed.
Winston Churchill summed it up quite nicely: “The farther backward you can look, the farther forward you are likely to see.”
