The Deloitte Breach

The Guardian broke the news this morning: Deloitte — one of the largest private firms in the U.S. — was hacked in an attack that went on unnoticed for months afterwards. Deloitte is only admitting to a few clients having fallen victim to leaked information. The weak spot? The firm’s global email server, which was accessed through an administrator’s account that did not have two-step verification. In other words, it wasn’t as secure as many people’s smartphones. Of all the ways a company should secure its information, that’s a basic one.   The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016,” The Guardian writes.

What It Means

Stephen Cox, Chief Security Architect at SecureAuth, had this to say to TechCo in response to the Deloitte breach.

And More Equifax Facts

Meanwhile, the Equifax news continues to develop. The credit reporting company’s leak was detected on July 29, 2017 and saw the breach of information from 143 million U.S. consumers, including names, Social Security numbers, addresses, birth dates, and even some drivers license numbers.   Organizations should be rethinking their approach to identity security. The password is dead and even vanilla two-factor authentication is not enough. We must raise the bar with adaptive access control methods that apply risk analysis and introduce a biometric second factor, eliminating the utterly broken technology of password-based authentication.” Now, news is out that the company had purchased ID Watchdog, an identification protection service, on August 10 — two weeks after they knew about the breach but a month before they disclosed it to the public. Law enforcement officials in “about 40 states,” Fortune notes, are “investigating Equifax’s behavior” leading up to and following the data breach. At the risk of making a pun so bad I’ll become the target of a cyberattack, all these hacks are enough to make me wanna cry. Read more about the tech world’s security challenges here at TechCo