Equifax used default ‘admin’ user name and password to secure hacked portal

Before rolling your eyes at this, think what checks you have in place to make sure your Devs haven’t done something similar?…:

[…] Equifax staffers used the default user name and password – ‘admin’ – to secure a portal containing sensitive customer information.

That’s according to a class-action lawsuit launched against the company in the US, claiming securities fraud by the company over the 2017 data breach that spilled information on around 148 million accounts of people in the US, Canada and the UK.

“This case arises out of a massive data breach incident… The plaintiff alleges that the defendants committed fraud in connection with the data breach that caused a loss in value of [Equifax shares],” claims the lawsuit.

It goes on to claim that the company made “multiple false and misleading statements and omissions about the sensitive personal information in Equifax’s custody, the vulnerability of its internal systems to cyber attack, and its compliance with data protection laws and cyber security best practices”.

It goes on to claim that the company failed to take even “the most basic precautions to protect its computer systems from hackers”.


Original article here