Since Equifax first disclosed its data breach at the beginning of September, the company has undergone a slew of changes and faced widespread criticism about how it handled the security incident.
While other companies, such as Target, Home Depot and Yahoo, have suffered damaging security incidents in the past, some experts believe the Equifax breach could serve as a turning point in how cybersecurity is treated at the corporate level.
"The thing that makes this different for me, from this perspective, is up to this point the courts have overwhelmingly sided with companies when lawsuits have been brought," said Todd Thibodeaux, president and CEO of CompTIA, in an interview with CIO Dive. "If the courts side with the plaintiffs in these cases, and the judgements come down in substantial amounts, that's going to be what will cause the turning point."
"If it doesn't happen and the courts side with Equifax, it won't change a thing," he said.
If the penalties increase, judgements could become more severe and, in turn, insurance companies would raise their rates, according to Thibodeaux. This would particularly impact "honey pot" companies with troves of sensitive information, such as organizations in the financial, medical and consumer services sector.
While Equifax's legal fate is still uncertain, in the wake of the breach some organizations are working to prioritize cybersecurity and vendors are trying to improve security tools they have to offer.
To track the ongoing incident, below is a wrap up of news relating to the Equifax data breach:
Just before revelations of the major data breach, three company senior executives — including the CFO — sold a total of $1.8 million worth of company shares. Read More >>
Within days of the company’s breach disclosure, legal teams across the U.S. filed more than 30 lawsuits against Equifax. One firm filing a federal lawsuit plans to seek as much as $70 billion in damages. Read More >>
Attackers were able to exploit a web application vulnerability — but a patch for the bug was available two months before Equifax was targeted. Read More >>
Traditionally, the FTC remains silent on its plan of action regarding ongoing investigations. However, due to the large and sensitive nature of the breach, the agency found the announcement appropriate. Read More >>
The change of Equifax C-suite leadership reflects the toll cybersecurity incidents can take on an organization. With Webb and Mauldin retiring, it is up to their successors to centralize technology leadership and ensure negative IT impact from the breach is contained. Read More >>
In the March incident, which occurred five months before the second breach was discovered, Equifax notified a small number of impacted individuals, including banking customers. Read More >>
Smith reaffirmed his commitment to getting Equifax back on track after the company's massive data breach. "At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward," Smith said. Read More >>