It’s easy to forget that roughly a year ago, Equifax was hacked, which compromised the personal information of roughly 145.5 million individuals.
The scope of the breach was concerning for a number of reasons, not the least of which was the fact that Equifax was providing identity verification services for three federal agencies at the time it was attacked.
In a recent report, GAO reviewed how these agencies responded to the attack. While not making any specific recommendations at this time, GAO’s report does highlight the extent to which federal agencies were not fully prepared for cyberattacks on private contractors.
Prior to the Equifax breach, the IRS, the Social Security Administration, and USPS contracted with Equifax to provide identity verification services. These agencies relied on Equifax’s databases to verify the identities of individuals applying for various services. For example, the IRS used Equifax servers to verify identities for tax return purposes.
Following the Equifax cyberattack, agencies took a variety of steps to assess the situation and make proactive changes to their contracts with Equifax. Foremost was notifying impacted individuals. While there was no breach of agency systems in connection with the Equifax attack, there was nevertheless concern that impacted individuals may have had an increased risk for identity theft. Accordingly, one of the first actions taken by the impacted agencies was to notify impacted individuals.
Keep reading this article at: http://smallgovcon.com/uncategorized/gao-reviews-agency-actions-in-the-wake-of-equifax-data-breach/
