The 2017 Equifax data breach was already extremely serious by itself, but there are hints it was somehow worse. CNN has learned that Equifax told the US Senate Banking Committee that more data may have been exposed than initially determined. The hack may have compromised more driver’s license info, such as the issuing data and host state, as well as tax IDs. In theory, it would be that much easier for intruders to commit fraud. The breach compromised about 145.5 million people, although their level of exposure varied wildly. About 10.9 million Americans’ driver’s licenses were embroiled in the hack, and just a small fraction of the exposed UK licenses (just under 700, 000) had enough info to jeopardize the victims’ privacy. Equifax stressed to CNN that the initial list of exposed data was never meant to be the final, definitive account of the scope of the problem. And that’s not unheard of — companies frequently deliver rough assessments of the damage in the immediate aftermath and refine the numbers as they learn more. However, that explanation might not be enough for officials. Senators are already clamoring for a thorough investigation , and want to know the full extent of what happened. This update gives them more of what they want, but it also raises the question of why the company is still determining the scope of the breach nearly half a year after it was made public. Source: CNN Money
More:
Equifax breach may have exposed more data than first thought
President Trump on Thursday signed a long-delayed executive order on cybersecurity that “makes clear that agency heads will be held accountable for protecting their networks, and calls on government and industry to reduce the threat from automated attacks on the internet, ” reports The Washington Post. From the report: Picking up on themes advanced by the Obama administration, Trump’s order also requires agency heads to use Commerce Department guidelines to manage risk to their systems. It commissions reports to assess the country’s ability to withstand an attack on the electric grid and to spell out the strategic options for deterring adversaries in cyberspace. [Thomas Bossert, Trump’s homeland security adviser] said the order was not, however, prompted by Russia’s targeting of electoral systems last year. In fact, the order is silent on addressing the security of electoral systems or cyber-enabled operations to influence elections, which became a significant area of concern during last year’s presidential campaign. The Department of Homeland Security in January declared election systems “critical infrastructure.” The executive order also does not address offensive cyber operations, which are generally classified. This is an area in which the Trump administration is expected to be more forward-leaning than its predecessor. Nor does it spell out what type of cyberattack would constitute an “act of war” or what response the attack would invite. “We’re not going to draw a red line, ” Bossert said, adding that the White House does not “want to telegraph our punches.” The order places the defense secretary and the head of the intelligence community in charge of protecting “national security” systems that operate classified and military networks. But the secretary of homeland security will continue to be at the center of the national plan for protecting critical infrastructure, such as the electric grid and financial sector. Read more of this story at Slashdot.