The credit reporting agency that fell victim to a large-scale data breach in 2017 is in more hot water. The large-scale data breach of Equifax in 2017 was initially thought to have impacted 145.5 million people worldwide, but the credit reporting agency has now revealed that an additional 2.4 million Americans were affected.
Equifax uncovered the additional victims by cross-referencing names with partial driver’s license numbers. Although the company says that these consumers had substantially less personal information compromised than the original targets, it is notifying them all and will once again provide credit monitoring and identity theft protection services.
GitHub suffers the largest-known DDoS cyber attack in history
The leading web-hosting service, GitHub, revealed last week that, for less than ten minutes, malicious actors wreaked havoc in the largest distributed denial-of-service (DDoS) attack to date. DDoS attacks aim to disrupt websites and their services by bombarding them with so much traffic that they are forced offline.
According to a blog post by GitHub Engineering, the DDoS attack took GitHub.com down on Wednesday, February 28. GitHub identified and mitigated the attack. The post says, “The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.”
The amplification attack, which Cloudflare reported on and coined ‘memcrashed,’ has garnered its own Twitter hashtag. The memcache amplification attack peaked at 1.35 terabytes per second via 126.9 million packets per second. Memcached systems distribute data and objects within RAM caches to optimize performance. According to Wired, the memcache system volume used amplified about 50 times its normal allocation.
GitHub used Akamai’s DDoS protection service, Prolexic, to reroute GitHub traffic via its “scrubbing” centers. Prolexic removed and blocked data it classified as malicious. Within eight minutes the criminal hackers called off the attack.
Cyber protection is vital to business continuity
No matter how cyber secure you think your business is, criminal hackers are indiscriminate, and are using increasingly sophisticated and menacing attacks. Organizations that are looking to improve their cyber hygiene to protect private data should implement an information security management system (ISMS). ISO 27001 is the standard worldwide for ISMS best practice. Implementing an ISO 27001-accredited ISMS demonstrates that your organization has taken a systematic approach to safeguarding sensitive and private corporate information, while protecting the privacy of consumers.
Preparing an ISMS that will pass audit by an accredited certification body can be a challenging project. IT Governance, a global leader in ISMS implementations, is offering a unique, four-day training program. You will leave this course with all the knowledge you need to plan, implement, and maintain an ISO 27001-compliant ISMS.
Book a place on our ISO27001 Foundation and Lead Implementer Combination Course for a 15% saving on the cost of the two separate courses.