Story image

Equifax ushers new CISO as breach fallout continues

14 Feb 18

Equifax has ushered in a new chief information security officer as the fallout continues from the company’s massive data breach last year.

Jamil Farshchi will take over companywide leadership of the company’s current project to improve its information security programme. He will also collaborate with industry to share information security best practices.

 "Jamil has a reputation for helping enterprises rebuild and fortify information security programs,” comments interim Equifax CEO Paulino do Rego Barros.  

“His expertise in risk intelligence and cybersecurity combined with his intimate knowledge of industry best practices will allow us to design and deploy a best-in-class, global security strategy to re-establish ourselves as a trusted leader."

Farshchi brings a history as CISO of Time Warner and VP of global information security at Visa. He has also worked at NASA.

"Equifax is a company with tremendous potential, and I am confident that we will transform our security program into one of the most advanced and recognised globally," Farshchi comments.

"I am grateful for this new challenge and am looking forward to enabling the business with new insights, a fresh perspective, and a multi-dimensional way of thinking about global data stewardship and information security. Together, we are going to do great things for consumers, customers, and employees alike."

Last year hackers stole personal information belonging to 143 million US customers by using a web app vulnerability to gain access to files.

It was initially publicised that stolen information included names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers, credit card numbers and documents with personally identifiable information.

In a report issued by US senator Elizabeth Warren, she accuses the company of being deliberately misleading about the scale of the breach.

The letter says:

“As your company continues to issue incomplete, confusing and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?”

Only US customers were affected by the breach, however the take is a stern warning about the risks data breaches bring to organisations and their customers.

At the time of breach disclosure to the public, Equifax CEO Richard F. Smith said the breach was a ‘disappointing’ event for Equifax.

“I apologise to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”

Smith retired from his position as Equifax CEO last year.

Equifax is headquartered in the United States. It operates or has investments in 24 countries including Asia Pacific, Europe, North America, Central America and South America.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.