It should be an absolute crime for corporations “entrusted in keeping our personal data”, from conducting lackadaisical security practices, and putting our security and privacy in jeopardy.  The Equifax security breach in 2017 is a prime example.

Equifax is a credit bureau that provides credit information to many financial institutions and data brokers.  It holds vast amounts of personal data on individuals, so banking institutions can determine credit worthiness for loan and mortgage applications.

Equifax was breached in May 2017 on a server utilizing an Apache Struts 1 open-source web application.  Equifax was notified in March 2017 by Apache, as well as the Department of Homeland Security, of a critical security patch that was required to be installed to correct a security vulnerability with the Struts 1 application.  Equifax didn’t get around to installing the patch until the end of July, 2017.  At that point, a discovery was made that a breach had occurred on their system back in May 2017, 2 months after they should have installed the patch.  Attackers were able to use a known vulnerability to gather vast amounts of personal data on over 145 million US, 15 million UK, and over 100,000 Canadian citizens.  This attack was not even considered very sophisticated by security experts, and Equifax was said to be solely at fault.  
 
To add salt to the wound, after the security breach had been discovered, Equifax’s Incident response was less than stellar.  It took Equifax nearly 6 weeks to divulge to their customers that they had been breached, putting them at more risk of Identity theft. 

It is unfortunate that corporations and our financial markets are more interested in “the bottom line” of profits, rather than funding a small cybersecurity budget to prevent situations like this from happening.  Equifax is one of many corporations that have been hit by cyber criminals.  Who will be the next target?

Below is a link to Wikipedia on a list of data breaches that have occurred over the years.
https://en.wikipedia.org/wiki/List_of_data_breaches

Researchers have just recently released information on two security flaws that they have discovered that create security vulnerabilities on most smartphone and computer CPU hardware. They have called these two flaws Meltdown and Spectre.  Software companies are scrambling to get software patches written to correct these flaws from affecting most smartphones and  computer equipment.  This is just another example of why it is so important to keep your computers and smartphones updated with the latest security patches and system updates. Below are links to several articles for further information on these security flaws. 

https://meltdownattack.com/

http://www.cbc.ca/news/technology/security-flaws-cpus-intel-arm-amd-spectre-meltdown-memory-1.4472675