IRS Gives Organization A Second Chance – With Protecting Your Data…

Because logic never seems to prevail in the government, officials at the IRS have gone ahead and approved a contract with the controversial credit-reporting bureau Equifax.

The move, which came just a weeks after the announcement that Equifax had suffered repeated breaches to its infrastructure that resulted in the theft of data belonging to millions of Americans.  Despite knowing this, despite the grilling inquisition being launched into the upper management practices of the firm, and despite the fact that numerous associates of the firm are suspected of insider trading, our government has decided to throw a bone to these irresponsible fools!

POLITICO was the first to report the embarrassing no-bid contract that was awarded to the organization whose former CEO and chairman, Richard Smith, is spending most of his free time answering questions at congressional hearings on Capitol Hill.  Since POLITICO is slightly more corrupt than Murdoch’s Fox News, we’ve chosen to provide an excerpt from their coverage instead:

The no-bid contract, first reported by Politico, appears to have been finalized last week – at a time when Equifax is still reeling from a massive hack that compromised the personal information of more than 145 million Americans.

The contact summary reads as follows:

This action was to establish an order for third party data services from Equifax to verify taxpayer identity and to assist in ongoing identity verification and validations needs of the Service. A sole source order is required to cover the timeframe needed to resolve the protest on contract TIRNO-17-Z-00024. This is considered a critical service that cannot lapse.

Why not just ask the hackers to do it for us? They already have all the data to verify it against! (This is a joke, readers.)

Background: The Breach

Equifax was breached back in May but the organization wasn’t aware of the breach (oh, which breach are we talking about again here, exactly, Rick?) until the end of July.  They were probably too distracted with the other breach they were dealing with to recognize they had been infiltrated again.

The American people were not alerted of the disaster until September 18th when Bloomberg let it slip–four full months after the damage was done. As far as the actual bug was concerned, well, that’s the most pathetic part of this story. The hackers utilized a well-known flaw in the networking services used by Equifax. A patch for the bug had been released two months before the attack on Equifax took place, but IT professionals working for the credit reporting firm failed to update their systems.  Equifax, in a word, did nothing.

In an interesting twist, there were red flags raised in the past about Equifax’s lax security.  As mentioned above, this wasn’t the first breach.  Krebs On Security, run by investigative journalist Brian Krebs, was truly on the ball with this story.  Writing in May, Krebs discussed the initial breach:

In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017.

Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.

Krebs would go on to explain why he was refused an answer from Equifax: the organization hadn’t the slightest clue regarding the number of accounts that were impacted by the exploit.  They were just a bit afraid to admit that.

To make that a bit clearer for anyone wondering: this was an attack that was entirely avoidable. They just needed to install an update.

Two days ago, Equifax admitted that the attack resulted in a much larger haul than was previously reported. The total number of Americans believed to be impacted by the hack is now expected to be around 145 million individuals.

Excuses, Excuses, Excuses…

Smith maintains that the entire breach was the result of “one person” (read: Rick’s fall guy, patsy, meat-shield) not doing his job. We’re essentially expected to believe that this was all some accident and even more insulting, we’re all supposed to expect that Equifax was structured without any form of system redundancy.

In systems analysis, Equifax would be labeled as one that “fails badly,” meaning that one problem at one point will result in the entire structure failing (or in this case producing all the personal information the hackers wanted).  It goes without saying that a system should never rely solely on one person.

The opposite of failing badly is “failing well” in which an attempted breach of security will be met with continuous push-back or interference from the initial point of contact through the end of the encounter. Picture a ship that experiences a breach in the hull. Since ships are compartmentalized, the leak can be contained and the system, though damaged, is able to continue functioning until the problem can be fully resolved.

BONUS: Yahoooooooo!

The geriatric email provider Yahoo, not to be outdone by the Equifax controversies has announced they’ve re-adjusted their previous estimates about the number of accounts breached from their service from 1 billion to 3 billion

Please, readers, the only reason to use Yahoo is to troll Yahoo Answers or to play Fantasy Football — and you shouldn’t be playing fantasy football.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here