GAO releases report on 2017 breach, agency response

The Government Accountability Office has released a new report on the massive 2017 data breach at the credit agency Equifax, along with an overview of federal agency responses to the event.

The 40-page report, publically released on Saturday, Sept. 7, covers a breadth of assessments and contract adjustments made by three major agencies affected by the breach—the Social Security Administration, the Postal Service, and the Internal Revenue Service. For example, in the case of the IRS, at least one government contract with the credit giant was cancelled.

The report summarized how hackers were able to find security weaknesses in Equifax’s dispute resolution system, and exploited those weaknesses to gain access to personally identifiable information. Upon discovery of the breach, SSA, USPS and IRS—“large agencies that were major customers of Equifax at the time of the breach,” according to the report—took multiple, independent actions to investigate and mitigate the effects of the breach. These actions included identifying “affected individuals,” performing independent assessments of Equifax’s vulnerabilities and security controls, altering identify-proofing procedures, and communicating with the public other affected parties.

The report notes that, to date, GAO makes no recommendations for action regarding the breach, and that key investigations by the Bureau of Consumer Financial Protection and the Federal Trade Commission remain ongoing. The GAO’s goal in the present report was to summarize the event and describe some early federal responses to it.

Reader comments

Thu, Sep 13, 2018

Maybe when the political appointed, congressional and senate minions have their credit breached they will do something about it. Probably not since these companies paid for their election campaigns and now the elected officials look the other way to pay back their corporate allies.

Wed, Sep 12, 2018

The minions at Equifax all were paid great bonuses and cashed in on their stock options. Now they want the consumer to pay a service to monitor the dark web when they were responsible for this. If the congress and senate actually worked and protected the consumer this would have been taken care of. Oops did I forget to mention who do you think pays off both political parties during and after elections, thanks to the dems and republicans for this mess!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

Contributors

Edward A. Zurndorfer Certified Financial Planner
Mike Causey Columnist
Tom Fox VP for Leadership and Innovation, Partnership for Public Service
Mathew B. Tully Legal Analyst

Free E-Newsletter

FederalDAILY

I agree to this site's Privacy Policy.

Stay Connected

Latest Forum Posts

Ask the Expert

Have a question regarding your federal employee benefits or retirement?

Submit a question