The biggest data breach in history attributed to poor human behaviour was the Equifax data breach of 2017. This breach exposed the sensitive personal data of 147 million people, including Social Security numbers, birth dates, addresses, and credit card details. This breach is often cited as a consequence of human negligence and poor cybersecurity practices.
- Missed software patch. The attackers exploited a vulnerability in Apache Struts, an open-source web application framework. The vulnerability had been publicly disclosed and patched two months before the breach, but Equifax failed to update its systems.
- Ineffective internal processes. Despite receiving multiple alerts about the critical vulnerability, the IT team did not act promptly to implement the fix. This oversight allowed hackers to infiltrate Equifax’s systems and remain undetected for 76 days.
- Poor data security practices. Sensitive data was stored without proper encryption in some areas. This made the information easier to access and exfiltrate once the attackers gained entry.
- Reputational damage. The breach eroded trust in Equifax and highlighted systemic issues in its cybersecurity protocols.
- Financial penalties. Equifax agreed to pay up to $700 million in fines and settlements, including compensation for victims.
- Heightened scrutiny. The breach prompted legislative actions and underscored the critical need for accountability in data protection.
This breach illustrates how human error, negligence, and poor organisational culture can amplify the risks of cyberattacks. It emphasises the importance of:
- Timely patch management
- Proactive monitoring and alert systems
- Cybersecurity training for all employees
Had these practices been followed, the breach could have been avoided.
