Asked by .
In this activity, you will study attempted or successful security breaches to learn more about risks, alerts, and the effect of security breaches on society.
Research two major information-related security breaches similar to the 2013 Target breach in size, scope, or impact—for example, a data breach at Facebook, a major bank, or a military or government site. Your research can include attempted attacks that were successfully thwarted, but at least one attack needs to have achieved some success and caused some level of “damage.” Track your references in the format of your choice (e.g., cells in a spreadsheet, a list of citations, citation tracking software, etc.).
Create a table or spreadsheet with a separate column for each of the two breaches. Use a separate row to respond to each question below with answers that address both breaches.
What company experienced the breach? Provide a basic description of the company.
What happened in the security breach? Summarize the events in one or two sentences.
How did the target become alerted to the breach?
Did the target miss a warning sign that would have helped to prevent or reduce the damage done? Or did a warning sign actually help the company prevent or reduce the damage?
What risky behavior (e.g., a security vulnerability or an inadequate policy for employee use of technology) did the company engage in?
What effects did the breach have on individuals? What effects did it have on society or the economy as a whole?
What steps did the company take to prevent similar future attacks?
Your submission for this activity should include the following items:
A table with two companies listed
Answers entered in cells under the appropriate company
A list or references used in your research
All Answers 1
Answered by
GPT-5 mini
AI
Below is a two-column comparison (table) of two major information-related security breaches: Equifax (2017) and SolarWinds / “Sunburst” supply-chain compromise (2020). References used are listed after the table.
Question | Equifax (2017) | SolarWinds / “Sunburst” (2020)
---|---|---
What company experienced the breach? Provide a basic description of the company. | Equifax — one of the three major U.S. consumer credit reporting agencies. Collects and maintains personal and financial information used for credit reporting, identity verification, and related services. | SolarWinds — an IT management software vendor whose Orion product is widely used for network and systems monitoring by corporations and government agencies worldwide.
What happened in the security breach? Summarize the events in one or two sentences. | Attackers exploited a known Apache Struts vulnerability in Equifax’s web application servers (spring–mid 2017) and accessed sensitive consumer data (names, SSNs, birthdates, addresses, some driver’s license numbers and credit card numbers). The breach affected roughly 145–147 million U.S. consumers. | Attackers inserted a backdoor (known as “Sunburst”/“Solorigate”) into SolarWinds Orion software updates; those malicious updates were distributed to ~18,000 customers between March–June 2020, enabling follow-on access and espionage against a subset of high-value targets (including U.S. federal agencies and large enterprises).
How did the target become alerted to the breach? | Equifax detected “suspicious” network traffic on July 29, 2017 and launched an investigation; public disclosure came later (September 2017). | The incident was discovered after FireEye (now Mandiant) detected theft of its red-team tools in December 2020 and subsequently traced the intrusion back to malicious SolarWinds updates; security vendors and governments then coordinated notifications.
Did the target miss a warning sign that would have helped to prevent/reduce damage, or did a warning help prevent/reduce damage? | Missed warning signs: a patch for the Apache Struts vulnerability (CVE-2017-5638) had been available weeks before exploitation; Equifax failed to apply it promptly and had weaknesses in network segmentation and monitoring that allowed prolonged access. | Missed warning signs: weaknesses in SolarWinds’ build and update pipeline and insufficient supply-chain protections allowed attackers to insert code into signed updates; monitoring did not detect the malicious behavior for months. The coordinated vendor/industry response after FireEye’s detection helped contain further impact once publicized.
What risky behavior or inadequate policy contributed to the breach? | Failure to timely patch critical public-facing software, inadequate network segmentation, insufficient logging/monitoring and weak data protection controls for sensitive PII. | Insecure build/release processes and insufficient supply-chain security controls (attackers could modify software that was signed and distributed), plus limited detection of anomalous behavior in deployed environments.
What effects did the breach have on individuals? What effects did it have on society or the economy as a whole? | Individuals: massive exposure of highly sensitive PII (SSNs, birthdates, addresses) increased risk of identity theft, fraud, and long-term credit impacts; many consumers needed to take steps such as credit freezes or monitoring. Society/economy: loss of public trust in a key consumer reporting agency; regulatory scrutiny, litigation, and large financial settlements; increased awareness of consumer data aggregation risks. | Individuals/organizations: direct espionage targets faced sensitive data loss and operational compromise; many organizations had to perform costly incident response, forensics, and remediation. Society/economy: highlighted severe risks of software supply-chain attacks; prompted government and industry initiatives to harden software supply chains, raised geopolitical tensions (attributed to nation-state actors), and caused regulatory and security-cost impacts for affected organizations.
What steps did the company take to prevent similar future attacks? | Equifax implemented security program changes: leadership changes, enhanced patching and vulnerability management, improved network segmentation and monitoring, broader encryption and multi-factor authentication, and agreed to settlements that included consumer remediation and ongoing security obligations. | SolarWinds and the community responded by tightening build-system security (replacing and securing build servers, code-signing controls), reviewing and rewriting parts of Orion, enhancing monitoring and incident response, engaging third-party audits, and customers implemented stricter supply-chain controls; governments issued guidance and initiatives to improve software supply-chain security.
References (sources used)
1) U.S. Federal Trade Commission, “Equifax Data Breach Settlement” (July 2019) — FTC press release and settlement summary. https://www.ftc.gov/news-events/press-releases/2019/07/equifax-pay-575-million-settle-ftc-charges-it-reasonably-failed-protect
2) Equifax, “Cybersecurity incident and important consumer information” (public statement, Sept 2017) — Equifax announcement/timeline. https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000
3) KrebsOnSecurity, “Equifax Breach Fallout: What Did They Know, and When?” — investigative coverage on patching and timeline. https://krebsonsecurity.com/2017/09/equifax-breach-fallout-what-did-they-know-and-when/
4) FireEye (Mandiant) blog, “Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims” (Dec 2020) — technical disclosure of Sunburst/TTPs. https://www.fireeye.com/blog/products-and-services/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises.html
5) Microsoft Security, “Analyzing Solorigate, the cyberattack that shook the world” (Dec 2020/2021) — analysis of the campaign and impact. https://www.microsoft.com/security/blog/2020/12/13/new-nation-state-cyber-attack-compromises-solarwinds-orion-platform/
6) CISA (Cybersecurity & Infrastructure Security Agency), “Emergency Directive and advisories re: SolarWinds” (Dec 2020) — guidance and impact summary. https://www.cisa.gov/news/2020/12/13/cisa-directive-remove-or-disable-solarwinds-orion-products
7) SolarWinds public statements and security updates (Dec 2020–2021) — company incident response and remediation actions. https://www.solarwinds.com/securityadvisory
8) Reporting summary (The New York Times, Washington Post coverage) — for general societal/economic impact and affected customers (examples): https://www.nytimes.com/2020/12/13/us/politics/russia-hack-nation-state.html
If you’d like, I can:
- Export this table to a spreadsheet format (CSV or Excel) and include the references as a separate sheet, or
- Add more technical detail on detection indicators, timelines, or the specific patches/mitigations used.
Question | Equifax (2017) | SolarWinds / “Sunburst” (2020)
---|---|---
What company experienced the breach? Provide a basic description of the company. | Equifax — one of the three major U.S. consumer credit reporting agencies. Collects and maintains personal and financial information used for credit reporting, identity verification, and related services. | SolarWinds — an IT management software vendor whose Orion product is widely used for network and systems monitoring by corporations and government agencies worldwide.
What happened in the security breach? Summarize the events in one or two sentences. | Attackers exploited a known Apache Struts vulnerability in Equifax’s web application servers (spring–mid 2017) and accessed sensitive consumer data (names, SSNs, birthdates, addresses, some driver’s license numbers and credit card numbers). The breach affected roughly 145–147 million U.S. consumers. | Attackers inserted a backdoor (known as “Sunburst”/“Solorigate”) into SolarWinds Orion software updates; those malicious updates were distributed to ~18,000 customers between March–June 2020, enabling follow-on access and espionage against a subset of high-value targets (including U.S. federal agencies and large enterprises).
How did the target become alerted to the breach? | Equifax detected “suspicious” network traffic on July 29, 2017 and launched an investigation; public disclosure came later (September 2017). | The incident was discovered after FireEye (now Mandiant) detected theft of its red-team tools in December 2020 and subsequently traced the intrusion back to malicious SolarWinds updates; security vendors and governments then coordinated notifications.
Did the target miss a warning sign that would have helped to prevent/reduce damage, or did a warning help prevent/reduce damage? | Missed warning signs: a patch for the Apache Struts vulnerability (CVE-2017-5638) had been available weeks before exploitation; Equifax failed to apply it promptly and had weaknesses in network segmentation and monitoring that allowed prolonged access. | Missed warning signs: weaknesses in SolarWinds’ build and update pipeline and insufficient supply-chain protections allowed attackers to insert code into signed updates; monitoring did not detect the malicious behavior for months. The coordinated vendor/industry response after FireEye’s detection helped contain further impact once publicized.
What risky behavior or inadequate policy contributed to the breach? | Failure to timely patch critical public-facing software, inadequate network segmentation, insufficient logging/monitoring and weak data protection controls for sensitive PII. | Insecure build/release processes and insufficient supply-chain security controls (attackers could modify software that was signed and distributed), plus limited detection of anomalous behavior in deployed environments.
What effects did the breach have on individuals? What effects did it have on society or the economy as a whole? | Individuals: massive exposure of highly sensitive PII (SSNs, birthdates, addresses) increased risk of identity theft, fraud, and long-term credit impacts; many consumers needed to take steps such as credit freezes or monitoring. Society/economy: loss of public trust in a key consumer reporting agency; regulatory scrutiny, litigation, and large financial settlements; increased awareness of consumer data aggregation risks. | Individuals/organizations: direct espionage targets faced sensitive data loss and operational compromise; many organizations had to perform costly incident response, forensics, and remediation. Society/economy: highlighted severe risks of software supply-chain attacks; prompted government and industry initiatives to harden software supply chains, raised geopolitical tensions (attributed to nation-state actors), and caused regulatory and security-cost impacts for affected organizations.
What steps did the company take to prevent similar future attacks? | Equifax implemented security program changes: leadership changes, enhanced patching and vulnerability management, improved network segmentation and monitoring, broader encryption and multi-factor authentication, and agreed to settlements that included consumer remediation and ongoing security obligations. | SolarWinds and the community responded by tightening build-system security (replacing and securing build servers, code-signing controls), reviewing and rewriting parts of Orion, enhancing monitoring and incident response, engaging third-party audits, and customers implemented stricter supply-chain controls; governments issued guidance and initiatives to improve software supply-chain security.
References (sources used)
1) U.S. Federal Trade Commission, “Equifax Data Breach Settlement” (July 2019) — FTC press release and settlement summary. https://www.ftc.gov/news-events/press-releases/2019/07/equifax-pay-575-million-settle-ftc-charges-it-reasonably-failed-protect
2) Equifax, “Cybersecurity incident and important consumer information” (public statement, Sept 2017) — Equifax announcement/timeline. https://investor.equifax.com/news-and-events/news/2017/09-07-2017-213000
3) KrebsOnSecurity, “Equifax Breach Fallout: What Did They Know, and When?” — investigative coverage on patching and timeline. https://krebsonsecurity.com/2017/09/equifax-breach-fallout-what-did-they-know-and-when/
4) FireEye (Mandiant) blog, “Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims” (Dec 2020) — technical disclosure of Sunburst/TTPs. https://www.fireeye.com/blog/products-and-services/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises.html
5) Microsoft Security, “Analyzing Solorigate, the cyberattack that shook the world” (Dec 2020/2021) — analysis of the campaign and impact. https://www.microsoft.com/security/blog/2020/12/13/new-nation-state-cyber-attack-compromises-solarwinds-orion-platform/
6) CISA (Cybersecurity & Infrastructure Security Agency), “Emergency Directive and advisories re: SolarWinds” (Dec 2020) — guidance and impact summary. https://www.cisa.gov/news/2020/12/13/cisa-directive-remove-or-disable-solarwinds-orion-products
7) SolarWinds public statements and security updates (Dec 2020–2021) — company incident response and remediation actions. https://www.solarwinds.com/securityadvisory
8) Reporting summary (The New York Times, Washington Post coverage) — for general societal/economic impact and affected customers (examples): https://www.nytimes.com/2020/12/13/us/politics/russia-hack-nation-state.html
If you’d like, I can:
- Export this table to a spreadsheet format (CSV or Excel) and include the references as a separate sheet, or
- Add more technical detail on detection indicators, timelines, or the specific patches/mitigations used.
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.