Retrospective ass-covering ©
“'The report noted some of the previously-disclosed details of the hack, including the expired SSL certificate that had disabled its intrusion detection system for 19 months” ..
Retrospective ass-covering, seeing as there was no one actually tasked with monitoring potential security bugs.
“The report states that Equifax's IT team did scan for unpatched Apache Struts code on its network. But it only checked the root directory, not the subdirectory that was home to the unpatched software”
This is total pseudo technical sounding BS, what kind of a security scan only checks the root directory. The reality more likely that there was no such IT Team, and nobody was tasked with checking Apache Struts for bugs.
“It was only when the certificate was renewed that Equifax saw the massive amounts of data being copied from its servers and realized something was very wrong.”
Enough already, it was only after Equifax customer records was spotted online that Equifax became aware of the hack. And Equifax was being monitored by a respectable security company that shall have to remain nameless.
“Equifax blamed its woes on an IT staffer who hadn't installed the Apache patch, and fired the person.”
What was the name of this imaginary IT staffer person?