The week in security: Equifax offers 143m reasons to review your data security and compliance

Credit-reporting agency Equifax was leading the news this week as a massive website vulnerability exposed data on 143m US consumers. The breach sent Americans scrambling to find out if they were among the compromised, while security practitioners worked through their own there-but-for-the-grace moments and contemplated how AI might help tighten the controls on their own data.

Open-source developers are also helping tighten controls, with CyberArk the latest firm to throw their technology into the open-source mix and hope it improves SecDevOps practices.

Also on the subject of good practices, research findings suggest that Australian companies aren’t doing great at complying with PCI DSS and maintaining their compliance – but what will this mean for GDPR, which has a broader scope and potentially bigger penalties for violations? It’s going to be a big question as we hurtle towards the new compliance regime.

In the meantime, new data was offering options for those concerned about building a secure cloud strategy.

Lenovo was fined $US3.5m ($A4.4m) over its Superfish adware fiasco and can no longer ask for user consent in its end-user license agreement. It’s an ignominious end to a scandal that many people thought Microsoft had started.

Speaking of fraudulent behaviour, phishers were targeting Microsoft Office 365 users in what experts believe may be an attempt to soften up a major fraud target.

Fraud comes in all shapes and sizes, and another major insider threat – the leaking of a recent Game of Thrones episode – highlights the challenges companies face in important but potentially problematic employee monitoring.