The actual cause of the problem has been admitted. It was a J2EE Struts app that used a release of Struts that had a serious flaw.
I’m sure if you asked a high-level manager: “Do your systems use Struts?” he would have answered “I don’t know; what is Struts?” Thus these problems....
Be that as i may there is still plenty of room in there for an insider to have initiated or allowed this. Not saying it’s so, just say if any investigation goes on, they would be remiss to assume it wasn’t.
Sure forensics tells them how the data was accessed, but who allowed the fault to remain or become installed? Who was responsible to maintain it?. Who coded it?
I don’t know anything about her but this wasn’t her first IT security job. She is a long executive, hired to manage the group, not do the hands on work. Seems that the problem could have happened to any company and if we read the news and watch how many replacement credit cards we quietly get, it happens all the time. She is being unfairly pillared in my opinion. As others noted, we’ve all hired and worked with music majors in IT, not unusual and definitely doesn’t infer the are incompetent or anything. Nothing also suggests she’s an affirmative action hire. Overall, while I thoroughly hate Equifax, I think the comments are speculative at best, reflect bias of writers that assume a woman is incompetent, assume that on certain pedigrees can manage certain companies and dpartments, etc. Very short sighted. And very unfair to her.
“I’m sure if you asked a high-level manager: “Do your systems use Struts?” he would have answered “I don’t know; what is Struts?” Thus these problems....”
It’s usually covered by the questions “when was the last time our code was patched and updated? Are we running old software with open vulnerabilities?” Two questions which are entirely in the purview and responsibility of a CSO.