Ondrej Vlcek, CTO and General Manager, Consumer - Comments on Equifax Hack

Friday September 08 2017

“It is still not clear what kind of vulnerability was taken advantage of in the Equifax breach, however it is likely it was a leak through a web application flaw. It is unacceptable that credit bureaus which hold so much personal information which they then sell, can allow such a breach to happen and practice poor security hygiene.  We speculate that the attackers used a SQL injection to gain access. 

 Hackers are consistently searching for these vulnerabilities, and companies, especially those with access to so much sensitive information, need to significantly increase their diligence in maintaining security of their data. This is one of those cases where there is unfortunately really nothing consumers can do except be vigilant. We expect it is only a matter of when, not if, this data appears on the Dark Web market. At this point there are a few actions potential victims can take to help ensure they are protected. First closely monitor all email, social, credit card and bank accounts closely for suspicious activities. Second, consider looking into a credit freeze that will stop hackers from using your identity to accrue debt. Also, don't respond directly to emails and other messages notifying you that you're a victim. They may be scams. Instead, open up a new tab and log in directly to the site in question, or call the support center number listed on their site."

--  Ondrej Vlcek, CTO and General Manager, Consumer

See Ondrej present at Cyber Security Chicago on 18 October:


Today, we are using robotics in production, autonomous vehicles enter our streets and we are ever-connected through mobile devices and home devices around us, including smart TVs, thermostats, smart fridges, and smart toys. The digital world is driven by automation and artificial intelligence. However, we also see technology designed for good purposes being abused for malicious intent. Ondrej Vlcek, Avast EVP&GM, Consumer, and CTO, will explain today’s security risks and talk about how the security industry can stay ahead of cybercriminals, by detecting vulnerabilities in the network, and by leveraging AI and machine learning as a tool to fight back.