with 7 Comments



Equifax delivers the 3:00 am burn notice to consumers and corporations. 

Two renown Silicon Valley venture investors, Ken Elefant of Sorenson Ventures and TJ Rylander of Next47 discuss the depth of the Equifax Data Breach, cybersecurity issues, best practices and safeguards for all corporations.



On September 7, 2017, Equifax announced a data breach on the full range of credit information on up to 143 million consumers, full names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers.

The Equifax breach appears to have taken place over a period of three months.  Researchers at the Apache Software Foundation first reported the Apache Struts vulnerability on March 9, 2017, which is part of the open source web server software widely used among corporations. Software updates and patches were available to address the security flaw, but the company did not take immediate action to update their web servers. 

Equifax discovered the breach in their network on July 29, 2017.  The company’s website claims the intrusion occurred from mid May through July 2017. 


Discussion Points:

The points discussed above (click on the interview) by Ken Elefant of Sorensen Ventures and TJ Rylander of Next47:

The extent of the data breach and the sheer number of consumers affected is going to have long term consequences and will probably require new methods of secure identification.

Utility and access to applications has always trumped security concerns.  Users have repeatedly accepted low or poor security in the name of easy access.

One of the important ways companies protect themselves is to set up a Red Team which is a designated internal team with the goal of launching a cyber attack and penetrating the company’s network.  Equifax apparently never set up a Red Team attack and did not ensure the immediate patching of vulnerabilities when they were announced and made available.

Many of the most successful attacks take a “low and slow” approach, taking place over three to nine months, establishing ongoing penetration and movement throughout a specific network to evade detection from the existing network monitoring tools.

Company executives have responsibility and accountability for these breaches, it takes constant oversight and high-quality personnel to maintain system security.

Ken Elefant and TJ Rylander have years of experience as venture capital investors for cybersecurity companies.  Both firms have  a philosophy of contributing value to their portfolio companies by helping them build relationships with customers and partners. Each gave their perspective on how venture capital investors contributing to the success of portfolio companies.


Beyond the Interview:

What about Credit Monitoring or a Credit Freeze?

The internet discussions are full of comments on the low level of responsiveness to inquires made to the three primary credit rating agencies, Equifax, Experian, and TransUnion.  If you wish to institute credit monitoring or a credit freeze, you must contact each of the three major credit reporting agencies.

The purpose of credit monitoring, fraud monitoring or a credit freeze is to prevent someone from impersonating you in a financial transaction such as obtaining a credit card in your name or purchasing an item on credit terms.

The policies on the cost of a credit freeze or credit monitoring seem to vary every few days.  For the immediate time, it appears that calling each of the three agencies to initiate a credit freeze or credit monitoring seems to be the more reliable method. 

You will be asked to enter your private information including social security number, birth date and components of your address to verify your identity and to place restrictions on the requests for your credit history. 

To freeze your credit, contact these credit bureaus:

Equifax: 1-800-349-9960

Experian: 1‑888‑397‑3742

TransUnion: 1-888-909-8872



In summary, we are just at the beginning of sorting through the issues, how to provide security of our credit history and the personal information.  Game Changers Silicon Valley will be posting a series of follow up articles on the procedures that we, as citizens, can effectively and selectively protect and restrict access to our credit information to specifically authorized parties.

7 Responses

  1. Barneyxcq
    | Reply

    kAdOWH http://www.LnAJ7K8QSpfMO2wQ8gO.com

  2. PhilipZep
    | Reply

    We all need to be more circumspect in how we go about our internet browsing, downloading and viewing. I think email has been ruined by the individuals who do not have to pay or be held accountable for their actions.

  3. Matt Day
    | Reply

    Excellent interview Jim. What amazes me about the Equifax security breach and so many others like it, is that many are derived from human error. In this case an Apache patch that should have been updated but was not. And it’s not isolated just to security holes, as was the case with the major Amazon AWS outage in March that took down major Internet services. That too was due to human error. Though I’m unsure to what degree, but it seems the biggest security threat many times is the human element in the network.

    I enjoy your Game Changers interviews, and look forward to the next in this series.

    • Anonymous
      | Reply

      Matt, I completely agree with your perspective, ultimately, we need a new method to verify our Identities, two factor authentication is a good start, and I have wondered why the credit card companies and credit rating agencies have been so hesitant to use better security.

  4. Stephanie Son
    | Reply

    Thank you for the useful information, Jim. Nicely done and good food for thought!

    The Equifax data breach incident was a horrible event, but this data has already been leaked and the burden will fall mostly on consumers to manage the aftermath. It will be up to consumers to be on guard against hackers, as I feel like there is no such thing as true privacy when it comes to data. Consumers should be very proactive and if Game Changers Silicon Valley can post a series of follow up articles on what we can do to protect our credit data, that would be great.

  5. Ann St John
    | Reply

    Thanks for the informative video and article. This is a timely topic and your guests provided an understanding and an inside as to how pervasive this problem is and how tech professionals need to be vigilant.

    • Jim Connor
      | Reply

      Thanks for the comment, we will have a follow up show on the simulated Red Team penetration testing.

Leave a Reply