On September 7, 2017, Equifax, a credit protection services company and one of three major consumer credit companies within the U.S., experienced a data breach that affected a current estimate of 143 million customers, including people within the U.S., Canada, and the U.K. The cyberattack was discovered by Equifax on July 29th, and it was reported the attacker(s) had access to Equifax’s systems and information between mid-May through July 2017. The data compromised included social security numbers, birth dates, addresses, driver’s license numbers, credit card numbers, and more.
The Equifax saga continues like a soap opera, Days of Our Stolen Identity. Every time it appears the Equifax drama is ending, a new report surfaces confirming additional security issues.
As a follow-up to the "What 2018 Means for Your PCI DSS Assessment" article I posted, a client of mine had a great question regarding the future date for the semi-annual segmentation penetration test requirement for service providers. They were curious what the February 1, 2018 date meant specifically for their compliance. For instance, if they previously completed a segmentation penetration test in August 2017, would they be required to perform another test six months later, as the requirement would be applicable on February 1, 2018? Or, would they instead be required to perform a segmentation penetration test six months from the February 1, 2018 date?
Some of you may have just read the blog title and believe I made a typo on the year, but no, I am here to talk about PCI DSS in 2018. I know it seems crazy to be discussing 2018, as we are all just getting settled into 2017, but at the realization that it is already April, and somehow January, February, and March flew by like I was in a warp tunnel, I feel it’s appropriate to start discussing 2018.
As we all were working hard, with holiday vacations and a new year in our reach, the PCI SSC released a guidance document that has been long awaited. The Guidance on Scoping and Segmentation was released to all December 2016.