Home > US News, USA > Equifax could have prevented the data breach two months before it happened

Equifax could have prevented the data breach two months before it happened

Equifax, the credit reporting agency that announced a major data breach last week, had access to the security patch that would have stopped the hackers two months before the breach happened, according to the software company that created the patch.

The timeline

  • On March 7, the Apache Software Foundation released a patch for the vulnerability that Equifax has confirmed caused the breach. Both the vulnerability and the patch were widely known within the industry.
  • The breach itself began in May, with exposure continuing into July. Equifax discovered the breach on July 29.
  • Equifax announced the breach affecting approximately 143 million consumers on Sept. 7.

What the experts are saying

The Apache Software Foundation: “The Equifax data compromise was due to (Equifax’s) failure to install the security updates provided in a timely manner.”

Pravin Kothari, CEO, CipherCloud: “They should have patched it as soon as possible, not to exceed a week. A typical bank would have patched this critical vulnerability within a few days.” (USA Today)

Ilia Kolochenko, CEO, High-Tech Bridge: “A majority of large companies have similar challenges, problems and weakness in their cybersecurity. Most companies still fail to maintain a proper application inventory and thus keep critical vulnerabilities unpatched for months,” (USA Today)

How Equifax is handling this

Not particularly well, so far. The company has been overwhelmed by requests by consumers to freeze their credit, which temporarily knocked the system offline Wednesday.

No one with Equifax has yet responded to questions about why the patch wasn’t implemented in March.

“We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement,” the website reads.

It’s also important to remember that three Equifax executives sold millions in shares in the days following the discovery of the breach, months before it became public.

Repercussions

  1. September 16, 2017 at 11:01 PM

    Reblogged this on "OUR WORLD".

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: