Equifax says web server vulnerability led to hack that exposed 143m accounts
Credit reporting company Equifax has blamed a web server vulnerability in its open-source software, called Apache Struts, for the recent data breach that compromised personal details of as many as 143 million US consumers.
The massive data breach had exposed valuable information to hackers between mid-May and July and sent Equifax shares tumbling.
“We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement,” Equifax said in a statement.
Cyber security experts said it was among the largest hacks ever recorded and was particularly troubling due to the richness of the information exposed – names, birthdays, addresses and Social Security and driver’s licence numbers.
Equifax said it is determining with the assistance of an independent cybersecurity firm what exact information was compromised during the data breach.
Equifax chief executive Richard Smith is expected to testify before a US House of Representatives panel on 3 October after nearly 40 states joined a probe of the company’s handling of the breach.
Oege de Moor, chief executive and founder of Semmle, a software analytics provider based in San Francisco, noted that the server vulnerability — known by the code CVE-2017-5638 — had been disclosed by the Struts project in March, along with “clear and simple” instructions on how to fix it.
“The fact that Equifax [was] attacked in May means that [it] did not follow that advice,” he said. “Had they done so, this breach would not have occurred.”
Women Lead: The story of an entrepreneurial scientist
I first arrived in Scotland over 20 years ago. I had £75 in my wallet and a scholarship offer to do a PhD at the University of Edinburgh. Sometimes I…
Please mind the gap… or healthcare may fall
Imagine sharing a lengthy train journey with others. From beginning to end, imagine how often you might hear ‘mind the gap’ messages about embarking and disembarking safely. Picture how navigating…
Women Lead: My journey from Dragons’ Den to Silicon Valley
Following her appearance on Dragons’ Den, Sheila Hogan, serial entrepreneur, founder and chief executive of digital legacy vault, Biscuit Tin, shares her experience of her time in the Den and…
Look anywhere – the future is ‘aged tech’. But Scotland needs to be more adventurous
Scottish Care, as the representative body of independent social care providers of care home, care at home and housing support services, has been working over several years with colleagues in…
Women Lead: Engineer turned entrepreneur
We are always fascinated by other people’s stories. It’s how we connect, grow and learn from each other. Until very recently I always felt like I didn’t have a story to tell. Who…
‘Women – together we will change the dynamic in tech’
I was inspired to start a career in technology when personal computers were in their infancy and the internet decades away. My childhood dream of becoming a scientist was shaped by…
It’s time to change the future of tech apprenticeships – and we need your help
In his latest exclusive column for Futurescot, Ross Tuffee, chair of the Skills Development Scotland (SDS) Digital Economy Skills Group, calls on tech employers to get involved in shaping the…