Equifax says web server vulnerability led to hack that exposed 143m accounts
Credit reporting company Equifax has blamed a web server vulnerability in its open-source software, called Apache Struts, for the recent data breach that compromised personal details of as many as 143 million US consumers.
The massive data breach had exposed valuable information to hackers between mid-May and July and sent Equifax shares tumbling.
“We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement,” Equifax said in a statement.
Cyber security experts said it was among the largest hacks ever recorded and was particularly troubling due to the richness of the information exposed – names, birthdays, addresses and Social Security and driver’s licence numbers.
Equifax said it is determining with the assistance of an independent cybersecurity firm what exact information was compromised during the data breach.
Equifax chief executive Richard Smith is expected to testify before a US House of Representatives panel on 3 October after nearly 40 states joined a probe of the company’s handling of the breach.
Oege de Moor, chief executive and founder of Semmle, a software analytics provider based in San Francisco, noted that the server vulnerability — known by the code CVE-2017-5638 — had been disclosed by the Struts project in March, along with “clear and simple” instructions on how to fix it.
“The fact that Equifax [was] attacked in May means that [it] did not follow that advice,” he said. “Had they done so, this breach would not have occurred.”
The pandemic has taught me how to share more – and I feel a better leader for it
As a young professional starting out in the tech sector 30 years ago, I thrived on the fast pace,constant change and demanding workload. I lived in London, Singapore and Australia…
We need to shout about our successes. Liz Fletcher on celebrating women in biotech
Throughout my career in biotechnology and life sciences, I have seen many women leading ground-breaking research studies in their fields of expertise. Yet, and I include myself in this, we…
Getting the best out of patient data is key to unlocking future health benefits in Scotland
It is important that clinicians’ voices are heard in the consultation around Scotland’s new health and care data strategy, which closes this week (12 August). Busy GPs like myself are the trusted…
How motherhood helped me be a better leader
Consider this an open letter to anyone I have worked with before I became a mother and before I fully understood how being a parent is actually a prized asset…
‘We cannot achieve our goals without entrepreneurs’ – Kate Forbes on vision for new ‘tech scaler’ network
From the very start of my ministerial career, I have had responsibility for the Scottish tech sector – and I can still say what I have said from the start,…
Finding a role in cyber was ‘tough’ for Cheryl Torano. Now she’s determined to help other women join an under-represented industry
When I decided to upskill to change careers at the age of 30 and dive into the digital world, I knew I would be starting out at the bottom of…
Why innovation and marketing are the perfect partners to make changes that matter￼
With the rapid evolution of traditional marketing and the appearance of digital marketing, technology and innovation has become part of any marketer’s life without the need of working for a…
Transitioning to a four-day week – CEO’s vow to strike a healthier balance in the workplace
I came to Scotland nearly 20 years ago from Ireland, with no contacts but a lot of determination. While Ireland will always be my home, Scotland has given me amazing…