One, did you all check to see if you have been impacted? Most likely you have. Two, the entire thing human error and straight up negligence on their part. This from the company that has info you didn't give them who will ruin your credit for being late with a payment, and or, make it damn near impossible to remove something from your report you didn't cause. People really should be outraged about this.
A few execs in the company stepped down (vs being fired) and and no doubt, left with millions in golden parachute reward for sucking at their jobs. I recommend you PASS this around and let the powers that be (your elected officials will also be directly impacted so probably pissed off) you want a federal investigation and those found guilty, pay the price.
Failure to patch two-month-old bug led to massive Equifax breach
The Equifax breach that exposed sensitive data for as many as 143 million US consumers was accomplished by exploiting a Web application vulnerability that had been patched more than two months earlier, officials with the credit reporting service said Thursday.
"Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted," company officials wrote in an update posted online. "We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement."
The flaw in the Apache Struts framework was fixed on March 6. Three days later, the bug was already under mass attack by hackers who were exploiting the flaw to install rogue applications on Web servers. Five days after that, the exploits showed few signs of letting up. Equifax has said the breach on its site occurred in mid-May, more than two months after the flaw came to light and a patch was available.
Cont:
https://arstechnica.com/information-...month-old-bug/
Bookmarks