Equifax Says Web Server Vulnerability Led to Hack

By Reuters
September 14, 2017 8:26 am Last Updated: September 14, 2017 8:26 am
Credit cards, a chain and an open padlock is seen in front of displayed Equifax logo in this illustration taken on Sept. 8, 2017. (REUTERS/Dado Ruvic/Illutration)

Credit reporting company Equifax Inc blamed a web server vulnerability in its open-source software, called Apache Struts, for the recent data breach that compromised personal details of as many as 143 million U.S. consumers.

The massive data breach had exposed valuable information to hackers between mid-May and July and sent Equifax shares tumbling, the company said last week.

“We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement,” Equifax said in a statement on Wednesday.

Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia on Sept. 8, 2017. (REUTERS/Tami Chappell)
Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia on Sept. 8, 2017. (REUTERS/Tami Chappell)

Cyber security experts said it was among the largest hacks ever recorded and was particularly troubling due to the richness of the information exposed – names, birthdays, addresses and Social Security and driver’s license numbers.

Equifax said it is determining with the assistance of an independent cybersecurity firm what exact information was compromised during the data breach.

Equifax Chief Executive Richard Smith is expected to testify before a U.S. House of Representatives panel on Oct. 3 after nearly 40 states joined a probe of the company’s handling of the breach.

By Kanishka Singh