Equifax: 2.5 million more consumers may be affected by data breach than originally stated

Posted on Posted in Cyber Security

Equifax: 2.5 million more consumers may be affected by data breach than originally stated

October 2nd, 2017

Equifax: 2.5 million more consumers may be affected by data breach than originally stated

Equifax's new CEO apologizes

Paulino do Rego Barros, Jr., who was appointed CEO at Equifax less than 2 weeks ago elaborates

 

LOS ANGELES, October 2, 2017 – Mandiant, the cybersecurity consulting firm retained by Equifax to understand the breadth of the data breach incident has found that an additional 2.5MM US consumers were impacted, bringing the total to 145.5MM.

Equifax used Apache Struts to build web applications, and a flaw in that tool enabled the breach, a flaw that the United States Department of Homeland Security, US-CERT, had already disclosed in March 2017!  Equifax's security department was aware of this issue, and had started the process of patching their servers.  Patch management, as we all know, can take time; the vulnerability has to be identified, the patch has to be developed, implemented, and tested to ensure it doesn't negatively affect the application before it can be deployed to all machines running that code.  Mandiant, a competitor to ISSQUARED, was consulted by Equifax, and identified the data that had been compromised between May 13th through July 30th, 2017. 

Word of advice: call the experts at ISSQUARED on patch management.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.