Equifax says web server vulnerability led to hack
Credit reporting firm Equifax blamed a web server vulnerability in its open source software, called Apache Struts, for the recent data breach that compromised the personal data of 143 million US consumers.
The massive data breach exposed valuable information to hackers between mid-May and July and sent shares of Equifax plummeting, the company said last week.
“We continue to work with law enforcement in our criminal investigation and have shared indicators of compromise with law enforcement,” Equifax said in a statement Wednesday.
Homeland Security Advisor Tom Bossert and Palo Alto CEO Mark McLaughlin will headline the Cambridge Cyber Summit on October 4 in Boston. Click here for more information and tickets.
Cybersecurity experts said it was one of the biggest hacks on record and was particularly disturbing because of the wealth of information exposed – names, birthdays, addresses and social security and driver’s license.
Equifax said it is determining with the help of an independent cybersecurity firm what exact information was compromised in the data breach.
Equifax Chief Executive Richard Smith is set to testify before a U.S. House of Representatives panel on October 3 after nearly 40 states joined an investigation into the company’s handling of the breach .