Last week, credit reporting firm Equifax admitted that 143 million US consumers’ personal records were exposed in a security breach over a couple of months earlier this year. What it didn’t reveal at the time, was just how callous it had been in protecting that private data.
The company learned that its attackers took advantage of a security flaw in the Apache Struts Web Framework, that allowed them to remotely execute code on Equifax’s systems. The bug was revealed in March, along with recommended patches to fix it – but clearly, Equifax didn’t move quickly enough to prevent nearly half of all Americans’ names, addresses and dates of birth from being stolen.
It’s worrying that a company with sensitive data like this had roughly three months to take the necessary steps to secure their networks, and still failed to do so.
While Equifax is having to face the music – it’s looking at a multibillion dollar class-action lawsuit, is being probed by nearly 40 US states, and its CEO will have to testify to Congress over the breach – it remains to be seen just how badly the real victims, are affected by hacks and identity theft over the coming months.