Equifax, one of the Big Three credit reporting bureaus that maintains sensitive personal and financial information on just about every adult (and many children) in America, recently revealed that it was the victim of a data breach. An estimated 143 million people had their information exposed after attackers compromised a vulnerable web application and gained access to Equifax data by exploiting a flaw in Apache Struts that was disclosed in March. The investigation is ongoing and the dust hasn’t fully settled, so there will still be revelations and lessons learned from Equifax, but one thing seems true so far – the damage could have been minimized had the breach been detected earlier.
Credit reporting firm Equifax announced Thursday the hackers that breached its servers exploited an Apache Struts security vulnerability, which led to the exposure of personal information belonging to more than 143 million consumers in the United States.
While Equifax reported the breach occurred sometime around mid-May, the bug in the Apache Struts framework was fixed in March, more than two months before the apparent exploit on Equifax servers took place.