The United States Consumer Credit Agency Equifax became a victim of a massive data breach last week. And the leak could have affected more than 143 million customers from United States, UK, and Canada. The data stolen includes social security numbers, birth dates, credit card details and birth dates.
When Equifax launched a probe it discovered that hackers entered into its system by exploiting a security flaw in a software package Apache Struts. Security experts say that the software makers patched that flaw on the same day. But the IT department of Equifax failed to update the fix on their systems on March 7th of this year and this led to the recent cyber attack which exposed critical data of millions of customers.
Readers of Cybersecurity Insiders have to notify over here that Apache Struts is used in around 65% of Fortune 100 companies and by government agencies. Many financial firms like Annualcreditreport.com rely on Apache Struts to perform their day to day operations.
A security expert from cyber security firm Threat Intelligence said that usually, software upgrades involve the need to rebuild hundreds of apps using the new updated software. It requires a lot of testing, analysis, and implementation which is time-consuming. So, the security expert who likes to comment on an anonymous note said that Equifax’s IT department might have ignored the fix due to the reason that the framework will consume a lot of time.
Equifax has issued a public statement that it will work with the regulators in Canada, United States, and the UK to determine appropriate next steps for customers affected in those countries. The statement also adds the line that the company hasn’t found any evidence that personal info of consumers in any other country has been impacted.