Equifax breach: What you need to know [updated]
Credit to Author: Malwarebytes Labs| Date: Fri, 08 Sep 2017 07:02:47 +0000
[updates 9/12/2017]
You can follow Equifax’s efforts in response to this incident here: https://www.equifaxsecurity2017.com
Over 30 lawsuits have been filed against Equifax following the breach according to Reuters.
Quartz reported that the vulnerability they mentioned was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017. The vulnerability announced on Sept. 4 has existed in Struts since 2008.
Apache responded to that report with this Apache Struts Statement on Equifax Security Breach.
On July 29, 2017, Equifax discovered that attackers had gained unauthorized access to private data belonging to an estimated 143 million Americans by exploiting a vulnerability in a website application. It is unknown at this point whether said vulnerability was a zero-day or had already been patched. The former would indicate that other companies could have also been attacked, while the latter would reflect on Equifax’s overall security posture.
According to Equifax, online criminals maintained their presence from mid-May through July 2017 and had access to:
- Names
- Social Security numbers
- Birth dates
- Addresses
- Driver’s license numbers (in some cases)
- Credit card numbers (for approx. 209,000 U.S. consumers)
It also said that some personal information for certain UK and Canadian residents was part of this breach.
This is obviously bad news for consumers and it will only increase the lack of trust they have towards corporations that collect and store their data. It also serves as a reminder that there are ways to be proactive and exercise your right to have access to your information and put certain restrictions in place to make identity theft harder.
Equifax is offering a free identity theft protection and credit file monitoring to all of its U.S. customers while still investigating the intrusion, working along with a private firm and law enforcement. More information about this breach and how to apply for ID theft protection can be found by going to equifaxsecurity2017.com, a website Equifax has just set up.
The post Equifax breach: What you need to know [updated] appeared first on Malwarebytes Labs.