In recent days the world has become familiar with perhaps the largest data breach event ever known to humanity. I’m referring, of course, to the Equifax data breach.
The incident, as summarized by Equifax Security, potentially impacts personal information relating to 143 million U.S. consumers – primarily names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
Information potentially stolen by the hackers, including Social Security numbers and dates of birth and names, could put people at risk of identity theft for the rest of their lives, credit experts warn.
So how did such a massive breach happen?
USA Today notes that hackers took advantage of an Equifax security vulnerability two months after an industry group discovered the coding flaw and shared a fix for it, raising questions about why Equifax didn't update its software successfully when the danger became known:
"The Equifax data compromise was due to (Equifax's) failure to install the security updates provided in a timely manner," The Apache Foundation, which oversees the widely-used open source software used by Equifax, said in a statement.
At the time of USA Today’s article publication, Equifax had not responded to questions about when the patches were used to fix the security weak point, or if the patches were used at all.
It only made this statement: "We continue to work with law enforcement as part of our criminal investigation and have shared indicators of compromise with law enforcement.”
No comments:
Post a Comment