One week after announcing the worst breach in American history, and days after it was revealed that the breach had been caused by simple negligence, Equifax has announced the “retirement” of its Chief Information Officer, David Webb, and Chief Security Officer, Susan Mauldin, though “the company’s review of the facts is still ongoing.”
Equifax’s world-beating breach of 143 million Americans’ sensitive personal and financial information was the result of the company’s failure to patch a two-month-old bug in Apache Struts, despite multiple reports of the bug being exploited in the wild.
A patch for the vulnerability (“Apache Struts CVE-2017-5638”) was issued on March 6. Equifax’s websiteRead More
During the five weeks after hackers stole 143 million Americans’ data from Equifax, and while its execs were selling off their stock by the millions, the company sprang into action, producing an insecure site for checking whether your own data was breached that produces the same output no matter what name and SSN youRead More
From mid-May to July 2017, Equifax exposed the financial and personal identifying information of 143 million Americans — 44% of the country — to hackers, who made off with credit-card details, Social Security Numbers, sensitive credit history data, driver’s license numbers, birth dates, addresses, and then, in the five weeks between discovering the breachRead More