On September 7, 2017, Equifax announced some troubling information for consumers – a cybersecurity failure had led to hackers gaining access to the information of about 143 million people.
In terms of size, this breach is certainly significant, although it’s not the largest breach in history. That dubious honor goes to Yahoo’s breach last year. But in terms of severity, the Equifax cyber attack is hard to beat. Hackers were able to get people’s names, addresses, birth dates and Social Security numbers. They got some people’s driver’s license numbers, and for about 209,000 people, they also stole credit card numbers.
How did hackers get so much information, and how can you keep yourself safe from identity theft after this breach? Here’s everything you need to know about the Equifax cyber attack.
What Went Wrong
Along with Experian and TransUnion, Equifax is one of the major credit reporting agencies. Because of the information they handle, each agency is a natural target for hackers. This is far from the first cyber attack Equifax has suffered. In 2016, hackers stole information from W-2s, including data on taxes and salaries. This year, hackers were again able to get data from W-2s, this time from TALX, a subsidiary of Equifax.
Equifax uses an open-source framework called Apache Struts for its online disputes web app. There was a vulnerability in the platform, but the Apache Software Foundation found out about it in March of 2017 and released information regarding it, along with an update that would fix the issue.
The unfolding of Equifax breach shows that the attack started two months after vulnerability was disclosed and the patch was in fact made available by Apache. In other words the patch could have been eliminated with a patch long before the attack. Had Equifax updated its systems, the breach wouldn’t have occurred. Unfortunately, it failed to do that, leading to hackers accessing its data. It’s believed that the breach started on May 13 and lasted until July 30.
The real problem in all of this is that it takes enterprises longer to fix vulnerabilities than it takes hackers to start exploiting them. This, unfortunately, is not the only case similar scenario happened with WannaCry attack back in May 2017. All of these example shows us that we continue to leave wide-open window of opportunity for hackers.
How Equifax Handled the Cyber Attack
Equifax security first noticed the suspicious traffic related to its online disputes portal on July 29. It blocked that traffic, but there was more suspicious traffic the next day, at which point they took that disputes app down entirely.
Next, the credit agency hired Mandiant, an independent cybersecurity firm, to conduct an investigation on what happened. That investigation started on August 2. Another point of controversy regarding this breach is that on August 1 and 2, multiple Equifax executives sold $1.8 million of their stock shares in the company. Equifax has said that none of them knew about the breach at the time, which means either Equifax is lying, or executives, including the company’s chief financial officer, John Gamble, had no knowledge of a massive date breach.
Equifax made its announcement regarding the breach and the scope of it on September 7. The fact that it waited that long has also led to quite a bit of criticism, although Equifax claims this is because it needed to gather data.
How Can we Prevent these Attacks From Happening Again?
Flexera’s FlexNet Code Insight provides a complete Bill of Materials (BOM) for open source and third party components in your code, and alerts you to OSS vulnerabilities.
Flexera’s Software Vulnerability Manager delivers vulnerability intelligence, assessment and remediation.
These tools are key for effective reduction of risk by shutting the window of opportunity for hackers.