Equifax Breach Gets More Complicated as New Details Surface

New documents provided recently by Equifax to US senators revealed that the breach the company experienced last year may have involved types of data not mentioned in the initial disclosure of the incident.

Last May, malicious hackers exploited a known vulnerability in the Apache Struts development framework to gain unauthorized access to Equifax systems. The vulnerability was patched March 7, the same day it was announced, but Equifax security team failed to install the updates in a timely manner, leaving 143 million individuals to suffer the consequences.

However, confidential documents sent by Equifax to the Senate Banking Committee, show that hackers may have stolen additional information, including tax ID numbers, email addresses, and driver’s license information.

Equifax has responded saying its initial disclosure on was never intended to include all the types of information that may have been compromised.

Senator Elizabeth Warren has responded by asking Equifax to provide clarifications on “conflicting, confusing and incomplete information” provided by the company to both the public and Congress.

“As your company continues to issue incomplete, confusing and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?” Sen. Warren wrote in a letter to Equifax.

Equifax has one week to provide Congress with a complete list of data elements confirmed or believed to have been compromised in the last Mays breach, with a timeline of its efforts provided to determine the full extent of the intrusion.

Last week Senator Warren published a 15-page report containing the findings of her personal investigation into the Equifax breach. Her investigation found that Equifax set up a flawed system to prevent data security incidents, ignored several warnings of risk to customer data, failed to disclose the breach to stakeholders in a timely fashion, and provided inadequate assistance and information to consumers.

 

Read the article on Security Week

 

Cloud and Container Security
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
Information
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.