Equifax Data Breach

Back in 2017, Equifax suffered the largest data breach of history, exposing the data of approximately 150 million Americans. This is nearly half of the population in the United States. It was the consumer data security scandal of the decade. Hackers stole credit files of hundreds of thousands of Americans, but also British and Canadian nationals, including Social Security numbers, dates of birth and thousands of payment card records in the May 2017 breach.

On Sept. 7, Equifax announced the cybersecurity incident, one of the largest in history. Unauthorized data access occurred from mid-May through July 2017. The breach was discovered on July 29.

The vulnerability that caused the breach was vulnerability Apache Struts CVE-2017-5638. ... The vulnerability was left unpatched until July 29, 2017, although the patch was available for a couple of months and Equifax was notified of the vulnerability. Hackers got into the Equifax systems by exploiting the vulnerability and started running queries. Eventually, they found the data of nearly 150 million users and started transferring data. Finally, Equifax's information security department discovered “suspicious network traffic” and realised they were breached. It was the incident handling and aftermath of the breach that made the situation even worse.

As a result of this incident, the company has now been severely fined. Equifax agreed to spend up to $425 million to help people affected by the data breach, but it appears that the final bill will be in the range of $700 million in fines. At Techforce Cybersecurity, we offer products such as Rapid 7 Insight VM and DarkTrace which could have helped with this type of incident.

Don’t get caught up like Equifax, data breaches can happen to companies big or small, come and talk to us! We are on hello@thetechforce.co.uk and 0333 210 6181.