Equifax Comes Clean About Previous Hacking Attack in March

Equifax Comes Clean About Previous Hacking Attack in March”

A few days later, Equifax brought in security consulting firm Mandiant, now a unit of FireEye and associated with many high-profile forensics investigations including the Yahoo breach previous year, when data on more than 1 billion accounts were exposed. The company late Friday announced the immediate retirement of David Webb, its chief information officer, and Susan Mauldin, its head security officer. Mauldin came under scrutiny for her credentials to be a CSO.

Given the scope of a growing number of major data breaches, each one is harder to top, although security experts know there's no bottom limit to what could be next.

The company named Mark Rohrwasser as interim chief information office and Russ Ayres as interim chief security officer.

Equifax also provided its most detailed timeline of the breach yet, although it raised as many questions as it answered. The key passages explain that the company "observed suspicious network traffic" on July 29th, "continued to monitor network traffic and observed additional suspicious activity" on the 30th and "took offline the affected web application that day". But it came down to a flaw in a tool created to build web applications, the company said in a press release this week.

At this point, Equifax's retelling grows cloudy.

They were using Apache Software and that company discovered a flaw in their program. The dispute portal was brought back online soon after.

The next point on the company's list says "Equifax's Security organization was aware of this vulnerability at that time, and took efforts to identify and to patch any vulnerable systems in the company's IT infrastructure".

It apparently missed at least one vulnerable system.

The news hasn't gotten better since Equifax disclosed that it was hacked on September 7.

But elsewhere in the statement, Equifax just-about-confesses that those efforts either missed the Struts implementation or failed to patch it properly.

Equifax has been castigated for how it has handled the breach, which it did not disclose publicly for weeks after discovering it. Many have complained that inconsistent information has been offered and that phone lines have been jammed. The company says it has addressed many of those problems. Equifax is offering credit freezes to customers free of charge through November.

And on August 2 Equifax contacted Mandiant, a professional cybersecurity firm, to help the company assess what data had been compromised. Equifax admitted it during its announcement on Friday.

Like this


20 September 2017
Tom Pidcock claims junior time-trial crown
Pidcock is the current world, European and British national champion in cyclo-cross and British national Criterium champion. The 18-year-old, who is also world cyclo-cross champion, was 12 seconds faster than his nearest rival on the 21.1km course.

20 September 2017
Elliott, Cowboys provide litmus test for Broncos' D-line fix
I think the way the Broncos want to play offense, running the ball and setting up the play action pass, will keep this one close . But with names like Tomlinson and King questioning Elliott's heart, it's going to be a long week for him and Cowboys fans.

20 September 2017
Avril, Bruno 'most dangerous' to search on web
That rate goes up to 22 percent when the singer's name is searched along with "free MP3s". Lavigne is the first female musician to take the top spot on the list.

20 September 2017
Orange fences placed around Confederate statues
City councilors and some area residents are exhausted of seeing black plastic materials get added to the Robert E. This comes after a different group removed the shrouds from both the Stonewall Jackson and Robert E.

20 September 2017
Watch America's Got Talent Live Show Finale online
Only one act will be named the victor and be handed a very large check; however, they can't get there without performing tonight.

20 September 2017
PlayStation's Tokyo Game Show: Watch all the trailers here
Those who preorder the game will get the "Origin Series" armor and a Wind Charm item, with preorders set to open on September 20. Square Enix also released a short teaser trailer, but it really doesn't give away much information on the game's storyline.

20 September 2017
Best drama Emmy for The Handmaid's Tale
It means Hulu, which had 18 nominations, has beaten its bigger competitors Netflix and Amazon to the Emmy's top drama prize. The story was adapted for television by showrunner Bruce Miller , with MGM Television producing and distributing worldwide.

20 September 2017
Prescription take-back boxes open at state police barracks across Pennsylvania
Since the drug take-back program began in 2015, Pennsylvania has collected and destroyed 301,388 pounds of drugs, Smith said. An additional box is available at the Decatur Township police station in Osceola Mills, Clearfield County.

20 September 2017
New $10 banknote now in circulation
Governor Philip Lowe said the new $10 banknote contained the 'same world-leading security features as the new $5 note'. It also has a tactile feature which has been added to assist the vision impaired.

20 September 2017
Udacity opens registration for Intro to Self Driving Cars Nanodegree program
To top today's round of announcements off, Udacity enlisted professional race auto driver Danica Patrick as a spokesperson. Founded in 2012, Udacity initially sought to work with universities as a provider of massive online open courses (MOOCs).