Credit reporting agency Equifax stores financial data on more than 800 million consumers and 88 million businesses worldwide, so data security is absolutely critical.
On July 29, 2017, the company detected and blocked suspicious network activity associated with a web portal used by U.S. consumers to file disputes. Later analysis revealed the portal’s application framework, Apache Struts, was outdated and had a severe data security vulnerability.
Equifax hired cybersecurity firm Mandiant to conduct a forensic analysis, which revealed a massive data breach affecting 143 million U.S. consumers. Further investigation later increased the number to 145.5 million – or about 45% of the U.S. population.
Severe Data Security Vulnerability Overlooked
Equifax was first alerted to the Apache Struts vulnerability on March 8, 2017, more than two months before the breach started, according to testimony to a U.S. House subcommittee by from former Equifax CEO Richard Smith. Equifax failed to act on the alert and apply the available patch.
Hackers launched the attack exploiting the vulnerability about two months later, on May 13, 2017. By the time the breach was discovered in late July, hackers had accessed dozens of databases and created more than 30 backdoors into Equifax’s systems.
How your Business Can Avoid this Type of Security Breach
Even though the security breaches at large corporations make the headlines, it’s the smaller companies that are the most vulnerable. Small businesses are generally easier to hack because they don’t put real security measures in place. Here’s what we recommend:
- Apply Security Patches in a timely manner – Equifax failed to realize an alert for a critical vulnerability applied to one of its web portals. A flaw that should have been patched in a timely manner went unpatched for months.
- Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.