The Equifax breach has exposed about 143 million people’s personal information, including names, addresses, dates of birth and Social Security numbers. The hack triggered a federal investigation and has shaken both the company and the consumer’s trust in the financial system. So how did it happen?
The Wall Street Journal reports that on March 8, researchers at Cisco Systems Inc. reported an online security flaw in Apache Struts, a widely used piece of open-source software used to build interactive websites. Hackers could use this flaw to break into servers. Apache issued a patch for the problem the same day, and two days later, the U.S. Computer Emergency Readiness Team, part of the Department of Homeland Security, sent out a notice.
Equifax uses Apache Struts on their website where consumers can dispute errors in credit reports. They say they found and fixed any vulnerable systems.
But then, other companies started to see suspicious activity from late May to early June, according to The Wall Street Journal. One large firm that links credit-card networks, merchants, and lenders say they saw a spike in fraudulent activity. They were getting dozens of calls per week, The Wall Street Journal says. In late July, Equifax discovered suspicious traffic and found that the flaw still existed in some areas. The company says it went back in and fixed the vulnerable systems, but by then, it was too late. From mid-May to July 30, hackers had been able to ransack information at the credit-reporting company.
The Wall Street Journal writes that investigators are still trying to figure out what the company did right and wrong, including its response to the flaw found by Cisco. The company has yet to explain why their original patching of the flawed system failed.
Much is still unknown, but the scale of the breach, as well as the sophistication of the hack and the nature of the stolen data, all point toward a state-sponsored actor, writes The Wall Street Journal. Some people say it appears Equifax was using a centralized system for some of its data, which could have made it more vulnerable.
Alex Holden, chief information security officer of identity-theft monitoring company Hold Security LLC, told Wall Street Journal that it was discovered last week that you could gain access to an Equifax-operated employee portal in Argentina but signing in using “admin/admin” for the username and password.
The Wall Street Journal reports that three Equifax officials sold a total of about $1.8 million in stock Aug. 1 and 2, but Equifax has said they didn’t know about the breach at the time of the sales.
On Aug. 2, Equifax brought in a well-known cyber-investigations division of FireEye Inc., Mandiant.
Equifax says that Mandiant’s initial assessment was that 50 million accounts were affected. But then weeks later, Mandiant told Equifax that the hit was larger than originally thought, The Wall Street Journal reports.
On Sept. 7, Equifax announced the cyberattack at the end of regular stock trading.
This article was featured in the InsideHook newsletter. Sign up now.