Skip to main content
close search
site logo
Dive Brief

What caused the Equifax breach? Failure to patch a bug

Published Sept. 14, 2017
Naomi Eide's headshot
Managing Editor
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Dollar Photo Club

Dive Brief:

  • Following Equifax’s announcement of the data breach of 143 million U.S. consumers, Equifax said hackers were able to access its network through an unpatched vulnerability on a website application. 
  • Attackers were able to exploit a web application vulnerability called Apache Struts CVE-2017-5638, the company said. But a patch for the vulnerability was available on March 6, two months before attackers exploited the vulnerability on Equifax's site, Ars Technica reports
  • Equifax also released an update regarding the arbitration clause after concern that if a user signed up for free credit monitoring, they waived their right to participate in class action lawsuit against the company. Equifax said it removed the language from the credit monitoring terms of use and the arbitration language will not apply to any consumer who signed up prior to the language's removal. 

Dive Insight:

Human error strikes again. Patchwork security has long been the culprit of cyberattacks. Without system and network updates, companies leave holes in their security as seen in May’s WannaCry attack, which exploited a hole in Windows 7 software. Microsoft had advised Windows 7 users to update to Windows 10, long before the attack could impact its 200,000 victims.

Even the U.S. government is facing scrutiny over its patchwork efforts. In a recent Security Scorecard report, the U.S. government came in 16th place for patching applications out of 18 industries. Despite 75% of the government’s $80 billion IT budget is delegated to system maintenance, patchwork falls short. 

For Equifax, the revelation that the root cause of the attack was lacking cybersecurity practices will only fuel the numerous lawsuits it is facing. Consumers will be quick to blame negligence, particularly if the breach could have been prevented by more timely security updates.  

The firms lack of transparency and poor communication about the breach is causing widespread citicism. Cybersecurity incidents this severe can cause ripple effects through an organization, potentially even leading to company leadership shakeups. 

Recommended Reading

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell