Equifax is a credit reporting/monitoring company who has been under heat recently for a massive breach of information. This breach resulted in 143 million people having their social security numbers, banking information, and various other personal details leaked. What they don’t want most of the public to know is that this could have been prevented with just a tad of oversight.
Equifax knew that their website’s software Apache Struts had a vulnerability way back in March. The vulnerability left them wide open to a hacking method called, remote code execution. Which normally is blocked by a sifter mechanic, but what the vulnerability allowed was the processing of malicious information and the direction of said information into direct servers with a simple error code. Apache Struts’ programmers alerted Equifax of this vulnerability back in March, and understandably a complex algorithm such as Apache needs time to fix, but the attacks on the system and the subsequent leaks didn’t start to occur until May close to 2 months after the vulnerability was announced, this leaves Equifax to answer for their own oversight and judgement on not fixing the error while they had ample time to do so.
Due to this oversight nearly 40 lawsuits have emerged, as well as investigations by the Federal Bureau of Investigation, and the Federal Trade Commission. With all the press surrounding Equifax one can only hope that they begin to pay more attention to security in the future, hopefully starting with Apache’s most recent bug announcement and fix from early September.