Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax Was Warned (vice.com)

Posted by msmash on from the security-woes dept.

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Months before its catastrophic data breach, a security researcher warned Equifax that it was vulnerable to the kind of attack that later compromised the personal data of more than 145 million Americans, Motherboard has learned. Six months after the researcher first notified the company about the vulnerability, Equifax patched it -- but only after the massive breach that made headlines had already taken place, according to Equifax's own timeline. This revelation opens the possibility that more than one group of hackers broke into the company. And, more importantly, it raises new questions about Equifax's own security practices, and whether the company took the right precautions and heeded warnings of serious vulnerabilities before its disastrous hack. Late last year, a security researcher started looking into some of the servers and websites that Equifax had on the internet. In just a few hours, after scanning the company's public-facing infrastructure, the researcher couldn't believe what they had found. One particular website allowed them to access the personal data of every American, including social security numbers, full names, birthdates, and city and state of residence, the researcher told Motherboard.

3 of 86 comments (clear)

  1. Re:Regardless of any warning by Kenja · · Score: 2, Informative

    No worries, Trump & Co repealed the legislation that would let us file class action lawsuits against them. So Equifax will be fine.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  2. Re:Linux in Action! by omnichad · · Score: 5, Informative

    Apache Struts had plenty of quality control. The bugs in question were patched LONG before any breach. The fact that it's open source is what enabled a third-party security company to discover and report the security vulnerability so quickly.

    It's a double-edged sword, since not patching your systems means that vulnerabilities are published for all to see. But the patch was available.

  3. Re: Regardless of any warning by evilRhino · · Score: 4, Informative

    Obama put the ability to sue the banks in place, rather than forced arbitration. It is the GOP rolling back consumer protection.