When a company’s business is solely devoted to collecting your most valuable information, you would hope that its security is up to the challenge of a world full of criminal hackers looking to exploit your data for their gain. Unfortunately that wasn’t the case with Equifax. The company allowed months to go by before plugging a known hole in its security. The WSJ reports:
On March 8, researchers at Cisco Systems Inc. reported an online security flaw that allowed hackers to break into servers around the internet. Cisco urged users to upgrade their systems immediately with a newly issued fix.
EquifaxInc. was among the companies using the flawed software. On Friday, it said its technology experts at the time worked to identify and patch vulnerable systems.
In late July, though, Atlanta-based Equifax discovered suspicious traffic on its system—and found the same security flaw still existed in some areas. The company’s security staff again addressed the problem, according to Equifax, but by then it was too late.
From about mid-May to July 30, hackers ransacked vast troves of information at the credit-reporting company. The breach potentially exposed about 143 million Americans’ personal information, including names, addresses, dates of birth and Social Security numbers. The revelations have shaken the company, as well as confidence in a linchpin of the financial system, and triggered a federal criminal investigation.
Much remains unknown about the hack attack and how it burrowed so deeply inside the company. Investigators, security experts and Equifax itself are focusing on what the company did or didn’t do right in the run-up to the massive intrusion, including the company’s response to the flaw found by Cisco.
Read more here.