Equifax Hack Resulted from Failure to Patch Web Development Framework

By HTMLGoodies Staff


Building the Right Environment to Support AI, Machine Learning and Deep Learning

Credit report provider Equifax has revealed more details about the cause of the data breach that exposed personal information for up to 143 million Americans. The company said that attackers exploited its website through a vulnerability in the Apache Struts web development framework. Specifically, the attackers used a known vulnerability called CVE-2017-5638.

A fix for the security bug first became available March 10 and was later updated. Equifax had not yet applied the patch in mid-May when unauthorized access of its systems began. The company discovered the intrusion July 29 but though it was "limited," its CEO said.

"We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again," Equifax CEO Richard F. Smith said. "We will make changes and continue to strengthen our defenses against cyber crimes."

View article

Make a Comment

Loading Comments...

  • Web Development Newsletter Signup

    Invalid email
    You have successfuly registered to our newsletter.

    By submitting your information, you agree that htmlgoodies.com may send you HTMLGOODIES offers via email, phone and text message, as well as email offers about other products and services that HTMLGOODIES believes may be of interest to you. HTMLGOODIES will process your information in accordance with the Quinstreet Privacy Policy.

Thanks for your registration, follow us on our social networks to keep up-to-date