Equifax is paying the price for the carelessness which allowed criminals to gain access to the personal information of more than 143 million Americans. It is currently faced with a massive class action lawsuit, has spurred debate on its fate among legislators, and has lost more than a third of its stock price. Legislators are also considering a law to protect consumers and punish those organizations that are careless with the private information of their customers.
The effect of this particular data breach is far-reaching, considering the wealth of information now possibly in the hands of criminals.
It is even more troubling to learn than the company believes the leak is the result of a vulnerability in web server software that had not been patched – months after a fix was released. Unbelievable.
“Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted,” said Equifax on Wednesday.
“We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.”
Speechless.
The actions of three Equifax executives who sold nearly $2 million worth of company stock within days of learning about the breach has also stoked the anger of those affected by the breach. Dozens of incensed senators have called for a probe of the stock sales by these executives.