Equifax is paying the price for the carelessness which allowed criminals to gain access to the personal information of more than 143 million Americans. It is currently faced with a massive class action lawsuit, has spurred debate on its fate among legislators, and has lost more than a third of its stock price. Legislators are also considering a law to protect consumers and punish those organizations that are careless with the private information of their customers.
The effect of this particular data breach is far-reaching, considering the wealth of information now possibly in the hands of criminals.
It is even more troubling to learn than the company believes the leak is the result of a vulnerability in web server software that had not been patched – months after a fix was released. Unbelievable.
“Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted,” said Equifax on Wednesday.
“We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.”
The actions of three Equifax executives who sold nearly $2 million worth of company stock within days of learning about the breach has also stoked the anger of those affected by the breach. Dozens of incensed senators have called for a probe of the stock sales by these executives.