Sign In

Communications of the ACM

ACM TechNews

Inside the Equifax Hack


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Equifax headquarters in Atlanta.

The Equifax breach has potentially exposed an estimated 143 million Americans' personal information.

Credit: Rhona Wise/EPA/Shutterstock

The Equifax breach, attributed to a server flaw disclosed by Cisco researchers that went unpatched, has potentially exposed an estimated 143 million Americans' personal information.

One source suggests a state-sponsored actor is the likely perpetrator, in view of the scale and sophistication of the breach, and the nature of the compromised data.

Cisco in March reported a vulnerability in Apache Struts, a popular open source program for building interactive websites where customers must complete online forms.

Equifax in late July found suspicious network traffic associated with its U.S. online dispute portal Web application, which led to the discovery of the Apache Struts flaw's existence in some areas. However, patching following this discovery was unable to prevent the data theft.

Although much remains unknown about the hack attack, it bears similarities to the attack disclosed last year by Yahoo Inc., and some experts say the bug was known and could have been patched.

From The Wall Street Journal
View Full Article - May Require Paid Subscription

 

Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account