8/17/2023 0 Comments Equifax settlement statusWhile the failure to update Struts was a key failure, analysis of the breach found further faults in Equifax' system that made it easy for the breach to occur, including the insecure network design which lacked sufficient segmentation, potentially inadequate encryption of personally identifiable information (PII), and ineffective breach detection mechanisms. At least 34 servers in twenty different countries were used at different points during the breach, making tracking the perpetrators difficult. The activities went on for 76 days until Jwhen Equifax discovered the breach and subsequently, by July 30, 2017, shut off the exploit. Using encryption to further mask their searches, the hackers performed more than 9000 scans of the databases, extracted information into small temporary archives that were then transferred off the Equifax servers to avoid detection and removed the temporary archives once complete. The information first pulled by the hackers included internal credentials for Equifax employees, which then allowed the hackers to search the credit monitoring databases under the guise of an authorized user. The hackers used the exploit to gain access to internal servers on Equifax' corporate network. Īs determined through postmortem analysis, the breach at Equifax started on when Equifax had yet to update its credit dispute website with the new version of Struts. Security experts found an unknown hacking group trying to find websites that had failed to update Struts as early as Maas to find a system to exploit. Data breach Ī key security patch for Apache Struts was released on Maafter a security exploit was found and all users of the framework were urged to update immediately. In February 2020, the United States government indicted members of China's People's Liberation Army for hacking into Equifax and plundering sensitive data as part of a massive heist that also included stealing trade secrets, though the Chinese Communist Party denied these claims. In a settlement with the United States Federal Trade Commission, Equifax offered affected users settlement funds and free credit monitoring. Private records of 147.9 million Americans along with 15.2 million British citizens and about 19,000 Canadian citizens were compromised in the breach, making it one of the largest cybercrimes related to identity theft. The Equifax data breach occurred between May and July 2017 at the American credit bureau Equifax.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |