Enlarge / A monitor displays Equifax Inc. signage on the floor of the New York Stock Exchange (NYSE) in New York on Friday, September 15, 2017. (credit: Michael Nagle/Bloomberg via Getty Images ) A series of costly delays and crucial errors caused Equifax to remain unprotected for months against one of the most severe Web application vulnerabilities in years, the former CEO for the credit reporting service said in written testimony investigating the massive breach that exposed sensitive data for as many as 143 million US Consumers . Chief among the failures: an Equifax e-mail directing administrators to patch a critical vulnerability in the open source Apache Struts Web application framework went unheeded, despite a two-day deadline to comply. Equifax also waited a week to scan its network for apps that remained vulnerable. Even then, the delayed scan failed to detect that the code-execution flaw still resided in a section of the sprawling Equifax site that allows consumers to dispute information they believe is incorrect. Equifax said last month that the still-unidentified attackers gained an initial hold in the network by exploiting the critical Apache Struts vulnerability . “We at Equifax clearly understood that the collection of American consumer information and data carries with it enormous responsibility to protect that data,” Smith wrote in testimony provided to the US House Subcommittee on Digital Commerce and Consumer Protection . “We did not live up to that responsibility.” Read 6 remaining paragraphs | Comments
Taken from:
A series of delays and major errors led to massive Equifax breach