The Equifax breach, attributed to a server flaw disclosed by Cisco researchers that went unpatched, has potentially exposed an estimated 143 million Americans' personal information.
One source suggests a state-sponsored actor is the likely perpetrator, in view of the scale and sophistication of the breach, and the nature of the compromised data.
Cisco in March reported a vulnerability in Apache Struts, a popular open source program for building interactive websites where customers must complete online forms.
Equifax in late July found suspicious network traffic associated with its U.S. online dispute portal Web application, which led to the discovery of the Apache Struts flaw's existence in some areas. However, patching following this discovery was unable to prevent the data theft.
Although much remains unknown about the hack attack, it bears similarities to the attack disclosed last year by Yahoo Inc., and some experts say the bug was known and could have been patched.
From The Wall Street Journal
View Full Article - May Require Paid Subscription
Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA