Equifax hack a result of months lag installing vital security patch

By Eric DuVall

Sept. 15 (UPI) -- The Equifax data breach affecting 143 million Americans happened because the company failed to install a security patch in computer code, a vulnerability industry experts identified months prior to the hack.

The glitch was part of a common cybersecurity software program called Apache. A nonprofit security firm identified the vulnerability and published a fix that closed the loophole.


Experts told USA Today that major financial institutions that use the software should have installed the patch within a matter of days after it was publicized in March.

The Equifax hack, which exploited the vulnerability, did not happen until May.

"They should have patched it as soon as possible, not to exceed a week. A typical bank would have patched this critical vulnerability within a few days," said Pravin Kothari, CEO of CipherCloud, a cloud security company.

As a result, the credit rating agency left the Social Security numbers and home addresses of 143 million customers vulnerable to theft. Those two pieces of information alone leave individuals at risk of identity theft and other forms of online fraud.

On Thursday, the Federal Trade Commission, one of two agencies with regulatory oversight responsibilities for Equifax, took the unusual step of announcing it is investigating the company. The FBI is also undertaking a criminal investigation into what could turn into the largest cyber theft case in U.S. history.


Latest Headlines