Hackers behind the mega-breach at Equifax stole data in May, but they - or other attackers - penetrated the credit bureau's systems in March, exploiting a vulnerability for which Apache Struts had issued a patch, just four days prior.
Equifax is disputing Bloomberg's report that it suffered an undisclosed data breach, discovered in March, that predates the massive breach that began in May. Instead, Equifax says the March incident involved its payroll service and that it notified all victims and required regulators.
Equifax made an error that led to one of the largest and most sensitive data breaches of all time, and the mistake was elementary: The credit bureau failed to patch a vulnerability in Apache Struts - a web application development framework - in a timely manner.
Equifax has a new problem on its hands: Argentina. Investigators with security consultancy Hold Security discovered that Equifax's Argentina website exposed national identity numbers for at least 14,000 citizens. But the information exposure may be far more extensive.
What do you do if you're the CEO of a credit bureau that's suffered a massive breach, leading to Congressional probes, dozens of lawsuits, formal investigations by state attorneys general and calls for your resignation? Answer: Issue an apology via USA Today.
In the wake Equifax saying hackers may have stolen 143 million consumers' personal details, the company is already facing sharp questions over the robustness of its security defenses as well as reports that three executives sold stock after the breach was discovered, but before the news became public.
The Equifax breach revealed on Thursday is more significant that other mega-breaches because of the nature of the data that was potentially exposed, says cybersecurity attorney Imran Ahmad. He'll be a featured speaker at ISMG's Toronto Fraud & Breach Prevention Summit on Tuesday.
Credit reporting agency Equifax said Thursday a web application flaw exposed 143 million U.S. consumers' records to hackers, a startling breach from a company that ironically offers services to protect consumers from identity theft.
Instagram is warning that more users were affected by a hack of its systems than it first suspected. While email addresses - and some phone numbers - for celebrities, including Emma Watson and Lady Gaga, appear to have been compromised, 6 million account holders in total may have been affected.
Delaware has become the second state - the first was Connecticut - to require organizations to provide residents one year of free credit monitoring services if their sensitive personal information is compromised in a data breach. Will other states take similar action?
Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.
The federal tally that lists major health data breaches has hit a new milestone: More than 2,000 breaches have been reported since September 2009. And the tally shows a significant shift in the kinds of breaches being reported.
Hackers have struck Hollywood again, claiming HBO as their latest victim. So far, some unaired programming has been leaked online, as have details relating to a forthcoming "Game of Thrones" episode - but no actual episodes.
A look by DataBreachToday Executive Editor Mathew J. Schwartz at the human element behind malware leads the latest edition of the ISMG Security Report. Also, changes in the U.S. government's healthcare breach reporting website known as the "Wall of Shame."