Equifax’s troubles deepen amid new disclosure about breach
NEW YORK — Credit agency Equifax traced the theft of sensitive information about 143 million Americans to a software flaw that could have been fixed well before the burglary occurred, further undermining its credibility as the guardian of personal data that can easily be used for identity theft.
Equifax identified a weakness in an opensource software package called Apache Struts as the technological crack that allowed hackers to heist Social Security numbers, birthdates, addresses and full legal names from a massive database maintained primarily for lenders.
SECURITY FOR DUMMIES
The disclosure, made late Wednesday, cast the company’s damaging security lapse in an even harsher light. The software problem was detected in March and a recommended software patch was released shortly afterward. Equifax said the database intrusion began in May and continued until July.
Security experts said Equifax had more than enough opportunity to block intruders by sealing the security hole. “There is no excuse for not following basic cybersecurity hygiene,” said Nate Fick, CEO of the security firm Endgame. “Some heads should definitely roll for this; it’s only a question of how many.”
The company didn’t respond to inquiries on Thursday.
Equifax already was under fire for not disclosing the break-in until Sept. 7 — nearly six weeks after the company discovered it— as well as for its handling of consumer inquiries about their exposure whether their personal information had been compromised and how they could protect their identities.
THE ENRON COMPARISON
On Thursday, Sen. Charles Schumer, D-New York, called for the resignations of CEO Richard Smith and Equifax’s entire board of directors unless the company offers consumers more comprehensive identity-theft protection for the next decade. So far, Equifax is merely offering free credit monitoring for a year. It’s also temporarily waiving fees for people who freeze their credit records to prevent identity thieves from defrauding them.
“What has transpired over the past several months is one of the most egregious examples of corporate malfeasance since Enron,” Schumer said, invoking the name of a notorious company that eventually went bankrupt.