Equifax, one of the “big-three” U.S. credit bureaus, reported that a data breach at the company may have affected 143 million Americans, by providing criminals with full names, Social Security numbers, birth dates, addresses, and some drivers’ license numbers: most of the information banks, insurance companies, and other businesses use to confirm the identity of consumers.
Equifax discovered the unauthorized access on July 29, but it took the company more than five weeks to disclose the data loss. In the meantime, an investigation went on to reveal that the attackers were able to break into the company’s systems by exploiting an application vulnerability to gain access to certain files.
According to Equifax, the attack was possible because the company failed to installe patches provided for the Apache Struts Exploit.
To know more on the security breach that affected Equifax, you can read the articles from Ars Technica Why the Equifax breach is very possibly the worst leak of personal info ever and Krebs on Security Breach at Equifax may impact 143M Americans.