Equifax reveals full horror of that monstrous cyber-heist of its servers


Your daily selection of the hottest trending tech news!

According to The Register – Security

Equifax has published yet more details on the personal records and sensitive information stolen by miscreants after they hacked its databases in 2017.

The good news: the number of individuals affected by the network intrusion hasn’t increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant’s ongoing audit of the security breach.

In February, in response to questions from US Senator Elizabeth Warren (D-MA), Equifax agreed that card expiry dates and tax IDs could have been among the siphoned data, but it hadn’t yet worked out how many people were affected.

Doh image via Shutterstock

Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

READ MORE

Late last week, the company gave the numbers in letters to the various US congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America’s financial watchdog.

As well as the – take a breath – 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers’ licenses and 3,200 passport details lifted, too.

The further details emerged after Mandiant’s investigators helped “standardise certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen.”

The extra data elements, the company said, didn’t involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.

The cyber-break-in occurred because Equifax ran an unpatched and therefore insecure version of Apache Struts, something it blamed on a single employee.

At February’s RSA conference in San Francisco, Derek Weeks of Sonatype claimed “thousands” of companies continued to download vulnerable versions of Struts (video below). ®

Youtube Video

Sponsored:
Minds Mastering Machines – Call for papers now open

Read more…

  • Got any news, tips or want to contact us directly? Feel free to email us: esistme@gmail.com. Also subscribe now to receive daily or weekly posts.

__

This article and images were originally posted on [The Register – Security] May 7, 2018 at 11:00PM. Credit to Author and The Register – Security | ESIST.T>G>S Recommended Articles Of The Day

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s