Apache Struts Security Flaw That Equifax Failed to Patch Responsible for Hack

Getty Images

The Equifax breach has millions of consumers anxious about their personal information being in the hands of criminals.

The vulnerability allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, and was patched in March 2017.

Krebs contacted Equifax about the issue, and the company quickly took the portal offline and launched an investigation.

Sen. Mark Warner, D-Va., had asked the FTC to investigate the Equifax hack and the company's CEO, Richard Smith, has been invited to testify to the House Energy and Commerce Committee. They tumbled to a more than two-year low on Thursday after the company confirmed a fixable web server vulnerability was exploited in the hack, but the stock later recovered somewhat.

The patch would have been time consuming as it involved rebuilding hundreds of apps using the new updated software.

"We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement", the website said. The agency suggests signing up for credit monitoring and identity theft protection.

The majority of America's adult population was affected by the credit bureau's breach.

The data collected by the cyber-thieves contained a trove private information including names, birth dates, Social Security numbers, addresses and driver's licenses of consumers.

Equifax Canada's website says that "only a limited number of Canadians may have been affected" and it is working to find out how many. Equifax Chief Executive Officer Richard Smith, is expected to testify on October 3 before a U.S. House of Representatives panel.

"The Equifax data compromise was due to their failure to install the security updates provided in a timely manner", the Apache Software Foundation said Thursday in a statement on its website. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations'.

"If a company has a data breach, like a Home Depot or whatever, they can sell hammers, nails, wood, whatever and generate revenue", Jeff Dodge, senior vice president of investor relations at Equifax, said at an investor conference in November.

Information of the breach was finally released to the public on September 7, approximately four months after the breach occurred.

More recently, Equifax's cybersecurity has come under fire.

Related news:

Hot News

isis-killer-beheading-video-story-top AL power crews to help restoration efforts in FL
Sep 14, 2017 - 01:02
Scott Froemming, CEO, said the cooperative is working with the Minnesota Rural Electric Association on providing assistance. The Licking-based cooperative said six linemen will assist in clean up and restoration efforts.

isis-killer-beheading-video-story-top German minister urges Air Berlin pilots to drop walkout
Sep 14, 2017 - 00:54
The deadline for offers for the airline is Friday, with the creditors' committee hoping to make a decision on September 21. It prompted the airline to accuse them of sabotaging rescue talks with potential investors.

isis-killer-beheading-video-story-top Family Dies in Volcanic Crater in Italy
Sep 13, 2017 - 00:30
Some witnesses said they were pulled away after the 7-year-old tried to find someone to help his family, the Daily Mail reported . A family of three reportedly died after falling into a volcano crater near Naples, Italy , it was reported this week.

isis-killer-beheading-video-story-top Angelina Jolie Perfected Her Maleficent Voice While Giving Her Kids Baths
Sep 13, 2017 - 00:26
The premiere event was held during the Toronto #International Film Festival, September 10. Jolie is excited about it and said that it will be a really strong sequel.

isis-killer-beheading-video-story-top Police raid in Cairo kills 10 militants
Sep 12, 2017 - 00:37
Egyptian security forces killed 10 suspected militants Sunday in a shootout during a raid on two apartments in central Cairo . At least 26 Egyptian soldiers were killed or wounded on July 7, 2017, in attacks on checkpoints in the Sinai Peninsula .

isis-killer-beheading-video-story-top What to do if Equifax hack hits you?
Sep 12, 2017 - 00:34
When a company tries to fix a security breach , it's never a good sign when consumers feel less secure because of its remedies. You are allowed a free copy once a year from each of the three credit reporting agencies: Equifax , Experian , and TransUnion .

isis-killer-beheading-video-story-top Hillary Clinton says she struggled after election loss, but yoga, wine helped
Sep 11, 2017 - 00:39
Am I the person that people can trust in the end to make hard decisions?' Or do I wheel around and say, 'Get outta my space. Before CBS played the interview, Pauley did disclose that CBS owns the company that was publishing Clinton's book.

isis-killer-beheading-video-story-top Tower Crane Spins As Irma Outer Bands Hit Miami
Sep 11, 2017 - 00:36
He said videos of the collapse posted on social media showed a luffing crane, which lacks a horizontal arm and does not spin. As the city of Miami said in its news release about the risk, "The crane's arm has to remain loose; it is not tied down".

isis-killer-beheading-video-story-top US Open: Kevin Anderson bounces into final
Sep 11, 2017 - 00:34
Spain's 12th-seeded Pablo Carreno Busta , who hasn't dropped a set so far, takes on 28th-seeded South African Kevin Anderson . The No. 28 seed Anderson had been broken only three times in his first 90 service games in the tournament.

isis-killer-beheading-video-story-top Burnley 27/20 to win against Crystal Palace in Sunday's Premier League clash
Sep 11, 2017 - 00:32
Despite an aggressive, improved performance at Turf Moor, Palace host Southampton on Saturday still searching for their first point - and goal - of the campaign.

isis-killer-beheading-video-story-top Tanner Lee: "I'll continue to work and try to get better".
Sep 10, 2017 - 12:52
On the verge of getting embarrassed by the Ducks, Riley did not give an impassioned halftime speech to his troops. Nebraska had only 171 total yards at the end of the first half. "It was just really disappointing".

isis-killer-beheading-video-story-top The Biggest Solar Storm In A Decade Knocked Out Earth's GPS Communications
Sep 08, 2017 - 00:45
If they become too entangled, the stored energy is released in the form of a solar flare . Scientists are still watching to see if a CME is making its way toward the Earth.

isis-killer-beheading-video-story-top Will Oklahoma vs. Ohio State go over 64.5? 9/7/17
Sep 08, 2017 - 00:45
In specific instances, IU identified positive matchups for Cobbs and went to the well often, before OSU adjusted. Not many players have had such an opportunity. "I think with those guys you have to give them a lot of respect".

isis-killer-beheading-video-story-top Disney Plans To Swipe Its Powerful (And Lucrative) Heroes From Netflix
Sep 08, 2017 - 00:42
However, there was still some hope that Netflix would continue to be the post-theatrical home for Star Wars and Marvel movies. This is includes Daredevil , Jessica Jones , Luke Cage , Iron Fist , The Defenders and future Marvel-Netflix properties.

isis-killer-beheading-video-story-top What's what with T-Mobile's 'free' Netflix plan
Sep 07, 2017 - 01:58
To get Netflix for free on your T-Mobile plan, you are required to have at least two or more line active. Chief Executive Officer John Legere announced the offer, an exclusive in the USA , in a video Wednesday.