Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 13 MINUTES AGO.
You are here: Home / Data Security / Report: Equifax Ignored Warnings
Researcher Says Equifax Ignored Data Breach Warnings
Researcher Says Equifax Ignored Data Breach Warnings
By Ethan Baron Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
OCTOBER
29
2017
Months before the historic data breach of credit-reporting titan Equifax that saw criminal hackers steal private personal data of nearly half the U.S. population, the company was warned it was open to such an attack, according to a new report.

It had taken just three hours for a security researcher probing Equifax's systems to find a vulnerability that exposed the personal data of millions of Americans and the credit card numbers of more than 200,000, according to the report.

This, the researcher said, was six months before the data breach in which the most private and highly valued personal data -- including names, Social Security numbers, addresses and dates of birth -- of more than 145 million Americans was stolen.

The researcher accessed the data through an Equifax website that was "completely exposed to anyone on the internet," according to the report in tech site Motherboard.

"It displayed several search fields, and anyone--with no authentication whatsoever--could force the site to display the personal data of Equifax's customers," according to the researcher.

The researcher, who was not named out of professional concerns, said they could've downloaded the data of every Equifax customer in 10 minutes, according to Motherboard.

"I've seen a lot of bad things, but not this bad," the researcher told the site. "I definitely think I'm not the only one who found it."

Motherboard said it had been shown multiple sets of the data that was accessed.

Equifax did not immediately respond to a request from this news organization for comment. It told Motherboard it did not speak publicly about internal security operations.

After finding the problem in December, the researcher warned Equifax immediately, providing downloaded data of hundreds of thousands of Americans as evidence of the company's system flaws, Motherboard reported Oct. 26.

"It should've been fixed the moment it was found," the researcher reportedly told the tech website. "It would have taken them five minutes."

Instead, it took six months for Equifax to patch the vulnerability, Motherboard reported.

The company has said it believes the hackers were in its systems from May 13 through July 30. It didn't fix the problem identified by the researcher until June, according to Motherboard.

It's not clear whether the identified vulnerability, or other openings, were exploited by the hackers, but the researcher believes there were "maybe dozens" of breaches to Equifax's databases.

© 2017 San Jose Mercury News under contract with NewsEdge/Acquire Media. All rights reserved.

Image credit: iStock/Artist's concept.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.