The Wall Street Journal reported that it examined a copy of the company’s bill to the Senate Banking Committee that included the Social Security number, date of birth, address, and first reported driver’s license number – the passport number, first, last, middle Name and suffix, gender, phone number, credit card number with expiry date, and “CV2” security number, email address and tax ID may also have been exposed.
Equifax told the New York Post that although the passport number is listed as a case number, it does not believe that any number was actually taken or exposed.
Some 145.5 million people were affected by Equifax violations, which were officially reported in September 2017, but as early as July 30, the company knew there was a problem. From this date onwards, the public is advised to disclose the information. Equifax hired King & Spalding to handle the online investigation and provide legal advice. In addition, the company contacted the FBI. By August 11, people knew that their personal information was being accessed, and information released on August 15 showed that the information was not only stolen but also stolen.
Last fall, Richard Smith, Equifax’s chief executive and chairman, told the Digital Commerce and Consumer Protection Subcommittee of the House Energy and Commerce Committee that the company was unaware that it was vulnerable to Apache Struts vulnerabilities. Despite being warned and searched and unable to find a problem on their system,
In the prepared speech, Smith said the U.S. CERT notified Equifax on March 8 and notified the security team about the news the next day. According to company policy, these workers have 48 hours to find and fix any problems.
Smith said: “Apache Struts within Equifax was not discovered or patched in response to March 9 notice to the information technology staff.
Other scans run again on March 15, looking for the Apache Struts vulnerability, but it’s empty.
Equifax revealed to a Senate committee in a document that even more personal data than had been originally reported may have been exposed during the massive data breach the credit monitoring company experienced last year…. Engaging post, Read More…
thumbnail courtesy of scmagazine.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »