430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Security breach suffered by credit bureau Equifax has cost $1.4 Billion

Equifax revealed its earnings release related to the security breach suffered in 2017, the incident has cost about $1.4 billion plus legal fees. Equifax revealed this week its earnings release related to the security breach suffered by the credit bureau back in 2017, the incident has cost about $1.4 billion plus legal fees. In 2017 Equifax confirmed it has suffered […]

Equifax data breach

Equifax revealed its earnings release related to the security breach suffered in 2017, the incident has cost about $1.4 billion plus legal fees.

Equifax revealed this week its earnings release related to the security breach suffered by the credit bureau back in 2017, the incident has cost about $1.4 billion plus legal fees.

Equifax data breach

In 2017 Equifax confirmed it has suffered a massive data breach, cyber criminals stole sensitive personal records of 145 million belonging to US citizens and hundreds of thousands Canada and in the UK.

Attackers exploited the CVE-2017-5638 Apache Struts vulnerability. The vulnerability affects the Jakarta Multipart parser upload function in Apache and could be exploited by an attacker to make a maliciously crafted request to an Apache web server.

The vulnerability was fixed back in March 2017, but the company did not update its systems, the thesis was also reported by an Apache spokeswoman to the Reuters agency.

Compromised records included names, social security numbers, birth dates, home addresses, credit-score dispute forms, and for some users also the credit card numbers and driver license numbers.

In March 2018, experts argued the Equifax hack is worse than previously thought, according to documents provided by Equifax to the US Senate Banking Committee the attackers also stole taxpayer identification numbers, phone numbers, email addresses, and credit card expiry dates belonging to some Equifax customers.

A few weeks later the results of the forensic investigation revealed additional 2.4 Million identities were involved in the security incident.

Chief Executive Mark Begor confirmed that Equifax reached settlement agreements recently with some of the class action lawsuits and government investigators.

“This is a positive step forward for Equifax, as we work to put the 2017 cybersecurity event behind us,” he explained.

According to Begor, the settlement terms include the creation of a single “consumer redress fund” to respond and consolidate redress requests.

“There are still many other lawsuits outstanding.” reported the website Wabe.org. “The company has said hundreds of suits were filed against it since the breach, including more than 2,500 individual consumer plaintiffs, international and domestic class action suits, shareholder litigation and government lawsuits from states and cities.”

In June 2018, Equifax agreed to the Consent Order from some state banking regulators, many governmental agencies and officials are still investigating the breach.

“The company said earlier this year that the Consumer Financial Protection Bureau and Federal Trade Commission had told Equifax the agencies do “intend to seek injunctive relief damages and, with respect to the CFPB, civil money penalties against us based on allegations related to the 2017 cybersecurity incident.”” continues the Wabe site.

Expert believe that Equifax must be punished with exemplary penalties that have to incentivize the credit bureaus to protect consumer data.

“Equifax still hasn’t paid a price two years after losing the financial DNA of 150 million Americans,” said Mike Lit, a national campaign director at the consumer advocate, U.S. Public Interest Research Group. “That’s why we need strong oversight and meaningful financial penalties to incentivize the credit bureaus to protect our data.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Equifax, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]