What does Equifax Software Updates have to do with the Equifax breach? EVERYTHING! Credit Bureau Equifax actually allowed Hackers into their system, by NOT timely updating one of their software programs.
To begin with – the number of those affected by the Equifax Breach has been revised upward to 145.5 million, up from 143 million. The social security numbers of more than 60% of the U.S. adult population has been exposed. Mind you, this breach occurred sometime between May and July, 2017, but Equifax didn’t publicly announce it until early September. This gave the bad guys plenty of time to amass all that data and do some serious damage, before most of us were even aware of the breach.
Recently fired Equifax CEO Richard Smith, testified before Congress last week explaining how the company got hacked in the first place. It seems the company failed to update a patch, which would have fixed a security flaw, in a program, called Apache Struts. This security flaw, in the Apache software, is how Hackers were able to steal all that data.
Had Equifax been prompt in updating the program, this epic breach would have been completely avoided!
In March, Apache had issued a patch to fix the problem in their Apache program. The patch was made available for users to update. The patch was available to update two months before the Equifax breach. It is inexcusable for any company that controls huge amounts of sensitive data, to fail to update their software in a timely manner.
CEO Richard Smith told Congress that the “person responsible for updating the software, did not properly do their job”. The fact that only ONE person at Equifax was responsible to handle this job, without any other oversight or backup, is reprehensible!
The important lesson, which should be learned from this story, is to always be sure to update your software. Set these programs to automatically update whenever one becomes available. Setting them to automatically update eliminates the need for you to have to take any specific action yourself. It ensures that you’lll always be operating the most safe-and- secure versions of your software at all times.
Finally, it is most important to discontinue the use of outdated software, which is no longer being updated with the latest security patches. The WannaCry Ransomware attack was easily spread around the world, because so many companies were still using the outdated Windows XP operating system. Microsoft had long ago stopped supporting XP, Vista and other previous software versions with security updates.
Equifax had an obligation to protect the sensitive data of millions of U.S. citizens and failed miserably! The fact that they made such an avoidable mistake is truly frightening! Those affected will have to be constantly vigilant about identity theft – for the rest of their lives.
Read a previous article about Equifax Breach