Article 32RC3 Massive Equifax hack reportedly started 4 months before it was detected

Massive Equifax hack reportedly started 4 months before it was detected

by
Dan Goodin
from Ars Technica - All content on (#32RC3)
GettyImages-847486100-800x533.jpg

Enlarge / A monitor displays Equifax Inc. signage on the floor of the New York Stock Exchange (NYSE) in New York, US, on Friday, Sept. 15, 2017. (credit: Michael Nagle/Bloomberg via Getty Images)

Hackers behind the massive Equifax data breach began their attack no later than early March, more than four months before company officials discovered the intrusion, according to a report published Wednesday by the Wall Street Journal.

The first evidence of the hackers' "interaction" with the Equifax network occurred on March 10, according to the report, which cited a confidential note that security firm FireEye sent to some Equifax customers. By then, a critical vulnerability in the Apache Struts Web application framework was already under active exploit on the Internet. Equifax officials have said the Struts flaw was the opening that gave attackers an initial hold in the targeted network.

Equifax has said that the breach that exposed sensitive data for as many as 143 million US consumers started on May 13 and lasted until July 30. The company didn't disclose the breach until September 7.

Read 3 remaining paragraphs | Comments

index?i=_oXseZMsihM:AKsCBjHWjCw:V_sGLiPB index?i=_oXseZMsihM:AKsCBjHWjCw:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments