Equifax data breach – Jul 29, 2017
Equifax, one of the largest credit bureaus in the US, said on Sept. 7, 2017 that an application vulnerability in one of their websites led to a data breach that exposed about 147.9 million consumers. The breach was discovered on July 29, but the company says that it likely started in mid-May. The breach compromised the personal information (including Social Security numbers, birth dates, addresses, and in some cases drivers’ license numbers) of 143 million consumers; 209,000 consumers also had their credit card data exposed. That number was raised to 147.9 million in October 2017.
Equifax was faulted for a number of security and response lapses. Chief among them was that the application vulnerability that allowed the attackers access was unpatched. Inadequate system segmentation made lateral movement easy for the attackers. Equifax was also slow to report the breach.