Equifax said late Wednesday that it had identified the cyber route through which hackers accessed the personal data of up to 143 million Americans.
Equifax said late Wednesday that it had identified the exact cyber route through which hackers accessed the personal data of up to 143 million Americans.
The company said criminals had breached its systems by exploiting a hole in an open-source tool for creating web applications called Apache Struts.
The specific vulnerability identified by Equifax — called Apache Struts CVE-2017-5638 — was first identified by federal officials on March 10, though it was later modified, according to the National Vulnerability Database .
„We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement, “ Equifax said.
The company also indicated that it had not had determined the full impact of the breach.
„Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted, “ the company said.
Experts say the information potentially stolen by the hackers, including Social Security numbers, dates of birth and names, could put people at risk of identity theft for the rest of their lives.
Equifax CEO Richard F. Smith apologized Tuesday in a USA TODAY op-ed and said that the company initially „thought the intrusion was limited“ after discovering it on July 29.
The company offered consumers free credit monitoring and identity theft insurance.
„We are devoting extraordinary resources to make sure this kind of incident doesn’ t happen again, “ Smith said. „We will make changes and continue to strengthen our defenses against cyber crimes.“
Follow USA TODAY reporter Nathan Bomey on Twitter @ NathanBomey .
