Report Indicates Hackers Were Snooping Inside Equifax as Early as March
Hackers broke into Equifax’s computer systems in March, two months earlier than the company had previously disclosed, according to a Wall Street Journal report .
That gave the intruders months to probe vulnerabilities and eventually gain access to the data of 143 million Americans. The Journal cited a report from the Mandiant unit of security firm FireEye that was sent to some Equifax customers this week.
The breach on March 10 came two days after security researchers at Cisco Systems warned of a flaw in an open-source software package called Apache Struts. One expert told the Journal that hackers probably found the Equifax server by “spamming” the internet for computers with that flaw.
The attackers then essentially cased the Equifax system for several weeks, the Journal reported. They eventually gained access to Equifax usernames and passwords, as well as “documents and sensitive information stored in databases, between May and late July, according to the Mandiant report, according to the Journal.
In an update last Friday , Equifax said only that hackers gained access to “certain files containing personal information” between May 13 and July 30. It did not mention earlier activity.
An Equifax spokesperson contacted by email said the company’s investigation found that someone had “interacted” with the company’s server on March 10. But the representative characterized that as “part of a common pattern of probing of systems on the Internet to find vulnerabilities.” There was no evidence that this probing was related to the more serious compromise of sensitive information, the spokesperson said.
“This is completely consistent with what Equifax has previously released” on the subject, the company representative said.
A spokeswoman for FireEye declined to comment.
- EVs Head for Junkyard as Mechanic Shortage Inflates Repair Costs
- Jury Awards $80M to 3 Former Zurich NA Employees for Wrongful Termination
- California Chiropractor Sentenced to 54 Years for $150M Workers’ Comp Scheme
- Zurich, Philadelphia, Others Ordered to Pay $345M to Cover Abuse Charges at Georgia School
- Millions of Recalled Hyundai and Kia Vehicles, With Dangerous Defect, Remain on Road
- CoreLogic Report Probes Evolving Severe Convective Storm Risk Landscape
- Report: Vehicle Complexity, Labor ‘Reshaping’ Auto Insurance and Collision Repair
- Poll: Consumers OK with AI in P/C Insurance, but Not So Much for Claims and Underwriting