Phew! Where do I start?
I am pretty sure that by now majority of the population knows about the Equifax hacks that the company announced on September 7, 2017. According to their website, it could potentially impact 143 million consumers in the US. That is close to half of the entire country’s population. Equifax is one of the major credit report bureaus along with TransUnion and Experian.
This hack happened because the attackers took advantage of a vulnerability called CVE-2017-5638 in the Apache Strut framework. Apache Strut is a web application framework that Equifax uses to support their online dispute web portal. It is used to build Java-based web applications. The company hired a cyber security analysis firm called Mandiant, which is owned by Fireeye. When they found which vulnerability resulted in this hack, they realized that the said issue had been patched on March 7, 2017, the same day it was announced. So, the hack was a result of Equifax not installing their security updates in a timely manner.
Equifax, to mitigate some of the backlash that it would get from its consumers, created a page that enabled consumers to check if their confidential data was affected and enroll in free credit monitoring and identity theft protection for one year. However, adding further salt to their open wounds, they were publishing a fake phishing version of the website that they had created for the credit monitoring. Nick Sweeting, a software engineer who wanted to highlight the dangers of phishing attacks, said “As it stands, their site is dangerously easy to impersonate, it only took me 20 minutes to build my clone,” He also added, “I can guarantee there are real malicious phishing versions already out there.”
Equifax has since taken down the incorrect website. I would recommend everyone in the US (as well as the UK and Canada) to go to the website www.equifaxsecurity2017.com and check whether they have been affected or not.
The ideal thing to do right now would be to freeze your credit card accounts but that would be inconvenient. Hence, I would advice everyone affected to monitor their credit card and other bank accounts closely. Since the attackers have not been found till now and all breached data is sitting in someone’s personal computer/server, there is a possibility of identity theft even after a month, several months or even several years. The effects of this breach would be felt for a long time.
Very nicely written, very informative. Can it be applicable to countries other then US, Canada and UK?
No. Equifax only works in US, Canada and UK. All other countries do not have to worry about the hack. This is verified by the company itself.
Knowledgeable information keep it up God bless you dear