Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

Showing Original Post only (View all)

steve2470

(37,468 posts)
Fri Sep 15, 2017, 09:12 PM Sep 2017

Missed patch caused Equifax data breach [View all]

https://www.theregister.co.uk/2017/09/14/missed_patch_caused_equifax_data_breach/

Apache Struts was popped, but company had at least TWO MONTHS to fix it (bolding mine)

As the Apache Foundation pointed out earlier this week, it reported CVE-2017-5638 in March 2017. Doubt us? Here's the NIST notification that mentions it as being notified on March 10th.

Equifax was breached in “mid-May” 2017, realised it in July and got around to telling the world in Early September. If we take “mid-May” as the 15th of the month, Equifax had nine working weeks in which to apply the patch.

That its data breach was entirely avoidable is not the end of Equifax's woes, as the new Progress Update also reveals that “Due to the high volume of security freeze requests, we experienced temporary technical difficulties and our system was offline for approximately an hour at 5PM ET on September 13, 2017 to address this issue.”
5 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Fire people FakeNoose Sep 2017 #1
Exactly... Docreed2003 Sep 2017 #3
We put a security freeze... mbusby Sep 2017 #2
A demonstration of failure discntnt_irny_srcsm Sep 2017 #4
+1 nt steve2470 Sep 2017 #5
Latest Discussions»Help & Search»Computer Help and Support»Missed patch caused Equif...»Reply #0