Understanding The Equifax Security Breach


143 Million People Compromised:

Equifax announced last week that a security breach has potentially exposed 143 million people

What Happened?

On Tuesday, Equifax announced a security breach due to an Apache Struts vulnerability. Apache Struts is free, open-source software used to create Java web applications. Several vulnerabilities have been reported and all have been patched but Equifax has yet to say which one started.

If it was due to an older vulnerability, experts believe Equifax should have been aware of it and patched the flaw, as such patches are quickly made available. If it was a new and unknown flaw, it was what is known in the security world as a zero-day.

What is a zero day?

A zero-day means it’s zero days from when anyone knew about it, so no one’s fixed it. Zero-days are worth a large amount of money and can be sold to hackers, to governments and to the companies whose software they are based on for up to $1 million dollars.

How does this affect my business?

Equifax’s current predicament is a warning to all businesses: no one is safe from cyber threats. Equifax prides itself on consumer protection and advocacy; their primary service it credit reporting and monitoring. However, they became victims of cyber crime because of a weak spot. There was something missing in their cyber security. Maybe they didn’t have enough people monitoring their servers. Or perhaps they neglected penetration testing to find digital weaknesses.

It boils down to one thing: their cyber security plan failed. It was not comprehensive enough to prevent this breach. Now Equifax will be spending hundreds of millions of dollars to not only fix the weak spot but repair the damage this breach caused. It doesn’t have to be this way for your business. RSVP for our FREE Cyber Security event to create a plan that will protect your business.

What has Equifax done?

Equifax has been relatively vague about the direct cause of the breach. Whether it was a zero-day vulnerability or older vulnerability, Equifax neglected to identify and patch the source. This resulted in 143 million users’ personal data being put at risk.

In response to this breach, Equifax has created an entire site to help users protect themselves. You can find this site by clicking here.

What can you do to protect yourself?

Unfortunately, in a situation like this, there isn’t much you can do to prevent it. Equifax is directly responsible for this breach, and its effects are far reaching. What can do going forward is:

  1. Monitor your credit report for any newly opened accounts.
  2. Activate a “credit freeze” so that no new accounts can be opened in your name.
  3. Sign up for automatic credit monitoring. Equifax is offering free credit monitoring for those affected.
  4. Attend Datasmith’s FREE Cyber Security event on 10/18. This event will show you how to protect yourself from cyber threats and better understand how situations like this happen.

We are strongly urging our clients and all businesses to check their cyber security immediately to prevent attacks like this. Please call us today to ensure your business is secure.