Equifax Filing Sheds Light on 2017 Data Breach Carnage

  /     /     /  
Publicated : 22/11/2024   Category : security


Equifax Filing Sheds Light on 2017 Data Breach Carnage


In a new filing with Securities and Exchange Commission, Equifax executives are offering a greater level of detail of the 2017 data breach that affected more than 146 million customers.



The 2017 data breach at Equifax, which affected more than 146 million of the companys customers, is considered one of the largest incidents of its kind. Now, new documents are laying bare how vast the breach actually was.
In response to several congressional investigations about the data breach, Equifax has filed
new paperwork
with the US Securities and Exchange Commission that offers a staggering amount of detail about how many records were exposed last year.
Overall, the company states that 146.6 million customers were affected by the breach.
Equifax initially claimed about 143 million customers were compromised, but that number has steadily risen over the ensuing months.
(Source:
Flickr
)
The original breach occurred when a person or persons took advantage of a known vulnerability in Apache Struts CVE-2017-5638,
according to numerous reports
. The patch was available for this particular flaw but it appears that the company did not update its software.
As a result, millions of records were taken.
The attackers stole consumer records from a number of database tables with different schemas, and the data elements stolen were not consistently labeled, according to the May 7 filing. For example, not every database table contained a field for drivers license number, and for more common elements like first name, one table may have labeled the column containing first name as FIRSTNAME, another may have used USER_FIRST_NAME, and a third may have used FIRST_NM.
Heres how many records were taken:
Names: 146.6 million
Date of Birth: 146.6 million
Social Security Number: 145.5 million
Address: 99 million
Gender: 27.3 million
Phone Number: 20.3 million
Drivers License Number: 17.6 million
Email Address: 1.8 million
Payment Card Number and expiration Date: 209,000
Tax ID: 97,500
Drivers License State: 27,000
In addition to these records, Equifax believes that the attackers also accessed data, specifically images, uploaded through the companys online dispute portal, which affected about 182,000 US customers. These were mainly government-issued documents and included 38,000 drivers licenses, 12,000 Social Security or Taxpayer ID cards, 3,200 passports or passport cards, and 3,000 other records.
The fundamentals of network security are being redefined -- dont get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth annual
Big Communications Event
. Theres still time to register and communications service providers get in free!
The fallout from the breach is continuing.
In March, the SEC, along with the US Attorneys Office for the Northern District of Georgia, charged Equifaxs former US CIO with insider trading and other offenses. Specifically, an indictment charged that Jun Ying knew about the breach and sold his company stock before the incident was made public. (See
Former Equifax CIO Charged With Insider Trading
.)
The Equifax and other data breaches also forced the SEC to update its rules about public disclosures of cybercrimes. (See
Equifax, Intel Help Spur SEC to Update Cybersecurity Regulations
.)
Related posts:
Equifax Taps Former Home Depot Security Chief as New CISO
Equifax Breach Points to Similar Security Concerns – Report
Solving the Problems of an Equifax
Equifax Hacked: Profit Before Protection?
— Scott Ferguson is the managing editor of Light Reading and the editor of
Security Now
. Follow him on Twitter
@sferguson_LR
.

Last News

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Equifax Filing Sheds Light on 2017 Data Breach Carnage