Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, said: "Given how often flaws of this nature are discovered, it's therefore not a huge surprise that an exploit of a vulnerability was the entry point for the Equifax breach".
Shares of the company's stock plummeted from 142.72 on September 7, when the hack was announced, to 98.99 at close of trading yesterday. "However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach", spokesman Peter Kaplan said in a brief email statement. Since Equifax announced the breach last week, the Attorney General's office has received a number of calls from concerned Arkansans - and hopes more will do the same.
The Federal Trade Commission says scammers are calling people up claiming to be from Equifax and asking to verify account information.
The Apache software is widely used by companies to help build websites. The vulnerability was Apache Struts CVE-2017-5638. Since the company is holding off the details of its investigation, security experts believe that the attack possibly happened after the patch was made available since it was then widely distributed and publicized.
Credit agencies Experian and annualcreditreport.com also rely on Apache Struts.
Deir Ezzor City Slowly Returning to Normalcy after Terror Siege
The latest air raids hit the IS-held village of Al-Khrayta, 14 kilometres (nine miles) outside Deir Ezzor city. Moscow intervened in Syria in September 2015 in support of its ally President Bashar al-Assad.
Warner said in a letter to the FTC that Equifax's lapses in security and methods of handling customers' inquiries "may potentially represent a systemic failure by firms now incentivized to collect and store highly sensitive identification and financial data for Americans". But a delay of several months to remove a high-priority vulnerability is generally considered a risky security practice. "It is easy to Monday-morning quarterback and say, 'Why didn't you patch?' The pragmatic reality for many organizations is that patching doesn't occur as quickly as one would like".
Shares of Equifax have lost almost a third of their value in the week since the breach was disclosed.
More recently, Equifax's cybersecurity has come under fire. While firms usually act within hours or days after an announcement, some companies don't patch for years, he said.
Beware of email and telephone scams related to the data breach. In a statement, the credit giant said a web server vulnerability in Apache Struts that was reported and patched several months ago was responsible for the data breach. "So data security and how we go about ensuring that is something we spend a lot of time and effort on".