Equifax’s May Mega-Breach May Trace to March Hack

Intrusion Eyed as Beachhead for Theft of 143 Million US Consumers’ Data

Hackers responsible for the mega-breach at Equifax may not have penetrated its systems in May, as the credit bureau previously stated, but rather in March, after which they roamed through the companies’ systems, undetected for four months.

“Our investigation determined that an actor interacted with our server on March 10, 2017, as part of a common pattern of probing of systems on the internet to find vulnerabilities, which Equifax like other companies face repeatedly every day,” an Equifax spokeswoman tells Information Security Media Group.

“In this case, the actor issued a ‘whoami’ command,” she says, referring to a Unix command that in this case would have revealed the username attached to a compromised account.

Equifax had previously disclosed that it discovered the breach on July 29, and that the intrusion was blocked – and the vulnerability in its Apache Struts web application framework patched – the next day. Shortly thereafter, it hired FireEye’s Mandiant incident response group to investigate (seeĀ Equifax’s Colossal Error: Not Patching Apache Struts Flaw).

Equifax last week said that it “believes the unauthorized accesses to certain files containing personal information” ran from May 13 to July 30.

The hack of Equifax resulted in one of the biggest breaches ever seen of personal data on U.S. consumers. The FBI is investigating the breach, while the Federal Trade Commission is investigating Equifax itself, and the Securities and Exchange Commission has launched an insider trading probe after three executives sold stock collectively worth about $2 million follow the breach, but before Equifax revealed it publicly.

On Sept. 7, Equifax issued it first public notification about the breach. According to the most recently released details, 143 million U.S. consumers’ names, Social Security numbers, birthdates, addresses – and in some instances driver’s license numbers – were exposed, as well as 209,000 of their credit card numbers and additional personal information relating to 182,000 consumers. Numerous British and Canadian consumers were also affected.

Continue reading…