Equifax blames months-old web server flaw for allowing hack

From CNET

Online Security Concept

Equifax says a vulnerability known publicly since early March allowed hackers to begin stealing personal information on as many as 143 million Americans two months later.


Getty Images

Equifax said Wednesday a months-old but apparently unpatched web server vulnerability allowed the massive data breach that exposed the personal financial information for roughly half the US population.

Equifax said it identified Apache Struts CVE-2017-5638, a flaw that was first identified on March 6, as the hack’s gateway. The company located the problem with the help of an unidentified cybersecurity firm. Patches for the vulnerability were made available less than a week later.

It wasn’t immediately clear why the flaw still existed on Equifax’s servers in mid-May when the massive,…

Read More Here- Equifax blames months-old web server flaw for allowing hack