TheBlaze

Equifax could have prevented the data breach two months before it happened

Equifax allegedly had access to a security patch that would have prevented the massive data breach the company announced last week. (KIRILL KUDRYAVTSEV/AFP/Getty Images)

Aaron Colen

Equifax, the credit reporting agency that announced a major data breach last week, had access to the security patch that would have stopped the hackers two months before the breach happened, according to the software company that created the patch.

The timeline

What the experts are saying

The Apache Software Foundation: “The Equifax data compromise was due to (Equifax’s) failure to install the security updates provided in a timely manner.”

Pravin Kothari, CEO, CipherCloud: “They should have patched it as soon as possible, not to exceed a week. A typical bank would have patched this critical vulnerability within a few days.” (USA Today)

Ilia Kolochenko, CEO, High-Tech Bridge: “A majority of large companies have similar challenges, problems and weakness in their cybersecurity. Most companies still fail to maintain a proper application inventory and thus keep critical vulnerabilities unpatched for months,” (USA Today)

How Equifax is handling this

Not particularly well, so far. The company has been overwhelmed by requests by consumers to freeze their credit, which temporarily knocked the system offline Wednesday.

No one with Equifax has yet responded to questions about why the patch wasn’t implemented in March.

“We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement,” the website reads.

It’s also important to remember that three Equifax executives sold millions in shares in the days following the discovery of the breach, months before it became public.

Repercussions