Equifax Blames Hack On Patched Vulnerability

[Guest]

The vulnerability in question, Apache Struts CVE-2017-5638, was patched in March. The breach started in May.

Equifax Blames Hack On Patched Vulnerability : Read more

 

[ubercake]

This is unbelievable and pure negligence from one of three bureaus that control your access to resources both in the public and private sectors (not just monetary).

They need to be held accountable and the U.S. government needs to provide its citizens with a way to identify themselves without a Social Security Number:
https://petitions.whitehouse.gov/petition/equifax-data-breach-and-social-security-numbers-what-government-doing-protect-143-million-citizens

 

[humorific]

What really needs to be done is to put in place a system to eliminate the SSN altogether. If it hasn't been exposed by now, it eventually will be. It's too late to secure this archaic ID.I propose a public/private rolling key. You provide a "new" SSN to a requestor. Then you would take both that SSN and your private PIN (which you can change) to generate a new SSN to provide for the next requestor. It doesn't guarantee your info wouldn't be lost, but you would be in control of it and would be able to track down who leaked it.

 

[Josh_killaknott27]

Nobody trades equifax shares in that large of margins mere three days after a massive breech only to wait 40 days before actually reporting it. The three executives in question should be tried and convicted to the strictest of standard. Preferably life in prison as there are far more that get away with ruining our economy on the pretext of personal gain.