Tags: equifax | hack | security | breach | stock | price | shares

Equifax Falls After Identifying Flaw Hackers Exploited in Breach

Equifax Falls After Identifying Flaw Hackers Exploited in Breach
Mike-Stewart/AP

Thursday, 14 September 2017 09:19 AM EDT

Equifax Inc. dropped in early trading after specifying which software vulnerability hackers exploited to steal data on 143 million U.S. consumers, pointing to a flaw that computer security experts had flagged publicly early this year.

“The vulnerability was Apache Struts CVE-2017-5638,” the company said in a frequently-asked-questions section of a website it set up to help people affected.

The computer security community has been abuzz for days, trying to pinpoint how hackers broke in and how Equifax could’ve headed off the attack. The Apache Software Foundation, which oversees the open-source software, had issued a patch in March for the flaw Equifax blamed.

Equifax slipped 1.5 percent to $97.55 at 8:39 a.m. in New York. The stock has dropped 31 percent since the company announced last week that hackers accessed sensitive data including Social Security numbers. Shares of Experian Plc, which trade in London, dropped as much as 6.4 percent on Thursday.

Apache Struts

The vulnerability was a critical weakness for many large websites that were built using the software. While many companies don’t apply software patches immediately, out of concern of breaking existing code, a delay of several months to remove a high-priority vulnerability is generally considered a dangerous security practice. Atlanta-based Equifax said it discovered the breach on July 29 and that it had been occurring since mid-May. The company hasn’t specified when it sought to patch the flaw.

Rene Gielen, vice president at the Apache Software Foundation, said in an email Thursday that the group doesn’t have reliable information on how long it takes companies to apply patches for vulnerabilities. While firms usually act within hours or days after an announcement, some companies don’t patch for years, he said.

In announcing the incident on Sept. 7, the company initially blamed a “website application” that it didn’t identify. After reports pointed to an issue with Apache Struts, a spokeswoman for the foundation told Reuters that Equifax apparently hadn’t fixed flaws discovered earlier in the year.

Equifax’s latest disclosure may help put such speculation to rest. Still, questions will probably linger in the computer security community over why such broad, sensitive information was available to attackers who essentially entered through the open internet.

© Copyright 2024 Bloomberg News. All rights reserved.


StreetTalk
Equifax Inc. dropped in early trading after specifying which software vulnerability hackers exploited to steal data on 143 million U.S. consumers, pointing to a flaw that computer security experts had flagged publicly early this year."The vulnerability was Apache Struts...
equifax, hack, security, breach, stock, price, shares
363
2017-19-14
Thursday, 14 September 2017 09:19 AM
Newsmax Media, Inc.

Sign up for Newsmax’s Daily Newsletter

Receive breaking news and original analysis - sent right to your inbox.

(Optional for Local News)
Privacy: We never share your email address.
Join the Newsmax Community
Read and Post Comments
Please review Community Guidelines before posting a comment.
 
Get Newsmax Text Alerts
TOP

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
MONEYNEWS.COM
© Newsmax Media, Inc.
All Rights Reserved
NEWSMAX.COM
MONEYNEWS.COM
© Newsmax Media, Inc.
All Rights Reserved