Equifax on Friday blamed a flaw in the software running its online databases for allowing hackers to steal the personal information of as many as 143 million Americans, according to an article in The Post.
Hackers were able to access the info — including Social Security numbers — because there was a flaw in the open-source software created by the Apache Foundation, the company told Jeffrey Meuler, an analyst at RW Baird & Co. “My understanding is the breach was perpetuated via the Apache STRUTS flaw,” Meuler said an Equifax representative told him about the Apache flaw during a phone call Friday.
STRUTS is a widely available software system that’s used by about 65 percent of Fortune 100 companies, including Lockheed Martin, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot, and Showtime — plus the IRS, according to lgtm, a software development group.
While the company has disclosed that it was breached sometime in May, it has not publicly said how it happened. The company said it discovered the breach in July.
STRUTS has been under attack by hackers since at least March, according to Ars Technica, which has reported on the software’s vulnerability. Apache has put out several patches — or software fixes — for its STRUTS system since March. It’s unclear if the company had patched its systems since then.
Source: New York Post
