Honolulu Star-Advertiser

Friday, December 13, 2024 81° Today's Paper


Business BreakingTop News

Report: Hackers were snooping inside Equifax as of March

ASSOCIATED PRESS

Signage at the corporate headquarters of Equifax Inc. in Atlanta, as seen in July 2012. A Wall Street Journal report says that hackers broke into Equifax’s computer systems in March 2017, giving them time to probe vulnerabilities and eventually gain access to the data of 143 million Americans.

Hackers broke into Equifax’s computer systems in March, two months earlier than the company had previously disclosed, according to a Wall Street Journal report.

That gave the intruders months to probe vulnerabilities and eventually gain access to the data of 143 million Americans. The Journal cited a report from the Mandiant unit of security firm FireEye that was sent to some Equifax customers this week.

The breach on March 10 came two days after security researchers at Cisco Systems warned of a flaw in an open-source software package called Apache Struts. One expert told the Journal that hackers probably found the Equifax server by “spamming” the internet for computers with that flaw.

The attackers then essentially cased the Equifax system for several weeks, the Journal reported. They eventually gained access to Equifax usernames and passwords, as well as “documents and sensitive information stored in databases, between May and late July, according to the Mandiant report, according to the Journal.

In an update last Friday, Equifax said only that hackers gained access to “certain files containing personal information” between May 13 and July 30. It did not mention earlier activity.

An Equifax spokesperson contacted by email said the company’s investigation found that someone had “interacted” with the company’s server on March 10. But the representative characterized that as “part of a common pattern of probing of systems on the Internet to find vulnerabilities.” There was no evidence that this probing was related to the more serious compromise of sensitive information, the spokesperson said.

“This is completely consistent with what Equifax has previously released” on the subject, the company representative said.

A spokeswoman for FireEye declined to comment.

By participating in online discussions you acknowledge that you have agreed to the Terms of Service. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. If your comments are inappropriate, you may be banned from posting. Report comments if you believe they do not follow our guidelines. Having trouble with comments? Learn more here.