Equifax has now admitted that the largest cybersecurity data breach in recent memory was caused by Equifax’s failure to install regular patches, or “updates”, on its web software. This basic security measure is taken millions of times per day by individual consumers who allow the App Store to update a favourite iPhone app. For some reason, Equifax chose not to follow this most basic security procedure.
Apache Struts, the company which develops Equifax’s web software, has explained that it instructed Equifax in March, 2017 to update its software to protect against certain vulnerabilities. It would seem that Equifax, for some reason, ignored this instruction. It has since been reported by “good Samaritan” hackers that Equifax’s website coding is riddled with similar vulnerabilities related to outdated software.
Of course, the Equifax breach is made worse by the fact that Equifax holds itself out as a data security expert who is able to protect consumers, in exchange for monthly subscription fees, against data breaches.
Rosenberg Kosakoski LLP
671D Market Hill
Vancouver, British Columbia