Welp, the saga continues. After about a week’s worth of news damaging the company name, it surfaced this morning that Equifax waited months before finally admitting to having to fix a widely known vulnerability in its security software which enabled hackers to compromise the personal information of as many as 143 million US consumers.
“We know that criminals exploited a US website application vulnerability,” the company said in a blog post late Wednesday, confirming that the flaw had affected its open-source software, called Apache Struts.
The New York Post first reported on Friday that Equifax privately told analysts that hackers were able to break into their systems via a vulnerability in Apache Struts.
Separately Thursday, the Federal Trade Commission said it has opened an investigation into the Equifax data breach, a rare public disclosure that sent shares tumbling to their lowest in more than two years.
“The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” spokesman Peter Kaplan said in a brief email statement.
Equifax’s stock dropped another 9 percent on Thursday morning to $90.60, down from $142 before the hack was announced.
Equifax was hacked starting in May until July 29, when it was discovered by the company, according to a public statement from credit bureau.
On Wednesday, Equifax confirmed that the specific vulnerability dates back to March.
Apache had made multiple patches, or fixes, available to its customers for free after discovering security problems six months ago — raising the possibility that the hack could have been prevented if Equifax had just downloaded the patch in March.
Apache hasn’t commented on the hack.
The company likewise faces a class-action lawsuit that threatens to put the company out of business, as well as multiple investigations from states including New York and Massachusetts. Equifax’s CEO Richard Smith has been called to testify before Congress on Oct 3.
Again, we stress that if you have been affected in any way by Equifax’s wrongdoing that you contact us immediately. We can be reached through our online complaint portal, or directly via email at ConsiderTheConsumer@gmail.com. Don’t hesitate, as the harsh reality of the situation shows that this is only getting worse before it gets better. Stay protected, and get the help you need!