equifax credit reporting cyberattach data breach

Photo via dennizn/Shutterstock (Licensed)

Equifax reportedly ignored warnings months before catastrophic data breach

Personal data from every customer was left out in the open.


Phillip Tracy

Layer 8

Published Oct 26, 2017   Updated May 22, 2021, 1:09 pm CDT

Equifax was reportedly warned that it was vulnerable to an attack months before a catastrophic breach affected 145 million Americans, according to a report from Motherboard.

The report claims an anonymous researcher looked into Equifax’s servers and websites last year. After just three hours, the researcher was able to access the personal information of every American, including Social Security numbers, birthdays, full names, and city and state of residence.

The researcher told Motherboard that the site looked like an employee portal but could be found by anyone on the internet. It included search fields that pulled up info about all Equifax customers, or about one-third of all Americans. Even more alarming is that the researcher wasn’t using any special equipment.

After downloading the data of hundreds of thousands of Equifax customers as proof, the researcher went to the company to point out holes in its security.

“It should’ve been fixed the moment it was found,” the anonymous researcher told Motherboard. “It would have taken them five minutes, they could’ve just taken the site down. In this case, it was just ‘please take this site down, make it not public.’ That’s all they needed to do.”

Equifax didn’t fix the problem until at least six months later. But it was too late. By that time, a hacker had stolen the personal information of 145 million people. Equifax now faces a string of class-action lawsuits for failing to maintain adequate security safeguards.

Share this article
*First Published: Oct 26, 2017, 1:56 pm CDT