FTC Probes Equifax Data Breach as U.S. Consumers Jam Phones, Websites
The Federal trade Commission announced today they are launching an investigation into the recent hack of Equifax servers that led to the theft of personal information of over 143 million Americans.
The announcement is an unusual move for FTC as they do not usually announce investigations but they were forced to make the announcement after receiving numerous complaint calls and messages from alarmed Americans whose information may have been compromised.
“The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” Peter Kaplan, acting director of public affairs for FTC said.
This probe underscores how seriously the Federal Trade Commission is taking this major data breach at Equifax.
According to Equifax, hackers stole consumers’ personal and confidential information including Full Names, Addresses, Mortgages, Rent Information, Loan Information, Social Security Numbers (SSNs), Drivers’ Licenses and more.
Cyber security experts said the breach was due to the failure of Equifax to apply a simple software update and Equifax confirmed last week that the criminals exploited its website application vulnerability.
“We know that criminals exploited a U.S. website application vulnerability,” Equifax said in an update on its website Wednesday night. “The vulnerability was Apache Struts CVE-2017-5638.”
But the Apache Software Foundation, which oversees the Apache Struts project, said in a press release Thursday that a software update that would have easily fixed the issue and prevent this breach was released last March, a day after it was discovered, except Equifax failed to apply the update.
“The Equifax data compromise was due to their failure to install the security updates provided in a timely manner,” Apache Software Foundation said in the statement.
300 x 250
Late Thursday, Equifax would not confirm if they installed the needed updates and if not, why not. The company would only say they were working with law enforcement as part of a criminal investigation.
“We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement,” the company said.
“They should have patched it as soon as possible, not to exceed a week. A typical bank would have patched this critical vulnerability within a few days,” said Pravin Kothari, CEO of CipherCloud, a cloud security company.
Equifax CEO Richard F. Smith apologized Tuesday in an op-ed published on USA Today. He said the company initially “thought the intrusion was limited” when it was first discovered on July 29.
“Consumers and media have raised legitimate concerns about the services we offered and the operations of our call center and website. We accept the criticism and are working to address a range of issues,” he wrote. “We will make changes.”
“We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again. We will make changes and continue to strengthen our defenses against cyber crimes,” Smith said.
Besides the Federal Trade Commission, the Federal Bureau of Investigations (FBI) and several state attorneys general have launched their own investigations into the breach at Equifax.
WHITE HOUSE NEWS
/ 7 months ago
In a move that would not need congressional approval, the Trump administration is working...
/ 7 months ago
U.S. President Donald Trump is at it again. On Tuesday, he demanded in a tweet that...
/ 8 months ago
President Donald Trump’s attorney and former New York mayor Rudy Giuliani asserted Monday that...