Equifax data breach Equifax is one of three major consumer credit reporting agencies in the United States. They are the ones that come up with a credit score based on their information that they have on consumers. When a consumer applies for a lone, the lender requests information from these companies like Equifax. Equifax will then send over the credit report and credit score to the lender to evaluate your eligibility. Based on that credit history the lender can then adjust what your interest rate will be. What type of attack was launched? Within recent months Equifax has established that the cybercriminal’s got into the system in the middle of May through a software vulnerability that had an update that was released in late March. This was devastating news for the credit-reporting agency. Equifax failure to take precautions that had more than two months to do so, risked and later leaked personal information of 145 million people by having weak vulnerability’s exposed to hackers. The company took six weeks to notify the public after finding out about the breach. Even then, the site that Equifax set up in response to address questions and offer free credit monitoring was itself riddled with vulnerabilities. But the ongoing discoveries increasingly paints a clear picture of negligence and carelessness especially in Equifax’s failure to protect itself against a known flaw with a ready fix. The vulnerability that attackers exploited to access Equifax’s system was in the Apache Struts web-application software, a widely used enterprise platform. The Apache Software Foundation said in statement that, though it was sorry if attackers exploited a bug in its software to breach Equifax and informed it was not the March Struts bug that caused this breach. The Apache Software Foundation always recommends that users regularly patch and update their Apache Struts platforms. “Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years,” René Gielen, the vice president of Apache Struts, wrote. Penetration testers and other security researchers say that it would have been simple for an attacker to exploit the flaw and get into the system. Once they identified Equifax’s systems as vulnerable, actually exploiting the vulnerability to gain access to the Equifax servers and network will unfortunately have been relatively easy,” But the update that was released earlier that year during March and failed to make its way on to the system before the breach in May later that year. Equifax released in a statement that the mishandling of the update led to the vulnerability. What was compromised or breached? And who are the victims? From the Equifax attack that lasted through mid-May until July we can look back at what was compromised and breach, and we can see first hand the damage consumers are . The cyber criminals gained access to people’s names, social Security numbers, birthdates, addresses, and in some instances even drivers license (eg. Berger, R (2017). Equifax Hack — How To Protect Your Credit And Identity If Your Data Was Compromised.). All of this highly sensitive information that is only assigned once to a person in their life. Losing your full identity can result in a thief taking out loans or credit cards in your name. A variety of fraud alerts will usually detect such activity, and the methods to correct such problems have become well known and efficient. However, individuals with a high net worth may wish to take additional steps. This affects nearly 145,000,000 people across the United States who are now affected by leaked credit scores and identity.