What Happend with the Equifax Hack in Layman’s Terms

Joe Engelking

Ready to Solve Your IT Problems and/or Protect Your Systems?

By now you have probably already learned about the massive data hording giant that is Equifax.  Whether you volunteer your information to them or not, Equifax is doing its best to aggregate as much information about you as possible under the guise of credit monitoring.  So what what happened with the Equifax Hack in Layman’s Terms?

 

What happened as a result of the Equifax hack?

Equifax lost control of the credit data for over 143 Million US consumers, roughly 44% of the US population

The information lost included names, social security numbers, birth dates, credit histories, addresses, and in some instances driver’s license numbers.

Equifax is believed to have first become aware of the incident on July 29, while the breach is believed to have occurred from mid-May through July. So that’s half of May, June and July — or ~2.5 months of unauthorized access to the most sensitive and privacy-requiring consumer financial data before the intrusion was detected.

After learning of the breach, Equifax kept it secret for five weeks while their database continued to leak the personal details of the 143 million consumers.

So while Equifax was first unaware of the breach for about two and a half months, once discovered they still decided to wait five more weeks after learning about it to disclose it to the public.

How did the Hackers get into Equifax?

Equifax uses a complex framework called Apache Struts.  It is a complicated and advanced web application framework used by many large businesses and government organizations for developing their business systems.

Hackers found a known exploit in Apache Struts (one discovered by Homeland Security back in March) that was not properly patched by Equifax and used it offload the contents of their databases for weeks unnoticed.

Who performed the Equifax Hack and WHY?

According to many cyber security podcasts and insider groups, the goal was not and never was gaining control of 143 million mostly-American citizens personal data which, a lot of the time, is already available on the dark net.

The targets of the, likely nation-state hacking team, were specific high-value corporate and government individuals whose personal identity information might be used to further support additional targeted intrusions, i.e. this was step 1

 

This was, ‘What happened in the Equifax Hack in Layman’s Terms’

If you found this usefule check out our other blog post, What is the CCleaner Virus and how to tell if you have it

AWARD-WINNING CYBERSECURITY AND I.T. SERVICES

TOP 10% OF ALL REVIEWED I.T. PROVIDERS
UPCITY TOP REVIEWED I.T. PROVIDER
EXPERTISE CURATED TOP PICK
DESIGNRUSH TOP CHICAGO I.T. PROVIDER
RANKED TOP 5 ON GOODFIRM’S TOP CYBERSECURITY PROVIDERS LIST
National IT & Cybersecurity Coverage
Managed IT Services
System Audits/Assessments
Design & Installation
Software Implementation
Custom Software Development
Remote Monitoring
24/7 On-Call Support
Cybersecurity
ISO Consulting
SOC Consulting
HIPAA Consulting
Systems Monitoring
Policy Development
Fraud Prevention
Data Protection
Tools
Download
Contact
Headquarters
Chicago, Illinois
847-496-5196
Schedule a Free Consultation