By now you have probably already learned about the massive data hording giant that is Equifax. Whether you volunteer your information to them or not, Equifax is doing its best to aggregate as much information about you as possible under the guise of credit monitoring. So what what happened with the Equifax Hack in Layman’s Terms?
What happened as a result of the Equifax hack?
Equifax lost control of the credit data for over 143 Million US consumers, roughly 44% of the US population
The information lost included names, social security numbers, birth dates, credit histories, addresses, and in some instances driver’s license numbers.
Equifax is believed to have first become aware of the incident on July 29, while the breach is believed to have occurred from mid-May through July. So that’s half of May, June and July — or ~2.5 months of unauthorized access to the most sensitive and privacy-requiring consumer financial data before the intrusion was detected.
After learning of the breach, Equifax kept it secret for five weeks while their database continued to leak the personal details of the 143 million consumers.
So while Equifax was first unaware of the breach for about two and a half months, once discovered they still decided to wait five more weeks after learning about it to disclose it to the public.
How did the Hackers get into Equifax?
Equifax uses a complex framework called Apache Struts. It is a complicated and advanced web application framework used by many large businesses and government organizations for developing their business systems.
Hackers found a known exploit in Apache Struts (one discovered by Homeland Security back in March) that was not properly patched by Equifax and used it offload the contents of their databases for weeks unnoticed.
Who performed the Equifax Hack and WHY?
According to many cyber security podcasts and insider groups, the goal was not and never was gaining control of 143 million mostly-American citizens personal data which, a lot of the time, is already available on the dark net.
The targets of the, likely nation-state hacking team, were specific high-value corporate and government individuals whose personal identity information might be used to further support additional targeted intrusions, i.e. this was step 1
This was, ‘What happened in the Equifax Hack in Layman’s Terms’
If you found this usefule check out our other blog post, What is the CCleaner Virus and how to tell if you have it
