Equifax hack preventable with patch

Equifax hack preventable with patch
© Getty Images

Equifax has identified the flaw in its website that hackers used to breach its systems, potentially affecting 143 million Americans. 

In a consumer update Wednesday night, the credit reporting firm pointed to a known security issue in the web applications software Apache Struts as the one used in the breach. 

Struts is a popular web software, but security issues have frequently arisen.


The flaw in Struts that was used by the hackers had actually been patched by the time hackers used it against Equifax — the patch was released mid-March, while the breach was in May. But the patch had to be individually applied for all the web applications using Struts on the server, a process that takes time and effort. 

According to the Equifax post, the company is still working on determining which accounts the hackers actually accessed. While the attackers could potentially have taken social security numbers and other personal information on as many as 143 million Americans, it is still unclear how many they actually accessed.

"Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted," it said.