Data Breach

Equifax confirmed additional 2.4 Million identifies affected by security breach

The results of the forensic investigation on the massive Equifax hack revealed additional 2.4 Million identities were involved in the security incident.

The massive Equifax hack made the headlines again, new revelations about the security breach emerge in the last hours.

The credit bureau company announced this week it identified an additional 2.4 million American consumers affected by 2017 hack.

In 2017 Equifax confirmed it has suffered a massive data breach, cyber criminals stole sensitive personal records of 145 million belonging to US citizens and hundreds of thousands Canada and in the UK.

Attackers exploited the CVE-2017-5638 Apache Struts vulnerability. The vulnerability affects the Jakarta Multipart parser upload function in Apache and could be exploited by an attacker to make a maliciously crafted request to an Apache web server.

The vulnerability was fixed back in March, but the company did not update its systems, the thesis was also reported by an Apache spokeswoman to the Reuters agency.

Compromised records include names, social security numbers, birth dates, home addresses, credit-score dispute forms, and for some users also the credit card numbers and driver license numbers.

A couple of weeks ago, experts argued the Equifax hack is worse than previously thought, according to documents provided by Equifax to the US Senate Banking Committee the attackers also stole taxpayer identification numbers, phone numbers, email addresses, and credit card expiry dates belonging to some Equifax customers.

Now the results of the forensic investigation revealed additional 2.4 Million identities were involved in the security incident.

“This is not about newly discovered stolen data,” explained Paulino do Rego Barros, ad interim chief executive at Equifax.

“It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals.”

The US company still hasn’t notified the newly identified consumers because their social security numbers were not exposed in the hack, hackers only accessed their partial driver’s license information.

Equifax announced it would notify the newly identified consumers and will offer them identity theft protection and credit file monitoring services.

The company is now facing federal investigations as well as class-action lawsuits over the massive hack.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Equifax, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Russia’s FSB used spyware against a Russian programmer

Russia's FSB used spyware against a Russian programmer after detaining him for allegedly donating to…

14 minutes ago

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

Romania 's election systems suffered over 85,000 attacks, with leaked credentials posted on a Russian…

9 hours ago

New Atrium Health data breach impacts 585,000 individuals

Atrium Health disclosed a data breach affecting 585,000 individuals to the HHS, potentially linked to…

12 hours ago

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog.…

21 hours ago

Hundred of CISCO switches impacted by bootloader flaw

A bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing attackers to bypass image signature…

1 day ago

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks<gwmw style="display:none;"></gwmw>

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and…

2 days ago

This website uses cookies.