New documents provided recently by Equifax to US senators revealed that the breach the company experienced last year may have involved types of data not mentioned in the initial disclosure of the incident.

Last May, malicious hackers exploited a known vulnerability in the Apache Struts development framework to gain unauthorized access to Equifax systems. The vulnerability was patched March 7, the same day it was announced, but Equifax security team failed to install the updates in a timely manner, leaving 143 million individuals to suffer the consequences.

However, confidential documents sent by Equifax to the Senate Banking Committee, show that hackers may have stolen additional information, including tax ID numbers, email addresses, and driver’s license information.

Equifax has responded saying its initial disclosure on was never intended to include all the types of information that may have been compromised.

Senator Elizabeth Warren has responded by asking Equifax to provide clarifications on “conflicting, confusing and incomplete information” provided by the company to both the public and Congress.

“As your company continues to issue incomplete, confusing and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?” Sen. Warren wrote in a letter to Equifax.

Equifax has one week to provide Congress with a complete list of data elements confirmed or believed to have been compromised in the last Mays breach, with a timeline of its efforts provided to determine the full extent of the intrusion.

Last week Senator Warren published a 15-page report containing the findings of her personal investigation into the Equifax breach. Her investigation found that Equifax set up a flawed system to prevent data security incidents, ignored several warnings of risk to customer data, failed to disclose the breach to stakeholders in a timely fashion, and provided inadequate assistance and information to consumers.


Read the article on Security Week


The Most Powerful & Reliable Cybersecurity Products
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.