New documents provided recently by Equifax to US senators revealed that the breach the company experienced last year may have involved types of data not mentioned in the initial disclosure of the incident.

Last May, malicious hackers exploited a known vulnerability in the Apache Struts development framework to gain unauthorized access to Equifax systems. The vulnerability was patched March 7, the same day it was announced, but Equifax security team failed to install the updates in a timely manner, leaving 143 million individuals to suffer the consequences.

However, confidential documents sent by Equifax to the Senate Banking Committee, show that hackers may have stolen additional information, including tax ID numbers, email addresses, and driver’s license information.

Equifax has responded saying its initial disclosure on was never intended to include all the types of information that may have been compromised.

Senator Elizabeth Warren has responded by asking Equifax to provide clarifications on “conflicting, confusing and incomplete information” provided by the company to both the public and Congress.

“As your company continues to issue incomplete, confusing and contradictory statements and hide information from Congress and the public, it is clear that five months after the breach was publicly announced, Equifax has yet to answer this simple question in full: what was the precise extent of the breach?” Sen. Warren wrote in a letter to Equifax.

Equifax has one week to provide Congress with a complete list of data elements confirmed or believed to have been compromised in the last Mays breach, with a timeline of its efforts provided to determine the full extent of the intrusion.

Last week Senator Warren published a 15-page report containing the findings of her personal investigation into the Equifax breach. Her investigation found that Equifax set up a flawed system to prevent data security incidents, ignored several warnings of risk to customer data, failed to disclose the breach to stakeholders in a timely fashion, and provided inadequate assistance and information to consumers.

 

Read the article on Security Week

 

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.