The data breach that leaked 145 million Equifax customers information is said to have been caused by vulnerability in Apache’s Struts system, because of the software provider supplying a patch back in March, which should have eliminated the vulnerability.
Despite this, according to engadget, Equifax’s former CEO, Richard Smith, told the Commerce Committee and House Energy that the breach was caused by a single IT technician who failed to install the patch when instructed.
Smith, who resigned last week, explained the company’s procedure regarding patches, explaining how a technician should install the patch and then scan the system for any remaining vulnerabilities.
The Department of Homeland Security’s Computer Emergency Readiness Team sent Equifax a notice on 8 March 2017 about the vulnerability in versions of Apache Struts.
More vulnerabilities were then found in May and July, because of the vulnerability not being fixed, causing the company to fully investigate the breach.
According to engadget, Smith said: “The human error was that the individual who’s responsible for communicating in the organisation to apply the patch, did not.”
The committee was said to have “thrashed” Equifax’s failure to protect user data.
Written by Leah Alger