CVE-2017-5638
Latest
Equifax blames breach on a server flaw it should've patched
Equifax's latest update on its unprecedented security breach notifies the public that its investigation has found the cause of the theft. Along with an unnamed security firm (ZDNet and others have reported it's Mandiant) the company confirmed rumors that attackers exploited a flaw in the Apache Struts Web Framework. That bug, CVE-2017-5638, was revealed in March, but the criminals were still able to use it against Equifax to steal personally identifiable information (PII - including names, birth dates, social security numbers and more) for 143 million people in the US in mid-May.