2017 in Breaches: Equifax and More
This question was recently answered, as Equifax announced, “We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638.” What’s so bad about this disclosure? Well, as it turns out, the patch for this vulnerability had already been made available — months before the breach occurred. This brings with it multiple concerns. For one, Equifax is not going to win back any consumer confidence with the admission that they willingly either chose not to or failed to notice they needed to update their systems when a patch was available. And two, if this could happen to a huge company like Equifax, then who isn’t at risk? Year After Year Growth 2016 was the biggest year