Equifax Breach

About

The Equifax data breach occurred between May and July 2017, exposing sensitive information of over 147 million people, including Social Security numbers, names, dates of birth, addresses, and driver's license numbers. This cyberattack exploited a known vulnerability in the Apache Struts software used by Equifax's online dispute portal. The breach was discovered in late July 2017 but was not publicly disclosed until September 7, 2017. The attackers accessed multiple databases across Equifax's network, leveraging unpatched vulnerabilities and poor network segmentation. The breach had significant repercussions, including financial losses and reputational damage for Equifax. It raised concerns about identity theft risks for affected individuals. Despite the large scale of the breach, the stolen data was not sold on the dark web, leading some to speculate that it was used for espionage. The U.S. government later indicted members of China's military for the breach. Equifax faced criticism for its response, including issues with its breach notification website and stock sales by executives before the public disclosure. The company offered settlement funds and free credit monitoring to affected individuals.