Equifax Data Breach

The Equifax data breach, also known as the 2017 Equifax data breach, was a significant cybersecurity incident that occurred in March 2017. It is considered one of the largest data breaches in history, affecting approximately 147 million people in the United States, Canada, and the United Kingdom. The breach occurred when hackers exploited a vulnerability in Apache Struts, an open-source software framework used by Equifax to manage its online application. The vulnerability, known as CVE-2017-5638, allowed the attackers to inject malicious code into the system, granting them access to sensitive information. The stolen data included names, birth dates, addresses, social security numbers, and driver's license numbers. The breach also compromised credit card numbers and dispute documents for approximately 209,000 people. Equifax discovered the breach on July 29, 2017, and notified the affected individuals in September 2017. The incident led to widespread criticism of Equifax's data security practices and sparked a national conversation about the importance of data privacy and protection. In response to the breach, Equifax faced numerous lawsuits and regulatory investigations, and the company's CEO and several other executives resigned. The incident also led to changes in data breach notification laws and regulations in several countries.