The Equifax Data Breach: A Detailed Account of a Major Cyber Incident

One of the most significant cyber incidents in recent years was the 2017 Equifax data breach, which resulted in the exposure of personal information of nearly 147 million people. As one of the largest credit bureaus in the United States, Equifax was entrusted with sensitive information, making the fallout of the breach even more profound. Here's a comprehensive rundown of how this cyber incident unfolded.

In May 2017, hackers exploited a vulnerability in the Apache Struts web-application software, a popular open-source framework for developing web applications in Java. Equifax's public-facing web server was using a version of Apache Struts that was susceptible to the attack. The vulnerability, known as CVE-2017-5638, allowed attackers to remotely execute commands on the server without proper authentication.

Once they exploited the vulnerability and gained access, the attackers installed web shells to gain persistence and remotely control Equifax's web servers. They began querying databases to discover which held sensitive information. After the databases were identified, the attackers began issuing commands to extract the data they wanted.

What's staggering is the length of time the breach went unnoticed. From mid-May to late July, the attackers were able to move through the network, querying and exfiltrating data without being detected. This gave the cybercriminals ample time to steal a massive amount of sensitive information, including names, social security numbers, birth dates, addresses, and in some cases, driver's license numbers and credit card information.

The breach was finally discovered on July 29, 2017, when suspicious network traffic was detected. Equifax brought in cybersecurity firm Mandiant to help with the investigation and remediation. It was at this point that the company learned about the scale of the breach. However, the public was not notified until September 7, over a month after the discovery.

One of the key controversies in the Equifax data breach was the delay in public disclosure. Critics argued that the delay put consumers at unnecessary risk as they could have taken actions to protect themselves had they known sooner. In the fallout, Equifax's CEO, CIO, and CSO resigned.

The investigation following the breach revealed that the vulnerability in Apache Struts had been known, and a patch had been available for two months before the breach occurred. This underlines a significant failure in Equifax's patch management process and its overall approach to cybersecurity.

The Equifax data breach was a watershed moment in cybersecurity, highlighting the importance of timely patch management, effective security controls, and the need for transparency and prompt public disclosure following a breach. In the aftermath, Equifax has paid hundreds of millions of dollars in settlements and spent significantly on their cybersecurity infrastructure to avoid future breaches.

While the Equifax data breach was undoubtedly a disaster for the company and those whose data was compromised, it served as a wake-up call for many organizations. It was a stark reminder that cybersecurity must be a priority and that organizations must continually evaluate and update their security practices in the face of evolving threats.