Equifax blames known software bug for letting hackers in

09/14/17 06:03 AM EDT

By AnnaMaria Andriotis

Status update suggests credit-reporting company may not know the full extent of the breach, which it says may have hit 143 million Americans

Equifax Inc. said criminals exploited web-server software in the data breach that affected potentially 143 million Americans, but didn't offer further detail on who may have been behind the hack.

The company confirmed late Wednesday in what it called a progress report (https://www.equifaxsecurity2017.com/) that hackers exploited a vulnerability with a U.S. website application called Apache Struts CVE-2017-5638 (https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=29972). The Wall Street Journal reported last Friday that Apache Struts was a possible source of the breach (http://www.marketwatch.com/story/equifax-could-pay-for-data-breach-in-court-2017-09-13).

Check out:Still confused after the Equifax breach? Here's what you need to know (http://www.marketwatch.com/story/still-confused-after-the-equifax-breach-heres-what-you-need-to-know-2017-09-13)

And see:How investors can punish Equifax for failing the public (http://www.marketwatch.com/story/equifax-should-pay-the-price-for-failing-investors-and-the-public-2017-09-12)

Equifax (EFX) also shared information that suggests the company doesn't know the full extent of the breach. The company said it "has been intensely investigating the scope of the intrusion" with help from a cybersecurity firm to determine what information was accessed and who has been affected.

An expanded version of this report appears on WSJ.com (https://www.wsj.com/articles/equifax-blames-exploited-web-server-software-for-data-breach-1505359905?mod=mktw).

Also popular on WSJ.com:

A new surprise airline fee (https://www.wsj.com/articles/a-new-surprise-airline-ticket-fee-1505311888?mod=mktw)

Flynn promoted Mideast nuclear plant project while in White House (https://www.wsj.com/articles/flynn-promoted-nuclear-plant-project-while-in-white-house-1505328226?mod=mktw)

-AnnaMaria Andriotis; 415-439-6400; AskNewswires@dowjones.com

 

(END) Dow Jones Newswires

09-14-17 0603ET

Copyright (c) 2017 Dow Jones & Company, Inc.