Things somehow keep getting worse for Equifax

The credit agency had been hacked in March, in a separate breach.
Author:
Updated:
Original:

What's the next level below dumpster fire? Maybe landfill blaze. Or Great Pacific garbage patch twister.

Whatever term you prefer, that's what Equifax has dropped to after last week's dumpster fire description.

Already taking heat for leaving the private data of 143 million Americans accessible to hackers, Equifax is now facing questions about a previous data breach it suffered earlier in 2017.

This comes from Bloomberg, which was told by sources that Equifax's systems were breached in March – an incident that the company didn't make public, despite telling some banking customers and a few others outsiders, according to the report.

Equifax in a statement to The Guardian confirmed the March hack, saying it related to a payroll service. The company also said a third-party review found that hack is not related to the large one that's recently been in the news, and didn't affect those customer databases. 

Cybersecurity expert Brian Krebs reported the March breach affected tax records. According to CNN, Equifax says it notified affected consumers and other parties about the possible impact.

All told, it means Equifax – which, as one of the three big credit reporting agencies, stores the personal data of millions of Americans – was the victim of two hacks in the span of just a few months.

Equifax also hadn't patched a flaw correctly

Also coming out in recent days – the exploit used by hackers to access the information of 143 million Americans over the summer had actually been patched months earlier.

The issue was an exploit in a web application called Apache Struts. Apache fixed that flaw back in March, ZDnet says. Equifax last week acknowledged being aware of the vulnerability at the time, and taking efforts to patch vulnerable systems they knew about.

But Equifax apparently didn't patch this specific application until noticing the suspicious activity on July 29. At that point, the company blocked the communications, and took the web application offline while it installed the proper patch.

"While Equifax fully understands the intense focus on patching efforts, the company’s review of the facts is still ongoing. The company will release additional information when available," the company said.

This breach actually started back in mid-May, but wasn't noticed until late July, and then wasn't revealed publicly until September. 

Two high-level execs have lost their jobs at this point.

The damage so far: names, Social Security numbers, birth dates, addresses and driver’s license numbers of up to 143 million Americans, plus the credit card numbers of 209,000 U.S. consumers. Some documents containing personal identifying information of 182,000 Americans were also accessed, Equifax says.

Oh, and some U.K. and Canadian residents had information out there too.

We'll go with landfill blaze.

Next Up

Xcel Energy Center

Fiala's goal gives Wild victory over first-place Golden Knights

Kaapo Kahkonen made 26 saves in the 2-0 victory.

Walz

Gov. Tim Walz to announce COVID vaccine next steps on Tuesday

Minnesota is nearing the 70% vaccinated target for over-65s.

Screen Shot 2021-03-08 at 2.44.41 PM

Charges: Minnesota man killed his father with hammer, knife

The 44-year-old admitted to killing his father, court documents say.

P.J. Fleck, Gophers football

Staying home: Gopher football lands 6'7'' football recruit

The offensive lineman is a star player in southwest Minnesota.

Ambulance hospital emergency

Teen worker dies after being shocked at Vikings apartment site

Aaron Welle, 18, of Holdingford, died from his injuries.

teacher, coronavirus, covid-19, school, classroom

90% of MN schools now offer in-person learning, 55% of teachers vaccinated

Gov. Tim Walz had set March 8 as the date for when schools would be expected to offer in-person learning.

Screen Shot 2021-03-08 at 8.12.13 AM

Catholic school employee allegedly had 'inappropriate physical contact' with student

The employee is currently on leave pending an MPD investigation.

covid-19, vaccine

CDC: Fully vaccinated people can be together indoors without masks

The CDC on Monday released new guidance for fully vaccinated people.

covid saliva test

MDH to open new COVID testing site in Carver Co. amid B117 variant outbreak

It comes amid an outbreak among younger people in the southwest metro county.

radio station, microphone

KFAN's Paul Allen recounts 'harrowing' fatigue from COVID-19

Paul Allen said he experienced extreme fatigue after testing positive.

Screen Shot 2021-03-08 at 9.41.43 AM

Derailed train in Plymouth was carrying molten sulfur

No unusual air quality readings have been reported in the area.

Related

Is Equifax going to get away with compromising all our data?

The investigation into the credit-monitoring agency is being scaled back.

Al Franken tears into former Equifax CEO over the data breach

Franken questioned the former CEO over the massive data breach.

Equifax won't make you sign away class-action lawsuit rights for using TrustedID

The company had offered a year of the service for free – but with a catch.

Equifax has become a giant dumpster fire

The credit reporting agency has yet another security blunder on its hands.

Social security numbers stolen from Equifax, and you're probably affected

The huge data breach was discovered in July and confirmed on Thursday.

The Equifax data breach: What do you do next?

143 million consumers had their information compromised.

The Tip Jar: Should you accept Equifax's free credit lock offer?

A credit freeze or a fraud alert looks like a better bet.