Equifax announced a massive data breach affecting 143 million US consumers. Hackers exploited a vulnerability in Apache Struts to access names, social security numbers, birthdates, addresses, driver's license numbers, and credit histories stored on Equifax's servers. This breach poses significant risks to identity theft, as social security numbers were compromised. Those affected should obtain credit reports, monitor their credit, and consider initiating a credit freeze to protect their information going forward. The Equifax breach highlights the importance of data security preparedness and patching vulnerabilities.

2. EQUIFAX
DATA BREACH
2

3. What happened?
3

4. Equifax announced that on September 7th 2017, 143 million US based users and
unknown number of Canadian users had their
• FULL NAME
• SOCIAL SECURITY NUMBER
• ADDRESS
• DATE OF BIRTH
• DIVER’S LICENSE NUMBER
• CREDIT HISTORY
Source: https://www.govinfosecurity.com
4

5. Why I bother?
5

6. • If you cut out the under 18’s you might be looking at percentage of 58%
of adults who are hacked now.
• If you ever help or inquired about a credit card, cell phone account,
security clearance, jobs, electric service, water service, housing rent,
internet service, universities you are most likely affected.
• This isn’t like other hacks where credit card information was out, where
you could cancel a credit card.
• It’s like someone cloned you for the express purpose of that person
opening up credit cards in your name and maxing it out.
6

7. • 143 million U.S. consumers' personal details, including names, birthdates,
addresses, Social Security numbers and in some cases driver's license
numbers.
• 209,000 U.S. consumers' payment cards.
• 182,000 U.S. consumers' credit dispute documents, containing personal
information.
• 400,000 British consumers' personal details, which Equifax was accidentally
storing on its U.S. servers.
• 100,000 Canadian consumers' personal details.
Breach Report
Source: https://www.govinfosecurity.com
7

8. How it has been
attacked?
8

9. • Equifax failed to patch a vulnerability in Apache Struts - a web application
development framework - in a timely manner.
• Equifax has confirmed that attackers entered its system in mid-May 2017, through
the patch available in March.
• The vulnerability was Apache Struts CVE-2017-5638.
• It allows remote attackers to execute arbitrary commands via a #cmd= string in a
crafted Content-Type HTTP header, as exploited in the wild in March 2017.
9
Source: https://nvd.nist.gov/vuln/detail/CVE-2017-5638

10. What to do now?
10

11. 1. Get a credit report right now!
2. Monitor your credit!
3. Initiate a credit freeze (optional).
If you are part of this affected group :
11

12. • The breach of Equifax is a shining example of what happens when you do not
prepare for data breach response ahead of time.
• Though Equifax ironically provides identity theft protection services it has
been hacked with most valuable information from it’s server.
Conclusion
12