You may have never heard of a company called Equifax but the chances are they've heard about you. In fact, they've made it their business to find out as much as possible about as many people as they can.
They use the information they collect to calculate credit scores, which they then sell to banks, mortgage lenders and the like, to help them make decisions on who to lend to. They've assembled personal data on over 800 million people worldwide and may well know something about you too.
So, you'd expect that they'd take some precautions when storing all of the personal data they collect. But, unfortunately, between May and July this year they were hacked, with the data of approximately 143 million people being stolen. Those affected were mainly in the US but some UK customers were included in the hack too.
And what sophisticated techniques did the hackers use to get hold of this precious data you ask? They simply exploited a known bug in a software tool, called Apache Struts, which a patch was released for 2 months prior to the hack taking place.
So Equifax, whose business it is to gather and record data, had 2 full months to fix a known security hole in the software that they were using but instead did nothing.
With such a prize target, you can bet that hackers are sniffing around their severs on a daily basis looking for back doors and security holes. So it won't have taken them long to realise that the un-patched version of the Struts software was being used. In security terms, it's like going out and leaving your front door wide open.
So, Equifax's loss of over 100 million people's data was entirely avoidable. You and I install updates for our software as soon as they become available – why can't Equifax?
They can't take security too seriously, since in a separate incident, the company ran a web portal for staff to check on customer data in Argentina that was secured with the username/password combination admin/admin. It seems you don't need to be a hacking genius to get the better of Equifax!