Equifax, software maker blame each other for opening door to hackers

Equifax’s Atlanta headquarters. Photo: Equifax

Equifax’s Atlanta headquarters. Photo: Equifax

Equifax and a software company are blaming each other for a glitch that allowed hackers to obtain Social Security numbers and other sensitive info for 143 million people.

The Atlanta-based company, one of the nation’s three key credit bureaus that track individuals’ credit histories, said late Wednesday that hackers breached a vulnerable spot in a U.S. website application called Apache Struts CVE-2017-5638. Equifax disclosed last week that it discovered in July that hackers had tapped a large trove of personal data on most adults in America.

But in a statement Thursday, Apache Software Foundation, which provides the application, said it provided and announced a patch for the software fault on March 7, well before Equifax said the security breach began in mid-May.

CLARK HOWARD ON... THE EQUIFAX DATA BREACH

“In conclusion, the Equifax data compromise was due to their failure to install the security updates provided in a timely manner,” the foundation said.

The 18-year-old foundation said it is an all-volunteer organization that produced open-source Java applications for government and business users, including Fortune 100 companies.

Equifax couldn’t be reached immediately for a response to Apache Software Foundation’s statement.

MYAJC.COM: REAL JOURNALISM. REAL LOCAL IMPACT.

AJC Business reporter Russell Grantham keeps you updated on the latest news about major companies, CEOs and public utilities in metro Atlanta and beyond. You'll find more on myAJC.com, including these stories:

Never miss a minute of what's happening in local business news. Subscribe to myAJC.com.