Equifax and a software company are blaming each other for a glitch that allowed hackers to obtain Social Security numbers and other sensitive info for 143 million people.
The Atlanta-based company, one of the nation’s three key credit bureaus that track individuals’ credit histories, said late Wednesday that hackers breached a vulnerable spot in a U.S. website application called Apache Struts CVE-2017-5638. Equifax disclosed last week that it discovered in July that hackers had tapped a large trove of personal data on most adults in America.
But in a statement Thursday, Apache Software Foundation, which provides the application, said it provided and announced a patch for the software fault on March 7, well before Equifax said the security breach began in mid-May.
CLARK HOWARD ON... THE EQUIFAX DATA BREACH
- Equifax data breach FAQs: Answers to your biggest questions
- Credit Freeze Guide: The best way to protect yourself against identity theft
- Equifax data breach: Frustrated consumers report credit freeze problems
“In conclusion, the Equifax data compromise was due to their failure to install the security updates provided in a timely manner,” the foundation said.
The 18-year-old foundation said it is an all-volunteer organization that produced open-source Java applications for government and business users, including Fortune 100 companies.
Equifax couldn’t be reached immediately for a response to Apache Software Foundation’s statement.
MYAJC.COM: REAL JOURNALISM. REAL LOCAL IMPACT.
AJC Business reporter Russell Grantham keeps you updated on the latest news about major companies, CEOs and public utilities in metro Atlanta and beyond. You'll find more on myAJC.com, including these stories:
- Equifax grapples with fallout from massive data breach
- Georgia's large power users save hundreds of millions on Plant Vogtle charges
- Lots of sugar 'isn't good for anyone,' Coke CEO says
Never miss a minute of what's happening in local business news. Subscribe to myAJC.com.