Brian Krebs states that the credit bureau reported all this credit card data was obtained as the result of a single attack that got the advantage of a months-old exploit of the Apache Foundation’s Struts framework for Java-based Web applications. Visa and MasterCard both written confidential alerts to banks in their systems this week about the card exposure. Both explicitly blamed Equifax, and Visa linked to Equifax’s press statement on the breach. The events that may have been shown took place in a period crossing November 10, 2016, to July 6, 2017, according to the Visa notification.
According to Equifax, the violation began in mid-May and was discovered on July 29. “The attacker entered a storage table that included historical credit card transaction related information,” an Equifax spokesperson told Krebs. The organization did not respond to questions from Krebs about how the data was being cached.
The exposure implies that Equifax was both not encrypting stored credit card data or that some element of the company’s Java-based software gave the intruders the ability to access decrypted data. The memory of that data would have been in breach of the standards of the PCI Standards Security Council, which wants all stored data to be encrypted.
For consumers, Equifax’s credit card data was expected the least damaging of the displayed information.But it does have an influence on banks, which are among Equifax’s most important consumers for customer credit data. So, ironically, mishandling of credit card data could end up becoming more of a negative impact on Equifax than the vulnerability of critical information.
Take your time to comment on this article.