Equifax had patch 2 months before hack and didn’t install it, security group says

SAN FRANCISCO — Hackers took advantage of an Equifax security vulnerability two months after an industry group discovered the coding flaw and shared a fix for it, raising questions about why Equifax didn’t update its software successfully when the danger became known.

A week after Equifax revealed one of the largest breaches of consumers’ private financial data in history — 143 million consumers and access to the credit-card data of 209,000 — the industry group that manages the open source software in which the hack occurred blamed Equifax.

“The Equifax data compromise was due to (Equifax’s) failure to install the security updates provided in a timely manner,” The Apache Foundation, which oversees the widely-used open source software, said in a statement Thursday.

Read more details here.

Author: Elizabeth Weise and Nathan Bomey