Researcher Says Equifax Was Warned About Vulnerability Last Year

As Equifax — and American consumers — still grapple with the fallout from the company’s recent massive data breach, one security researcher claims they told Equifax about the vulnerability last year, months before the breach occurred.

Casimiro PT / Shutterstock.com

The security researcher — who requested anonymity — told Motherboard it only took hours to find an Equifax website that had “completely exposed” personal data such as social security numbers, full names, birthdates, and residential addresses. The site was vulnerable to a basic “forced browsing” bug.

Warning Signs

The researcher claims they could have downloaded the data of “all of Equifax’s customers in 10 minutes.” These issues were discovered last December, and were immediately reported to the company, the researcher said. The site was not taken down until June.

The anonymous researcher claims there were multiple ways to access Equifax’s networks, and is convinced more than one group of hackers got into the data.

“If it took me three hours to find that website, I definitely think I’m not the only one who found it,” the researcher told Motherboard. “It wasn’t just one breach. It was maybe dozens.”

The report also includes interviews with former employees who were convinced Equifax wasn’t doing enough to prepare for such an event. To these workers, Cybersecurity did not appear to be a serious concern to the company.

Millions Affected

First disclosed in September, details are still leaking out about the Equifax hack. The credit reporting firm re-upped its initial estimates of affected consumers weeks after the initial disclosure — it’s now believed more than 145 million Americans may have potentially been affected by the data breach.

Further reports noted that customers in the United Kingdom and Canada were also affected by the incident, and it’s believed that more than 10 million U.S. drivers had their license information compromised in the breach.

Equifax isn’t the only company to suffer a huge data breach in recent years. To learn more, check out our article Not Just Equifax: Six Of The Biggest Data Breaches In The Modern Tech Era.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Leave a Comment

Trending News

Follow Us

Reviews