published on September 14, 2017 - 12:17 PM
Written by , ,

(AP) — The Federal Trade Commission has become the latest authority to announce an investigation into the massive security breach at credit agency Equifax.

The FTC said Thursday that it was opening an investigation into how Equifax got hacked and tens of million Americans’ personal information was either accessed or stolen. Typically the FTC does not disclose who it is investigating, but the agency said the high amount of attention in this case made it necessary.

Equifax disclosed last week that hackers were able to access the personal information of 143 million Americans, including critical things like Social Security numbers, birthdates, addresses and full legal names.

Equifax is one of three major credit bureaus that keep track of the financial affairs of U.S. consumers in order help banks make decisions on lending, tracking credit card balances to payment history to court judgments. The other two main credit bureaus are TransUnion and Experian.

“In light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach,” Peter Kaplan, acting director of public affairs at the FTC, said in a statement.

The FTC is not the only Washington authority looking into the breach. The Consumer Financial Protection Bureau previously announced its own investigation, and the House Financial Services Committee plans to hold hearings on the breach in early October.

Politicians from both major parties are calling for additional investigations by Congress or the Department of Justice.

As the FTC looks into how Equifax was hacked, the company issued an update late Wednesday blaming the breach on a weak link that computer security experts say should have been fixed long before the break-in occurred.

Equifax said the hackers took advantage of an opening by a flaw in a piece of open-source software called Apache Struts. The problem was identified in March, and a repair known as a patch was released shortly afterward.

The intrusion into Equifax’s computer systems began in May and continued until late July. It wasn’t clear from Equifax’s disclosure whether the company applied the patch and it didn’t work, or whether its security department simply ignored the warning about the problem.

Computer security expert Nate Fick called Equifax’s failure to address the problem a “massively egregious” breakdown that should result in the ouster of the company’s top executives.

“There is no excuse for not following basic cybersecurity hygiene,” said Fick, CEO of security specialist Endgame.


e-Newsletter Signup

Our weekly poll

Do you agree with Gov. Newsom's decision to tighten lockdown restrictions?

Loading ... Loading ...

Central Valley Biz Blogs

Popup
shares

3/5

Article views

remaining

Sign up icon

To continue website access to

TheBusinessJournal.com

please create a FREE account OR login here.

1/5

Article views

remaining

SKIP THE POP-UPS
For only $59 for one 1-year you will receive the Print edition along with EVERYTHING The Business Journal has to offer digitally, PLUS you will have unlimited 24- hour a day access to view articles at

TheBusinessJournal.com

Use Promo Code

*New Subscribers Only

Digital and Print

XX Days Remaining

until you can view 5 more free articles

Sign up icon

Want access? Subscribe now & save $20 OFF.

Use Promo Code

WEBSUB20

* NEW SUBSCRIBERS ONLY