|
|
|
|
|
|
by etjossem
3205 days ago
|
|
|
Equifax left a critical security vulnerability open for quite a while after it was announced, and confirmed that it was used in the breach. In a statement, Apache Struts wrote, "This vulnerability was patched on 7 March 2017, the same day it was announced ... In conclusion, the Equifax data compromise was due to their failure to install the security updates provided in a timely manner." https://blogs.apache.org/foundation/entry/media-alert-the-ap... |
|
|
(I have extremely little sympathy for Equifax here, around any aspect of what they did and did not do. It's still not clear to me though that it was willful by a legal definition/interpretation. I'm quite sure we will find out.)