Home / News / Equifax Acknowledges IT Shortcomings in GAO Audit Report on 2017 Data Breach

Equifax Acknowledges IT Shortcomings in GAO Audit Report on 2017 Data Breach

Consumer credit reporting agency Equifax has told the Government Accountability Office that the company’s failure to identify and patch a critical software vulnerability, and correctly configure a crucial security system led, in part, to the massive 2017 data breach that compromised the personal information of millions of Equifax customers.

Equifax officials acknowledged that it was not able to identify the presence of the Apache Struts vulnerability on one of its client-facing portals in time, which gave cyber attackers an opportunity to penetrate the company’s systems, the GAO said in a recently-published audit report.

Company officials also admitted failing to update the digital certificate of a security system which, if properly configured, would have alerted Equifax information technology officers about unusual network traffic emanating from compromised servers, the GAO reported.

In October last year, Equifax determined that 145.5 million of its customers were affected by the breach, but this March identified another 2.4 million affected customers from the U.S., the GAO said.

Equifax later learned that some of the 2.4 million were already included in the initial count, but as of August, the company has yet to issue a revised total, the GAO noted.

Check Also

Allen Hill Named Director of GSA’s Telecom Services Office

Allen Hill, a 20-year veteran of the U.S. Air Force, was appointed director of the Office of Telecommunications Services within the General Services Administration’s Federal Acquisition Service, FCW.com reported Thursday. Hill serves as the deputy director of information technology services at the office of the Department of Education’s chief information officer and will assume his new role on Dec. 23. He worked for CACI International and Verizon prior to his current position.