The Equifax data breach that leaked information on the now-145 million people was caused by a vulnerability in Apache's Struts system. Trouble is, the software provider supplied a patch back in March that should have eliminated that vulnerability. But Equifax's former CEO (who suddenly retired last week) told the House Energy and Commerce Committee that a single IT technician was at fault for the whole thing after they failed to install the patch.
Why would a huge company like that not have their own Super computer? Why would they be using Apache and open source for something so important?
Also why wasn't the data not canonicalized and obfuscated? I bet the database table names has table names like "Creditor" "Debtor" with fields like "FirstName" and "SocialSecurityNumber" The data should have been stored in an unsuable state, and the only way it makes any sense, is by running through proprietary EF algorithms upon retrieval, one Credit report at a time. No bulk dump data. There's no reason for them to even partake in List Name exchanges. That should be made illegal straight away.
The Equifax data breach that leaked information on the now-145 million people was caused by a vulnerability in Apache's Struts system. Trouble is, the software provider supplied a patch back in March that should have eliminated that vulnerability. But Equifax's former CEO (who suddenly retired last week) told the House Energy and Commerce Committee that a single IT technician was at fault for the whole thing after they failed to install the patch.