Equifax data breach leaks data for millions of customers

Credit reporting company Equifax has reported a data breach that may have compromised the personal data of millions of private individuals in the U.S., including names, birth dates, Social Security numbers, addresses, and/or driver’s license numbers. Equifax set up a website – www.equifaxsecurity2017.com – where customers can verify if their identities have been compromised.  Customers may also call 866-447-7559.

The Washington Post has reported that there were some current issues with the www.equifaxsecurity2017.com site, including an arbitration clause that removes the ability to file a lawsuit.   Equifax later clarified that you may out of that provision. The New York Times also published a list of common questions and answers regarding the Equifax data breach.

Equifax revealed that the security breach was caused in part by an unpatched vulnerability in its website that uses the Apache Struts Web Framework, identified as Apache Struts CVE-2017-5638.   Apache then issued their own statement regarding the Equifax data breach.