Equifax Provides New Info on Breach

Oct 2, 2017
Press Release

Equifax Provides New Info on Breach

 

Company Describes Internal Actions of Top Officials as

Cummings Asks Committee to Request Documents from US-CERT

 

Washington, D.C. (Oct. 2, 2017)—Today, Rep. Elijah E. Cummings, the Ranking Member of the House Committee on Oversight and Government, sent a letter to Chairman Trey Gowdy after Equifax representatives briefed Oversight Committee staff on new information regarding the actions of its top officials relating to the massive data breach that exposed the personal information of millions of consumers. 

 

In his letter, Cummings asked Gowdy to send a bipartisan request for documents to the Computer Emergency Readiness Team (US-CERT) and the National Cybersecurity and Communications Integration Center.

 

“It is unclear why the company waited three days to inform the FBI, and it is also unclear whether Equifax contacted US-CERT during this time, particularly since the agency had warned specifically about this vulnerability months earlier,” wrote Cummings.

 

During the briefing, Equifax representatives informed Oversight Committee staff that:

 

  • the company failed to heed a March 8, 2017, alert from US-CERT explicitly warning about a specific vulnerability through a web-application known as “Apache Struts”;

 

  • the company’s failure allowed cyber attackers to exploit this vulnerability to gain access to hundreds of millions of sensitive consumer files and documents from May 13, 2017, to July 29, 2017—the date that Equifax finally detected the breach;

 

  • the company’s General Counsel did not inform the FBI about the breach until the following Wednesday, August 2, 2017;

 

  • the company could not confirm whether the General Counsel contacted anyone else in law enforcement or internally about the breach; and

 

  • the FBI never instructed or directed the company to withhold from the public information about the breach, which the company did until nearly six weeks later, on September 7, 2017.

 

Click here to read today’s letter:

 

115th Congress