Federal Trade Commission investigating Equifax breach

September 14, 2017 by Ken Sweet And Michael Liedtke

The Federal Trade Commission has become the latest authority to announce an investigation into the massive security breach at credit agency Equifax.

The FTC said Thursday that it was opening an investigation into how Equifax got hacked and tens of million Americans' was either accessed or stolen. Typically the FTC does not disclose who it is investigating, but the agency said the high amount of attention in this case made it necessary.

Equifax disclosed last week that hackers were able to access the personal information of 143 million Americans, including critical things like Social Security numbers, birthdates, addresses and full legal names. Equifax is one of three major credit bureaus that keep track of the financial affairs of U.S. consumers in order help banks make decisions on lending, tracking credit card balances to payment history to court judgments. The other two main credit bureaus are TransUnion and Experian.

"In light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach," Peter Kaplan, acting director of public affairs at the FTC, said in a statement.

The FTC is not the only Washington authority looking into the breach. The Consumer Financial Protection Bureau previously announced its own investigation, and the House Financial Services Committee plans to hold hearings on the breach in early October. Politicians from both major parties are calling for additional investigations by Congress or the Department of Justice.

As the FTC looks into how Equifax was hacked, the company issued an update late Wednesday blaming the on a weak link that computer experts say should have been fixed long before the break-in occurred.

Equifax said the hackers took advantage of an opening by a flaw in a piece of open-source software called Apache Struts. The problem was identified in March, and a repair known as a patch was released shortly afterward.

The intrusion into Equifax's computer systems began in May and continued until late July. It wasn't clear from Equifax's disclosure whether the company applied the patch and it didn't work, or whether its security department simply ignored the warning about the problem.

Computer security expert Nate Fick called Equifax's failure to address the problem a "massively egregious" breakdown that should result in the ouster of the company's top executives.

"There is no excuse for not following basic cybersecurity hygiene," said Fick, CEO of security specialist Endgame.

Explore further: Investors punish Equifax for massive data breach

Related Stories

Investors punish Equifax for massive data breach

September 8, 2017

Investors were bailing out on Equifax a day after the credit monitoring company said a data breach exposed the Social Security numbers and other personal data of 143 million Americans.

US watchdog confirms probe of huge Equifax data breach

September 14, 2017

A US consumer protection watchdog agency said Thursday it has begun an investigation into a massive data breach at credit bureau Equifax that may have leaked sensitive information on 143 million people.

143 mn affected in hack of US credit agency

September 8, 2017

A major American credit reporting agency entrusted to safeguard personal financial information said Thursday hackers looted its system in a colossal breach that could affect nearly half the US population as well as people ...

Recommended for you

Fish-inspired material changes color using nanocolumns

March 20, 2019

Inspired by the flashing colors of the neon tetra fish, researchers have developed a technique for changing the color of a material by manipulating the orientation of nanostructured columns in the material.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.