POST Online Media Lite Edition


Equifax failed to install important security patch

Staff Writer |
The Equifax data breach affecting 143 million Americans happened because the company failed to install a security patch in computer code, a vulnerability industry experts identified months prior to the hack.

Article continues below

The glitch was part of a common cybersecurity software program called Apache. A nonprofit security firm identified the vulnerability and published a fix that closed the loophole.

Experts told USA Today that major financial institutions that use the software should have installed the patch within a matter of days after it was publicized in March.

The Equifax hack, which exploited the vulnerability, did not happen until May.

"They should have patched it as soon as possible, not to exceed a week. A typical bank would have patched this critical vulnerability within a few days," said Pravin Kothari, CEO of CipherCloud, a cloud security company.

What to read next

Equifax takes down web page after new security scare
Key security executives leaving Equifax after security breach
FTC investigating Equifax data breach