(Image: file photo)
Equifax has confirmed that a web server vulnerability in Apache Struts that it failed to patch months ago was to blame for the data breach that affected 143 million consumers.
In a brief statement, the credit rating giant said:
“Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted.”
“We know that criminals exploited a U.S. website application vulnerability,” the statement added.
“The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement …