Nearly half of U.S. population credit information stolen (credit card fraud spiked in August after July 29th discovery)

In other words every person's credit in the U.S. is in jeopardy right now because the rest of the population are children under 18 or adults without credit. If you take 143 million and compare it to the population you have the right amount for people who actually would have credit.

begin quote from:

Equifax confirms Apache Struts flaw it failed to patch was to blame for data breach

ZDNet · 22 hours ago

Failure to patch two-month-old bug led to massive Equifax breach

Ars Technica · 21 hours ago

More for equifax suffered data breach after it failed to path old apache struts flaw

Equifax Suffered Data Breach After It Failed to Patch Old Apache ...

thehackernews.com/2017/09/equifax-apache-struts.html

16 hours ago - Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts ... people was caused by exploiting a flaw in Apache Struts framework, ...

Credit card fraud spikes after Equifax cyber-attack | New York Post

nypost.com/2017/09/08/credit-card-fraud-spikes-after-equifax-cyber-attack/

6 days ago - Thieves appear to have started using the data stolen in the gigantic Equifax cyber-heist, one expert said Friday. Credit card fraud unexpectedly ...

Equifax breach exposed data for 143 million consumers - CBS News

https://www.cbsnews.com › MoneyWatch › Markets

Sep 7, 2017 - Cyberattack on one of the country's largest credit reporting agencies may be one of the biggest in history. ... U.S. consumers after exploiting a vulnerability on the company's website. ... Credit card numbers for about 209,000 consumers and documents ... Number of impostor scams surpass identity thefts.

Equifax Continues to Plunge Amid Mounting Scrutiny Pressure

Nasdaq · 10 hours ago

More for EQUIFAX CONTINUES TO PLUNGE AMID MOUNTING SCRUTINY PRESSURE

Equifax Continues to Plunge Amid Mounting Scrutiny Pressure - Zacks

https://www.zacks.com/.../equifax-continues-to-plunge-amid-mounting-scrutiny-press...

21 hours ago - Shares of Equifax (EFX) continue to hit new lows amid mounting scrutiny pressure from lawmakers, investigating agencies and regulators over ...

Equifax Continues to Plunge Amid Mounting Scrutiny Pressure - Nasdaq

www.nasdaq.com/.../equifax-continues-to-plunge-amid-mounting-scrutiny-pressure-c...

10 hours ago - Shares of Equifax Inc.EFX continue to hit new lows amid mounting scrutiny pressure from lawmakers, investigating agencies and regulators ...

• Edition: US

 

• 
  

must read Yet another trove of sensitive US voter records has leaked

Equifax confirms Apache Struts security flaw it failed to patch is to blame for hack

The company said the March vulnerability was exploited by hackers.

By Zack Whittaker for Zero Day | September 14, 2017 -- 01:27 GMT (18:27 PDT) | Topic: Security

• 
  

(Image: file photo)

Equifax has confirmed that a web server vulnerability in Apache Struts that it failed to patch months ago was to blame for the data breach that affected 143 million consumers.
In a brief statement, the credit rating giant said:
"Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted."
"We know that criminals exploited a U.S. website application vulnerability," the statement added.
"The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement."

ADVERTISING

For its part, Equifax still has not provided any evidence to support the claim.
The cited Apache Struts flaw dates back to March, according to a public vulnerability disclosure. Patches were released for the vulnerability, suggesting that Equifax did not install the security updates.
Apache Struts is used across the Fortune 100 to provide web applications in Java, and it powers front- and back-end applications, including Equifax's public website.

Is Unsecured File Sharing Compromising Your Business?

Shadow IT—the use of business tools, like file sync and share software, without explicit IT approval—is happening right under your nose. Whether you’re conscious of it or not, shadow IT may pose serious risk to your business’ IT security and compliance. ...

White Papers provided by SolarWinds

Earlier, unconfirmed reports had pointed to Struts as the root of the cyber attack. At least one of the reports, citing a research analyst from equity research firm Baird, was subsequently retracted.
The Apache Foundation, which maintains the Apache web software, said days ago in response to media reports -- prior to any confirmation from the company -- that at the time it was not clear if Struts was to blame for the cyber attack.
The company is said to have enlisted FireEye-owned Mandiant for its incident recovery.
Despite several requests over the past week, the company has not answered specific questions or responded to requests for comment.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

ZDNET INVESTIGATIONS

• Leaked TSA documents reveal New York airport's wave of security lapses
• US government pushed tech firms to hand over source code
• At the US border: Discriminated, detained, searched, interrogated
• Millions of Verizon customer records exposed in security lapse
• Meet the shadowy tech brokers that deliver your data to the NSA
• Inside the global terror watchlist that secretly shadows millions
• FCC chairman voted to sell your browsing history — so we asked to see his
• With a single wiretap order, US authorities listened in on 3.3 million phone calls
• 198 million Americans hit by 'largest ever' voter records leak
• Britain has passed the 'most extreme surveillance law ever passed in a democracy'
• Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it
• Leaked document reveals UK plans for wider internet surveillance