SALT LAKE CITY, Utah (ABC4 News) More information continues to come out of the Equifax data breach. Cybersecurity expert Robert Jorgensen from UVU joined Good Morning Utah to break down the latest.
Two executives related to Equifax’s IT organization have retired. Their CTO and CSO are gone.
It isn’t uncommon for executives to lose their positions when a major breach like this happens.
The vulnerability in Apache Struts (the software used) was publicly revealed and a patch to fix it was released in early March. Equifax’s breach started on May 13th, so they had not patched their systems.
Apache Struts is a web application framework which means it is used to build and deploy web applications. It is very common and used many major websites.
Patching large-scale systems can be complicated and time-consuming, but is vital. Especially when they are protecting data like this. Beyond that, this sort of information should be protected by more than one defensive tool to provide defense-in-depth.
Mandiant was hired to investigate. Mandiant is owned by Fireeye, a cybersecurity with a presence in Utah. We can talk about how an outside company like Mandiant works.
Incident response companies will come in and review the logs and check out the servers for evidence of compromise. They are basically like a digital crime scene investigation team.