Bloomberg Businessweek

The Equifax Job

The hack had hallmarks of state-sponsored pros, but the company may have been distracted

In the corridors and break rooms of Equifax Inc.’s giant Atlanta headquarters, employees used to joke that their enormously successful credit reporting company was just one hack away from bankruptcy. They weren’t being disparaging, just darkly honest: Founded in the 19th century as a retail credit company, Equifax had over the years morphed into one of the largest repositories of Americans’ most sensitive financial data. The health of the company and the security of its data were one and the same.

Nike Zheng, a Chinese cybersecurity researcher in a bustling industrial center near Shanghai, probably knew little about Equifax or the value of the data pulsing through its servers when he exposed a flaw in popular software for web applications called Apache Struts. Information he provided to Apache, which published a fix for the problem on March 6, showed how the flaw could be used to steal data from any company using the software. Equifax was one of those companies.

Apache’s post caught the attention of the global hacking community. Within 24 hours the information was posted to freebuf.com, a Chinese security website, and it showed up the same day in Metasploit, a popular free hacking tool. On March 10, hackers scanning the internet for computer systems vulnerable to the attack got a hit on an Equifax server in Atlanta,

You're reading a preview, sign up to read more.

More from Bloomberg Businessweek

Bloomberg Businessweek3 min readTech
The Military’s Cybercontractor Of Choice
Old-school firewalls and antivirus software try to block or at least detect hackers, but when those systems fail, they can’t do much to limit the trail of destruction. More often than you might think, corporate IT staffers are reduced to wandering ar
Bloomberg Businessweek4 min read
Social Mobility
A new biography of Alexander Calder follows the curious rise of one of the 20th century’s top-selling artists.
Bloomberg Businessweek4 min readPolitics
A Russian Power Play In Belarus
Lithuania says a new nuclear plant just across the border is a ploy to restore Moscow’s influence