UPDATED 22:50 EST / MAY 08 2018

INFRA

Equifax raises the number of consumers hacked to 146.6M

Just when it was thought the infamous hack of consumer credit reporting agency Equifax Inc. couldn’t get any worse, it has.

The company has disclosed that even more customer data was stolen than per its previous estimates. The revised numbers come from a filing the company made with the U.S. Securities and Exchange Commission Monday.

It stated that the number of customer records stolen is now believed to total 146.6 million. That’s up from the 143 million it originally claimed in September and the revised number of 145.2 million in March.

Given that this was a full and presumably final disclosure, Equifax’s filing also details exactly what data had been stolen. Of the 146.6 million individuals who had data stolen, almost all of them had Social Security numbers exposed. Some 99 million saw their address information exposed, 20.3 million had phone numbers revealed and 17.6 million people’s driver’s licenses were breached.

Within the so-called “dispute document” data that was stolen — that is, correspondence between Equifax and others that were not necessarily customers — data stolen came in at 38,000 driver’s licenses, 12,000 Social Security and Taxpayer ID cards, 3,200 passports and passport cards and 3,000 other documents, including military and state IDs and resident alien cards.

Whether this will be the final chapter in the Equifax saga is yet to be seen, but it serves again as a lesson about the importance of making sure servers are always updated with the latest security patches. As Fortune reported Monday, thousands of companies are still using known-to-be-vulnerable versions of Apache Struts, the same vulnerability that led to the Equifax hack to begin with.

Eytan Segal, head of product management for threat prevention at Check Point Software Technologies Ltd., told SiliconANGLE that “unfortunately it comes as little surprise that Equifax may have failed to update a patch on a server application. Organizations consistently fail in maintaining 100 percent patching across their IT services, as it is often impractical for real-world IT environments.”

That’s because enterprise information technology environments are extremely complex and deployed and maintained by disparate groups. “Each service typically consists of multiple software elements,” he said. “Maintaining 100 percent patching requires IT security to map all services and software components, to track patches that are released for each of those software components. This is a very difficult process.”

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU