UPDATED 01:13 EDT / SEPTEMBER 12 2017

INFRA

Equifax hack lawsuits start to stack up

U.S. consumer credit reporting agency Equifax Inc. will soon be heading to court with multiple lawsuits being filed against the company following its disclosure of a massive hack last week.

The lawsuits, which stand at least two dozen according to Reuters, come in a number of different flavors, including one suit that alleges that Equifax was guilty of equities fraud, while a number of other suits are specifically targeting Equifax’s response to the hack such as its offer of one year of free credit monitoring.

The number of lawsuits targeting Equifax is likely to rise exponentially in the coming days, presuming that potential litigants, more specifically the 143 million Americans who have had their data stolen, don’t all agree to join a class action lawsuit. Adding to the the potential number is a very specific 2017 reason – a bot that allows victims to file lawsuits against Equifax for up to $25,000 without needing a lawyer.

Called DoNotPay, the bot allows victims to sue Equifax for negligence in small claims court for maximum damages, be it that the number differs from state to state. The Verge reports that maximum damages range between $2,500 in states like Rhode Island and Kentucky to $25,000 in Tennessee.

Although lawyers are without doubt rubbing their hands in abundant joy, the path used by the hackers has finally been revealed and disturbingly it was via a method only publicly disclosed last week – a serious vulnerability in the Apache Struts2 framework.

Robin Bectel, representing DevOps startup Sonotype Inc., explained the situation to SiliconANGLE, noting that 80 to 90 percent of a modern-day application is built using open source components – like Apache Struts.

“Software developers download these components from repositories that house billions of open source software components. According to our recent research, only 57 percent of organizations have a software governance policy, which ensures that development organizations download only approved components, and 65 percent do not have meaningful controls over what components are in their applications,” Bectel said. “As Equifax learned the hard way, software components age like milk, not wine — the older a component is, the more likely it is to be either vulnerable or defective.”

On a positive note, Bectel added that “it’s not all doom and gloom” and that “solutions do exist to stop
developers from downloading vulnerable components, to identify vulnerable components already in production, and to help them respond to and remediate security incidents in minutes rather than weeks.”

Photo: Brian Turner/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.