UPDATED 01:13 EDT / SEPTEMBER 12 2017

INFRA

Equifax hack lawsuits start to stack up

U.S. consumer credit reporting agency Equifax Inc. will soon be heading to court with multiple lawsuits being filed against the company following its disclosure of a massive hack last week.

The lawsuits, which stand at least two dozen according to Reuters, come in a number of different flavors, including one suit that alleges that Equifax was guilty of equities fraud, while a number of other suits are specifically targeting Equifax’s response to the hack such as its offer of one year of free credit monitoring.

The number of lawsuits targeting Equifax is likely to rise exponentially in the coming days, presuming that potential litigants, more specifically the 143 million Americans who have had their data stolen, don’t all agree to join a class action lawsuit. Adding to the the potential number is a very specific 2017 reason – a bot that allows victims to file lawsuits against Equifax for up to $25,000 without needing a lawyer.

Called DoNotPay, the bot allows victims to sue Equifax for negligence in small claims court for maximum damages, be it that the number differs from state to state. The Verge reports that maximum damages range between $2,500 in states like Rhode Island and Kentucky to $25,000 in Tennessee.

Although lawyers are without doubt rubbing their hands in abundant joy, the path used by the hackers has finally been revealed and disturbingly it was via a method only publicly disclosed last week – a serious vulnerability in the Apache Struts2 framework.

Robin Bectel, representing DevOps startup Sonotype Inc., explained the situation to SiliconANGLE, noting that 80 to 90 percent of a modern-day application is built using open source components – like Apache Struts.

“Software developers download these components from repositories that house billions of open source software components. According to our recent research, only 57 percent of organizations have a software governance policy, which ensures that development organizations download only approved components, and 65 percent do not have meaningful controls over what components are in their applications,” Bectel said. “As Equifax learned the hard way, software components age like milk, not wine — the older a component is, the more likely it is to be either vulnerable or defective.”

On a positive note, Bectel added that “it’s not all doom and gloom” and that “solutions do exist to stop
developers from downloading vulnerable components, to identify vulnerable components already in production, and to help them respond to and remediate security incidents in minutes rather than weeks.”

Photo: Brian Turner/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU