The Equifax JobIssue 10-09-17 |
The hackers that penetrated Equifax stole the financial data—Social Security numbers, birth dates, addresses and more—of at least 143 million Americans. By the time they were done, the attackers had accessed dozens of sensitive databases and created more than 30 separate entry points into Equifax's computer systems.
Mandiant, the security consulting firm hired by Equifax to investigate the breach, warned Equifax that its unpatched systems and misconfigured security policies could indicate major problems, a person familiar with the perspectives of both sides said. For its part, Equifax believed Mandiant had sent an undertrained team without the expertise it expected from a marquee security company.
Eventually, the intruders installed more than 30 web shells, each on a different web address, so they could continue operating in case some were discovered. While the investigation is in progress, lawmakers are making ominous noises about boosting oversight of the credit reporting industry, which is largely unregulated.