Data Breach
Equifax Data Breach
147.0M records exposed • May 2017
Equifax, one of the three companies that tracks everyone's credit scores, got hacked because they didn't install a security update for months. Hackers stole Social Security numbers and personal info for nearly half of all Americans. The data is perfect for identity theft. Equifax paid $700 million in fines and settlements, but the damage to consumers continues.
What Happened
The 2017 Equifax breach exposed the sensitive personal and financial data of 147 million Americans—nearly half the US population. Attackers exploited an unpatched vulnerability in Apache Struts that had a known patch available for months. The breach led to a $700 million settlement and remains one of the most significant data breaches in history.
Attack method: Unpatched Apache Struts vulnerability (CVE-2017-5638)
What Data Was Exposed
Social Security numbers, Full names, Birth dates, Addresses, Driver's license numbers, Credit card numbers (209,000), Dispute documents with PII
Is your business exposed?
What to Do If You're Affected
- 1.
Check if affected at equifaxbreachsettlement.com
- 2.
Freeze your credit at all three bureaus (Equifax, Experian, TransUnion)
- 3.
Claim free credit monitoring if eligible from settlement
- 4.
File your taxes early to prevent tax identity theft
- 5.
Set up fraud alerts with credit bureaus
- 6.
Review credit reports for unauthorized accounts
Lessons for Businesses
- • Patch critical vulnerabilities immediately, not months later
- • Security breaches at credit bureaus affect consumers who never chose to do business with them
- • Companies holding sensitive data must have robust vulnerability management
- • Credit freezes should be the default, not opt-in
Sources
Related Breaches
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required