Wow, this Equifax story just keeps getting worse. MSN is reporting that Equifax had a patch for 2 months that might have prevented the insane security breach that led to the release of private information of about 143 million Americans.
The Apache Foundation, a company with oversees "open source software" said it pretty bluntly in a statement released yesterday:
"The Equifax data compromise was due to (Equifax') failure to install the security updates provided in a timely manner."
So they knew it was a problem, they were given a security update and they chose not to install it.
Apparently, the "hole" was patched in early March of this year....but Equifax said the unauthorized access didn't happen until mid-May, a full 2 months later. They have no explanation for why, once notified of the vulnerability, they hadn't taken steps to protect their customers.
Hackers stole a litany of information that put victims at risk: social security number, name, date of birth, etc. So your entire identity. Fantastic.
Equifax's response to why they didn't implement the patch:
Oh, but they did offer free credit monitoring (after the fact) and said: "We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again. We will make changes and continue to strengthen our defenses against cyber crimes."
Funny thing is they could have prevented this...if they had just listened to the cyber security experts in March by implementing the patch. But hey, why listen to the experts.
Oh, and just a reminder: 3 top Equifax executives sold their stock back in early August when they found out about the breach. Smells like insider trading to me.