Read time: 1 minute

WOW: Equifax Had A Patch For Months And Chose Not To Use It

Apparently, they knew about the vulnerability and chose not to act.
WOW: Equifax Had A Patch For Months And Chose Not To Use It

Wow, this Equifax story just keeps getting worse. MSN is reporting that Equifax had a patch for 2 months that might have prevented the insane security breach that led to the release of private information of about 143 million Americans.

The Apache Foundation, a company with oversees "open source software" said it pretty bluntly in a statement released yesterday:

"The Equifax data compromise was due to (Equifax') failure to install the security updates provided in a timely manner."

So they knew it was a problem, they were given a security update and they chose not to install it.

Apparently, the "hole" was patched in early March of this year....but Equifax said the unauthorized access didn't happen until mid-May, a full 2 months later. They have no explanation for why, once notified of the vulnerability, they hadn't taken steps to protect their customers.

Hackers stole a litany of information that put victims at risk: social security number, name, date of birth, etc. So your entire identity. Fantastic.

Equifax's response to why they didn't implement the patch:


Oh, but they did offer free credit monitoring (after the fact) and said: "We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again. We will make changes and continue to strengthen our defenses against cyber crimes."

Funny thing is they could have prevented this...if they had just listened to the cyber security experts in March by implementing the patch. But hey, why listen to the experts.

Oh, and just a reminder: 3 top Equifax executives sold their stock back in early August when they found out about the breach. Smells like insider trading to me.

Can you help us out?

For 17 years we have been exposing Washington lies and untangling media deceit, but now Facebook is drowning us in an ocean of right wing lies. Please give a one-time or recurring donation, or buy a year's subscription for an ad-free experience. Thank you.

More C&L Coverage


New Commenting System

Our comments are now powered by Insticator. In order to comment you will need to create an Insticator account. The process is quick and simple. Please note that the ability to comment with a C&L site account is no longer available.

We welcome relevant, respectful comments. Any comments that are sexist or in any other way deemed hateful by our staff will be deleted and constitute grounds for a ban from posting on the site. Please refer to our Terms of Service (revised 3/17/2016) for information on our posting policy.

Please Do Not Use the Login Link at the Top of the Site.

In order to comment you must use an Insticator account. To register an account, enter your comment and click the post button. A dialog will then appear allowing you create your account.

We will be retiring our Crooks and Liars user account system in January, 2021.

Thank you.
C&L Team