Skip to Content

Nope, We Can’t Trust Data Firms to Update Against Known Security Flaws

September 14, 2017

It seems Equifax was hacked using a two-month-old vulnerability that it could have protected itself against.

"We know that criminals exploited a U.S. website application vulnerability,” the company wrote in a statement. “The vulnerability was Apache Struts CVE-2017-5638.” But as Ars Technica points out, that flaw was identified and fixed on March 6, with a patch (albeit a complex and finicky one to implement) offered to users of the Web app software so that they didn’t get hacked. Equifax was hacked in mid-May, a full two months after the vulnerability was announced. In other words, it looks like Equifax fell foul of a known exploit that it hadn't yet updated its systems against.

That would be careless if it was a security flaw on, say, your own home computer. But when failure to update software with a vulnerability like that—which, as Ars Technica has also reported, was used heavily by hackers in March—can result in the loss of personal data from as many as 143 million Americans, it’s negligent. And when a company claims, like Equifax, to be in the business of fraud prevention, identity management, and selling advice on how to manage data breaches? Well, I guess then we just find ourselves in the modern-day couldn’t-care-less corporate approach to cybersecurity.

Equifax’s CEO, Richard Smith, is due to testify before the House of Representatives on October 3. Let’s hope he's given a real hard time.

Keep Reading

Most Popular

This new data poisoning tool lets artists fight back against generative AI

The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models. 

Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist

An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.

Data analytics reveal real business value

Sophisticated analytics tools mine insights from data, optimizing operational processes across the enterprise.

Driving companywide efficiencies with AI

Advanced AI and ML capabilities revolutionize how administrative and operations tasks are done.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.