• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

2

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

3

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

1

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

2

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

3

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

Equifax Hack Lasted for 76 Days, Compromised 148 Million People, Government Report Says

By
Bloomberg
Bloomberg
Down Arrow Button Icon
By
Bloomberg
Bloomberg
Down Arrow Button Icon
December 10, 2018, 4:30 PM ET
Add Fortune on Google for similar content.

Equifax Inc. failed to modernize its technology security to match the company’s aggressive growth strategy and data gathering, a shortcoming that left it open to the 2017 hack that compromised the information of 148 million people, according to a House Oversight Committee report.

“Had the company taken action to address its observable security issues prior to this cyber attack, the data breach could have been prevented,” according to the report, which was released Monday and prepared by the committee’s Republican staff.

(EFX) didn’t have clear “lines of authority” for ensuring digital security and failed to patch its systems when a vulnerability was publicly disclosed in 2017, according to the report. Driven by an aggressive growth campaign, Equifax began in 2005 to collect vast amounts of new data. The company did so without having an adequate plan to protect it, committee staff said.

In a statement following the release of the report on Monday, Equifax said that since the incident, it has taken “meaningful steps” to improve security. The company also said that the House Oversight Committee report contained “significant inaccuracies” and that the committee didn’t provide Equifax with sufficient time to review the report.

“While we believe that factual errors serve to undermine the content of the report, we are generally supportive of many of the recommendations the committee laid out for the government and private industry to better protect consumers, and have already made significant strides in many of these areas,” Equifax said in its statement.

Report’s Recommendations

In a set of recommendations, committee staff said the Federal Trade Commission may need “additional oversight authorities and enforcement tools” to protect consumer data. The report also encouraged companies to be more transparent about cyber risks and data protection.

Democrats on the oversight and technology committees issued a separate report Monday, saying the Republicans didn’t incorporate necessary reforms to help prevent data breaches in the future. They recommended legislation on how to notify victims of a data breach and, like the Republicans, strengthening the FTC.

Hackers gained access to the Equifax network in mid-May 2017 and attacked the company for 76 days, according to the report. Equifax noticed “red flags” in late July, and then in early August contacted the Federal Bureau of Investigation, outside counsel and cyber-security firm Mandiant. The company waited until September to inform the public of the breach.

Software Vulnerability

Equifax had previously said that the hackers exploited a software vulnerability known as Apache Struts CVE-2017-5638. The Apache Software Foundation, which oversees the open-source software, had issued a patch for the flaw in March 2017, two months before hackers began accessing Equifax data.

Equifax has faced withering criticism over its failure to quickly apply the patch. In the report released Monday, the committee said Equifax was aware it had issues with its patching processes after it conducted an audit of those procedures in 2015.

But it wasn’t just this vulnerability that enabled the hackers to carry out the attack. Once they gained access to the network, they found a file containing unencrypted user names and passwords, according to the report. And an expired security certificate on a device for monitoring network traffic meant that Equifax didn’t detect that data was being stolen.

“This audit found a number of significant deficiencies within the patching process at Equifax,” according to the report.

Email Dispute

During last year’s congressional hearings over the breach, the company’s former chief executive officer, Richard Smith, said Equifax was breached largely because an employee didn’t forward an email that directed the firm’s technology team to fix the software vulnerability. Monday’s report said that the employee was Graeme Payne, the former senior vice president and chief information officer for Equifax’s global corporate platforms.

In an interview with the committee, Payne said he believed Smith’s testimony was a “gross simplification” of what had occurred and said he was never directed to forward such emails, according to the report.

The company was also caught unprepared to deal with the size of the breach, which ultimately amounted to 56 percent of the adult U.S. population.

“The dedicated breach website and call centers were immediately overwhelmed, and consumers were not able to obtain timely information about whether they were affected and how they could obtain identity protection services,” according to the report.

About the Author
By Bloomberg
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in

The 6 Best Exercise Bikes of 2026: Fitness Expert Reviewed
HealthDietary Supplements
The 6 Best Exercise Bikes of 2026: Fitness Expert Reviewed
By Christina SnyderJuly 1, 2026
2 hours ago
Mark Zandi, Moody's chief economist.
EconomyU.S. economy
‘It’s fair to ask whether it was worth it’: The Iran war has cost Americans $1,000 per household—and that’s a conservative estimate, Mark Zandi says
By Tristan BoveJuly 1, 2026
5 hours ago
Melania Trump NFT earnings surge 28x in 2025 as first lady rakes in nearly $17 million in total earnings, filing shows
PoliticsDonald Trump
Melania Trump NFT earnings surge 28x in 2025 as first lady rakes in nearly $17 million in total earnings, filing shows
By Mia OsmonbekovJuly 1, 2026
5 hours ago
Donald Trump sits at his desk in the Oval Office, smiling and with his hands folded in front of him.
PoliticsDonald Trump
Trump got a $78K pension from the Screen Actors Guild in 2025 because he appeared in Home Alone 2 in 1992
By Sasha RogelbergJuly 1, 2026
6 hours ago
How foodservice giant Sodexo is embracing AI and robotics to reshape the kitchen
NewslettersCIO Intelligence
How foodservice giant Sodexo is embracing AI and robotics to reshape the kitchen
By John KellJuly 1, 2026
6 hours ago
Anthropic CEO Dario Amodei
AIAnthropic
Anthropic’s AI models are back online after a two-week government standoff—settling the company and administration into a fragile truce
By Tristan BoveJuly 1, 2026
7 hours ago

Most Popular

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
7 days ago
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
16 hours ago
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
Success
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
By Preston ForeJune 27, 2026
5 days ago
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
Newsletters
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
By Diane BradyJuly 1, 2026
14 hours ago
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
Success
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
By Sydney LakeJune 29, 2026
2 days ago
The U.S. Army is opening military bases to private billions — here's why that changes everything for the next 250 years
Commentary
The U.S. Army is opening military bases to private billions — here's why that changes everything for the next 250 years
By Marc AndersenJune 30, 2026
1 day ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.