Arrow-right Camera
The Spokesman-Review Newspaper

The Spokesman-Review Newspaper The Spokesman-Review

Spokane, Washington  Est. May 19, 1883
Partly Cloudy Day 57° Partly Cloudy
News >  Business

Report: Hackers were snooping inside Equifax as of March

This Saturday, July 21, 2012, photo shows signage at the corporate headquarters of Equifax Inc. in Atlanta. (Mike Stewart / Associated Press)
This Saturday, July 21, 2012, photo shows signage at the corporate headquarters of Equifax Inc. in Atlanta. (Mike Stewart / Associated Press)
The Associated Press

Hackers broke into Equifax’s computer systems in March, two months earlier than the company had previously disclosed, according to a Wall Street Journal report .

That gave the intruders months to probe vulnerabilities and eventually gain access to the data of 143 million Americans. The Journal cited a report from the Mandiant unit of security firm FireEye that was sent to some Equifax customers this week.

The breach on March 10 came two days after security researchers at Cisco Systems warned of a flaw in an open-source software package called Apache Struts. One expert told the Journal that hackers probably found the Equifax server by “spamming” the internet for computers with that flaw.

The attackers then essentially cased the Equifax system for several weeks, the Journal reported. They eventually gained access to Equifax usernames and passwords, as well as “documents and sensitive information stored in databases, between May and late July, according to the Mandiant report, the Journal reported.

In an update last Friday, Equifax said that hackers only gained access to “certain files containing personal information” between May 13 and July 30. It did not mention earlier activity.

An Equifax spokesperson contacted by email said the company’s investigation found that someone had “interacted” with the company’s server on March 10. But the representative characterized that as “part of a common pattern of probing of systems on the Internet to find vulnerabilities.” There was no evidence that this probing was related to the more serious compromise of sensitive information, the spokesperson said.

“This is completely consistent with what Equifax has previously released” on the subject, the company representative said.

A spokeswoman for FireEye declined to comment.

The Spokesman-Review Newspaper

Local journalism is essential.

Give directly to The Spokesman-Review's Northwest Passages community forums series -- which helps to offset the costs of several reporter and editor positions at the newspaper -- by using the easy options below. Gifts processed in this system are not tax deductible, but are predominately used to help meet the local financial requirements needed to receive national matching-grant funds.

Active Person

Subscribe to the Coronavirus newsletter

Get the day’s latest Coronavirus news delivered to your inbox by subscribing to our newsletter.