Back to all articles
SQL Injection
Equifax (2017)
Jun 03, 2026
Between May and July 2017, Equifax suffered one of the largest personal data breaches in history. Attackers exploited an unpatched vulnerability in Apache Struts. They gained access to internal servers, obtained employee credentials, and extracted the personal and financial data of 147.9 million Americans, 15.2 million Britons, and approximately 19,000 Canadians.
The stolen information included:
Names and dates of birth
Social Security numbers
Addresses and driver's license numbers
Partial credit card data
The attack was made possible by a lack of basic security measures, such as the use of the default password "admin", a lack of two-factor authentication (2FA), and insecure network design. The public disclosure in September 2017 triggered massive fines and class-action lawsuits, including $300 million in compensation for victims and additional penalties in the US and UK. This case highlights the critical importance of system updates and robust data security.
References
https://en.wikipedia.org/wiki/2017_Equifax_data_breach
https://bobsullivan.net/cybercrime/report-equifax-attacks-came-from-china-cybersecurity-had-rated-a-0-out-of-10-before-2017-hack/
https://bobsullivan.net/cybercrime/report-equifax-attacks-came-from-china-cybersecurity-had-rated-a-0-out-of-10-before-2017-hack/