Back to all articles
SQL Injection

Equifax (2017)

Jun 03, 2026

Equifax (2017)
Between May and July 2017, Equifax suffered one of the largest personal data breaches in history. Attackers exploited an unpatched vulnerability in Apache Struts. They gained access to internal servers, obtained employee credentials, and extracted the personal and financial data of 147.9 million Americans, 15.2 million Britons, and approximately 19,000 Canadians. The stolen information included: Names and dates of birth Social Security numbers Addresses and driver's license numbers Partial credit card data The attack was made possible by a lack of basic security measures, such as the use of the default password "admin", a lack of two-factor authentication (2FA), and insecure network design. The public disclosure in September 2017 triggered massive fines and class-action lawsuits, including $300 million in compensation for victims and additional penalties in the US and UK. This case highlights the critical importance of system updates and robust data security.

References

https://en.wikipedia.org/wiki/2017_Equifax_data_breach
https://bobsullivan.net/cybercrime/report-equifax-attacks-came-from-china-cybersecurity-had-rated-a-0-out-of-10-before-2017-hack/