Security & Fraud

Thousands Of Customers Using Flawed Software That Led To Equifax Breach

Despite the Equifax breach that exposed the personal data of more than 145 million Americans, Fortune is reporting that thousands of companies have the same computer security holes in their networks that places the sensitive data of consumers at risk.

According to the report, which cites data from the cybersecurity startup Sonatype, 10,801 companies – including 57 percent of Fortune Global 100 companies – have downloaded versions of Apache Struts, an open-source software package that is known to be vulnerable to the same holes that enabled Equifax to be hacked. Although The Apache Software Foundation released patches for the software after Equifax was breached, businesses continue to download bad copies of Struts, putting them in a position to potentially get hacked themselves.

Sonatype wouldn't specify which companies are using the bad copy of Struts, but the report noted that seven of the businesses were Fortune Global 100 tech companies, eight were Fortune Global 100 automakers and 15 were Fortune Global 100 financial services and insurance companies. What's more, more than 8,780 companies continued to download the vulnerable version of Struts even after the Equifax hack was disclosed.

Broken down in another way, only around one in five businesses that knew about the Equifax breach stopped downloading the flawed software. In fact, as many as 3,049 organizations downloaded the exact same security vulnerabilities the hackers used to breach Equifax.

“Downloading vulnerable versions of Struts is a symptom of a broader hygiene issue,” said Wayne Jackson, Sonatype’s CEO. “The problem is that these organizations don’t care enough to exert control, or don’t have the infrastructure in place to know what’s being used.”

The executive noted that the companies' failure to patch outdated software isn't unique to Struts, but likely involves millions of copies of software that is not patched. However, he noted that Struts is “a household name that should have gotten enough attention for people to change their behaviors.”

——————————

NEW PYMNTS DATA: HOW WE SHOP – SEPTEMBER 2020 

The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

TRENDING RIGHT NOW