FTC warns of Equifax phone scam after data breach

The FTC warns not to give out personal information, do not trust caller ID and if you get a robocall, hang up.

Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, said: "Given how often flaws of this nature are discovered, it's therefore not a huge surprise that an exploit of a vulnerability was the entry point for the Equifax breach. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach", spokesman Peter Kaplan said in a brief email statement. Shares of rival Experian Plc, which trade in London, dropped as much as 6.4 percent on Thursday.

The Federal Trade Commission says it is investigating the Equifax data breach.

The revelation comes after Equifax last week revealed that criminals "exploited a USA website application vulnerability" to gain access to credit card numbers, dispute documents with personal identifying information, names, Social Security numbers, birth dates, addresses, and some driver's license numbers.

"The FTC typically does not comment on ongoing investigations". The two-month gap between when the patch was issued and when the attackers breached Equifax's network was a particularly unsafe time, as hackers began immediately exploiting the flaw on websites that didn't apply the fix, according to technology website Ars Technica. The vulnerability was Apache Struts CVE-2017-5638.

"Even if you do not conduct financial transactions online, your information may be at risk", said Wiessmann.

More recently, Equifax's cybersecurity has come under fire. "The Equifax breach is an example of where some simple measures like a Web application firewall and patch management could have prevented a breach of unprecedented scale from occurring".

The patch would have been time consuming as it involved rebuilding hundreds of apps using the new updated software.

Rene Gielen, vice president at the Apache Software Foundation, said in an email Thursday that the group doesn't have reliable information on how long it takes companies to apply patches for vulnerabilities. That's, uh, not a good look for Equifax's data security team.

"It's one of the most egregious examples of corporate malfeasances since Enron", Schumer said, calling Equifax's treatment of consumers afterward "disgusting" and its inability to protect data "deeply troubling".

  • Wendy Palmer