Enlarge / Welp. (credit: Michael Nagle/Bloomberg via Getty Images)
It wasn’t just credit record data that someone made off with when they breached Equifax’s website starting in May of this year.

The attacker also managed to grab credit card data from transactions involving more than 200,000 credit cards, and some of those transactions dated back as far as November of 2016.
Brian Krebs reports that the credit bureau revealed all this credit card data was taken as the result of a single attack that took advantage of a months-old exploit of the Apache Foundation’s Struts framework for Java-based Web applications.
Visa and MasterCard both published confidential alerts to banks in their networks this week about the card exposure.

Both explicitly blamed Equifax, and Visa linked to Equifax’s press release on the breach.

The transactions that may have been exposed took place in a period spanning November 10, 2016 to July 6, 2017, according to the Visa notification.
According to Equifax, the breach began in mid-May and was detected on July 29. “The attacker accessed a storage table that contained historical credit card transaction related information,” an Equifax spokesperson told Krebs.

The company did not respond to questions from Krebs about how the data was being stored.
Read 2 remaining paragraphs

Leave a Reply