Unfortunately there are some in this world who choose to close their eyes to the issues. Equifax seems to be the type to commit such ignorant acts.
Reportedly, six months ago Equifax was warned about the possibility of a security breach in their network. An anonymous security researcher had informed Equifax that they were susceptible to a forced browsing technique that could potentially expose thousands of customers SSN, birthdays and full names. The anonymous researcher also said they found other bugs that would have allowed a hacker to take control of Equifax servers, including SQL injection vulnerability. SQL vulnerability would allow maliciously crafted data to be forced into a web entry field to run commands in the background without the user being wiser for it.
This is a disappointing realization of information, knowing that a company that is supposed to keep the information of customers at it’s highest priority on lock down, to be so negligent to the weaknesses in their security system. Especially when being told specifically the issues that are there and could be accessed through such an easy manner such as forced browsing. Its reported that Equifax didn’t address those issues for six months. It is uncertain if those weaknesses were the cause of the security breach, which would honestly be more unsettling if there was a different means of access, because that means they were even more lax in another area with the information of the people who trusted them.
There is speculation that more than one hacker group could have been inside of the company’s network at the breach, further enhancing the possible issues that may arise for the Equifax customers.