Equifax Inc said on Wednesday that investigators had determined that an online dispute website at the heart of the theft of some 143 million consumer records was initially compromised by hackers on 10 March, four months before the company noticed any suspicious activity.
It disclosed the findings after details of a report by cybersecurity firm FireEye Inc that was sent to some Equifax customers were reported by the Wall Street Journal earlier on Wednesday.
The report, which was obtained by Reuters, described the techniques that the unknown attackers used to compromise Equifax, including exploitation of a vulnerability in a software known as Apache Struts that was used to build the online dispute website.
It is not clear whether the March hackers were the same ones who later stole the vast cache of personal information. Equifax also said a previously reported incident in which some W-2 forms were compromised, also in March, was entirely unrelated.
The FireEye report said the firm was unable to determine who was behind the attack, and that it had never seen a hacking group employ the same tools, techniques and procedures as those used against Equifax.
A FireEye spokesman declined to comment on the report.
Equifax said in a statement to Reuters that a hacker “interacted with” the server on 10 March, but that there was no evidence that the incident was related to the theft of sensitive consumer data that began in May.
The Wall Street Journal report said that hackers had roamed undetected inside Equifax’s network for four months before the massive breach was detected in July by the company’s security team. Equifax disputed that claim.
“There is no evidence that this probing or any other probing was related to the access to sensitive personal information” in the massive breach disclosed on 7 September, the company said in its statement.
Equifax shares have shed almost a third of their value since the disclosure of the breach. Critics have questioned why Equifax took so long to discover and disclose the breach.
“They’ve had so much overlapping activity that it’s difficult to pick a single thread out of the noise,” said the expert, who was not authorised to discuss details of the confidential report.
Updated Date: Sep 21, 2017 15:19 PM