What We Know and Don’t Know About the Equifax Hack
Had Equifax followed the advice of the community of software developers who oversee Struts, “this breach
would not have occurred,” said Oege de Moor, the chief executive of the security firm Semmle.
• Hackers exploited a vulnerability in website software.
• It is also unclear why the company did not patch the vulnerability and why other security methods failed to stop the attack.
• It is not clear who had access to the website software exploited by the hackers.
Intelligence officials and security analysts in private industry said
that while it is far too early to say definitively who breached Equifax, the leading theory is that the company was hit by a nation-state or hackers operating on a nation-state’s behalf.