A British financial regulator fined American credit reporting agency Equifax 11 billion pounds for its role in one of the world’s largest data breaches.
Chinese military hackers in 2017 exploited a vulnerability in Equifax’s online dispute portal to download the personal data of nearly 14 million residents of the United Kingdom as well as approximately 148 million Americans. The hackers – four of whom are under indictment by the U.S. Department of Justice – exploited a well-known vulnerability in the Apache Struts Web Framework that Equifax let go unpatched for months. Their presence inside Equifax’s network also went undetected from their initial penetration in mid-May through July 30, 2017.