Equifax was reportedly warned that it was vulnerable to an attack months before a catastrophic breach affected 145 million Americans, according to a report from Motherboard.
The report claims an anonymous researcher looked into Equifax’s servers and websites last year. After just three hours, the researcher was able to access the personal information of every American, including Social Security numbers, birthdays, full names, and city and state of residence.
The researcher told Motherboard that the site looked like an employee portal but could be found by anyone on the internet. It included search fields that pulled up info about all Equifax customers, or about one-third of all Americans. Even more alarming is that the researcher wasn’t using any special equipment.
After downloading the data of hundreds of thousands of Equifax customers as proof, the researcher went to the company to point out holes in its security.
“It should’ve been fixed the moment it was found,” the anonymous researcher told Motherboard. “It would have taken them five minutes, they could’ve just taken the site down. In this case, it was just ‘please take this site down, make it not public.’ That’s all they needed to do.”
Equifax didn’t fix the problem until at least six months later. But it was too late. By that time, a hacker had stolen the personal information of 145 million people. Equifax now faces a string of class-action lawsuits for failing to maintain adequate security safeguards.