Equifax hackers stole data for 200k credit cards from transaction history

It wasn’t just credit record data that someone made off with when they breached Equifax’s website starting in May of this year. The attacker also managed to grab credit card data from transactions involving more than 200,000 credit cards, and some of those transactions dated back as far as November of 2016.

Brian Krebs reports that the credit bureau revealed all this credit card data was taken as the result of a single attack that took advantage of a months-old exploit of the Apache Foundation’s Struts framework for Java-based Web applications. Visa and MasterCard both published confidential alerts to banks in their networks this week about the card exposure. Both explicitly blamed Equifax, and Visa linked to Equifax’s press release on the breach. The transactions that may have been exposed took place in a period spanning November 10, 2016 to July 6, 2017, according to the Visa notification.

According to Equifax, the breach began in mid-May and was detected on July 29. “The attacker accessed a storage table that contained historical credit card transaction related information,” an Equifax spokesperson told Krebs. The company did not respond to questions from Krebs about how the data was being stored.

Read 2 remaining paragraphs | Comments

Ars Technica

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.