Scam of the day – September 23, 2017 – Massachusetts Attorney General sues Equifax

Massachusetts Attorney General Maura Healey became the first state attorney general to sue Equifax in regard to the recent massive data breach.  Specifically, the lawsuit accuses Equifax of not properly updating its Apache Struts software with security patches for vulnerabilities that were exploited by the hackers although the patches were available months before the data breach.  The lawsuit also accuses Equifax with a failure to promptly notify victims of the data breach in a timely fashion and failing to encrypt data.

The lawsuit seeks civil penalties and other financial penalties.   I expect numerous other state attorneys general to also sue Equifax in the days ahead.


I will keep you informed as to developments in this case as well as the multiple class actions that have been filed privately against Equifax in regard to the data breach and let you know what you may need to do to obtain compensation related to the data breach.  In the meantime, if you have not already done so you should freeze your credit at each of the three credit reporting agencies and sign up for Equifax’s free identity protection services which are being offered for one year.

Scam of the day – September 15, 2017 – The importance of updating your software

I am constantly preaching about the importance of not using outdated software which is not updated with the latest security patches, such as we saw as the basis for the WannaCry ransomware attack which exploited vulnerabilities in the Windows XP operating system, which Micosoft had long ago stopped supporting with security updates.

It is important to update all of your software with security patches as soon as they become available.  Equifax has recently confirmed that the vulnerability exploited by hackers in its recent massive data breach was in the Apache Struts software used for developing apps.  The specific vulnerability was designated as CVE-2017-5768.  The problem is that this vulnerability was first exploited by hackers against Equifax in May while a security patch was made available as shown here this security update in March.

If Equifax had been prompt in its updating of its Apache Struts software, it could have avoided this data breach.


The lesson is clear.  Update all of your software programs as soon as security patches are available and whenever possible, make the updating of security patches automatic so you don’t even have to take any specific action yourself to make sure that you are operating the most safe and secure versions of your software.