As if we didn’t need more evidence of the truth of my motto, “things aren’t as bad as you think, they are far worse,” cybersecurity company Sonatype recently issued a new report indicating that thousands of companies are still using the vulnerable version of Apache Struts software that was exploited by hackers to steal personal information of 148 million people from Equifax in 2017 and 2018. Apache Struts is a popular app development software program. As you may remember, the Apache Software Foundation had issued security updates for the vulnerabilities exploited by the Equifax hackers two months before the hacking of Equifax, but Equifax failed to install the security updates in a timely fashion, thereby exposing 148 million of us to the risk of identity theft for the rest of our lives. But it is worse than that. According to the recent Sonatype report almost 11,000 organizations including 57% of the Fortune Global 100 have also failed to update their Apache Struts software thereby leaving their employees and customers in heightened danger of identity theft. Unfortunately, the problem goes beyond Apache Struts, which is just one of many open source programs, based on open code available to all that individuals and companies fail to update when new security patches become available.
So what does this mean to you and me? As I often say, you are only as safe as the places with the weakest security that hold your personal information. As much as possible you should limit the amount of personal information that you provide to companies and institutions with which you do business. Your doctor may ask for your Social Security number as a means of identification, but he or she has no legal need for it. Also, you should protect your own personal electronic devices, such as your computer and cell phone by always promptly updating all of the programs you use when new updates or security patches become available.
If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”