Posts Tagged: apache struts


14
Sep 17

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax. At first glance, the private notices obtained by KrebsOnSecurity appear to suggest that hackers initially breached Equifax starting in November 2016. But Equifax says the accounts were all stolen at the same time — when hackers accessed the company’s systems in mid-May 2017.

equifax-hq

Both Visa and MasterCard frequently send alerts to card-issuing financial institutions with information about specific credit and debit cards that may have been compromised in a recent breach. But it is unusual for these alerts to state from which company the accounts were thought to have been pilfered.

In this case, however, Visa and MasterCard were unambiguous, referring to Equifax specifically as the source of an e-commerce card breach.

In a non-public alert sent this week to sources at multiple banks, Visa said the “window of exposure” for the cards stolen in the Equifax breach was between Nov. 10, 2016 and July 6, 2017. A similar alert from MasterCard included the same date range.

“The investigation is ongoing and this information may be amended as new details arise,” Visa said in its confidential alert, linking to the press release Equifax initially posted about the breach on Sept. 7, 2017.

The card giant said the data elements stolen included card account number, expiration date, and the cardholder’s name. Fraudsters can use this information to conduct e-commerce fraud at online merchants.

It would be tempting to conclude from these alerts that the card breach at Equifax dates back to November 2016, and that perhaps the intruders then managed to install software capable of capturing customer credit card data in real-time as it was entered on one of Equifax’s Web sites.

Indeed, that was my initial hunch in deciding to report out this story. But according to a statement from Equifax, the hacker(s) downloaded the data in one fell swoop in mid-May 2017.

“The attacker accessed a storage table that contained historical credit card transaction related information,” the company said. “The dates that you provided in your e-mail appear to be the transaction dates. We have found no evidence during our investigation to indicate the presence of card harvesting malware, or access to the table before mid-May 2017.” Continue reading →