Equifax has finally spilled the deets on exactly what was snaffled from their servers. And It’s a lot of data. An awful lot.
One good thing, I guess, is the number of people impacted by the Naughty People taking advantage of the unpatched version of Apache Struts has not gone up since the initial disclosure of the break-in. 146.6 million folk were compromised.
They didn’t do this out of choice. There’s a congressional hearing that has forced their hand.
On top of the 146.6m names, there were 146.6m dates of birth, 145.5m social security numbers, 99m addresses, 209,000 payment cards and 38,000 drivers’ licences and 3,200 passports. Blimey.
These extra bits of data are not new people, but rather details about exactly what was nicked during the data heist.
The really scary bit? At the recent RSA conference (we talked about it HERE), Sonatype big nob Derek Weeks said there were thousands of companies keep downloading (and one assumes using) the moody version of Struts.