Equifax

In 2017, credit reporting agency **Equifax** suffered one of the most severe data breaches in history, exposing **147 million U.S. citizens and 15 million Britons**. Attackers exploited an **unpatched Apache Struts vulnerability** (CVE-2017-5638) in Equifax’s dispute resolution portal, gaining access between **May and July 2017**. The breach compromised **names, Social Security numbers, birth dates, addresses, and driver’s license numbers**, along with **credit card details of 209,000 individuals**. The attackers moved laterally across Equifax’s systems, stealing credentials to query databases and exfiltrate massive volumes of sensitive data. The U.S. government later attributed the attack to **four members of the Chinese military**, though China denied involvement. Equifax faced **$1.7 billion in costs**, including legal fees, regulatory fines, and cybersecurity upgrades. The incident triggered **class-action lawsuits, congressional hearings, and lasting reputational damage**, while consumers were left vulnerable to **identity theft and financial fraud** for years. The breach highlighted critical failures in **patch management and internal security controls**, serving as a cautionary tale for enterprises handling vast troves of personal data.

Source: https://www.csoonline.com/article/534628/the-biggest-data-breaches-of-the-21st-century.html

TPRM report: https://www.rankiteo.com/company/equifax

"id": "equ2793227090825",
"linkid": "equifax",
"type": "Breach",
"date": "7/2017",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': '360 million',
                        'industry': 'Technology/Entertainment',
                        'location': 'United States',
                        'name': 'MySpace',
                        'size': 'Historically large (360M affected accounts)',
                        'type': 'Social Media Platform'}],
 'attack_vector': 'Unknown (historical breach; data sold on dark web)',
 'customer_advisories': 'Users prompted to reset passwords; general security '
                        'awareness guidance',
 'data_breach': {'data_encryption': 'SHA-1 hashing (weak, unsalted)',
                 'data_exfiltration': 'Yes (sold on dark web)',
                 'number_of_records_exposed': '360 million',
                 'personally_identifiable_information': ['Usernames',
                                                         'Email Addresses'],
                 'sensitivity_of_data': 'Moderate (partial password hashes)',
                 'type_of_data_compromised': ['Email Addresses',
                                              'Usernames',
                                              'Password Hashes (SHA-1, '
                                              'partial)']},
 'date_detected': '2016',
 'date_publicly_disclosed': '2016',
 'description': 'In 2016, 360 million MySpace user accounts were leaked onto '
                'LeakedSource.com and sold on the dark web marketplace The '
                'Real Deal for 6 bitcoin (~$3,000). The compromised data '
                'included email addresses, usernames, and SHA-1 hashed '
                'passwords (first 10 characters, lowercase) for accounts '
                'created before June 11, 2013. MySpace invalidated affected '
                'passwords and prompted users to reset them upon return.',
 'impact': {'brand_reputation_impact': 'Negative (historical platform further '
                                       'diminished)',
            'data_compromised': ['Email Addresses',
                                 'Usernames',
                                 'SHA-1 Hashed Passwords (partial)'],
            'identity_theft_risk': 'Moderate (password reuse attacks)',
            'operational_impact': 'Password resets required for affected users',
            'payment_information_risk': 'None',
            'systems_affected': ['Old MySpace Platform (pre-June 2013)']},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (LeakedSource, The '
                                                    'Real Deal)'},
 'investigation_status': 'Closed (no further updates)',
 'lessons_learned': 'Legacy data storage practices (weak hashing) pose '
                    'long-term risks; proactive password resets can mitigate '
                    'damage from historical breaches.',
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'corrective_actions': ['Password invalidation for '
                                                   'affected accounts',
                                                   'Public disclosure with '
                                                   'remediation guidance'],
                            'root_causes': ['Weak password storage (SHA-1, '
                                            'unsalted, truncated)',
                                            'Legacy system vulnerabilities']},
 'recommendations': ['Implement stronger hashing algorithms (e.g., bcrypt, '
                     'Argon2) with salting',
                     'Regularly audit and purge outdated user data',
                     'Monitor dark web for leaked credentials'],
 'references': [{'source': 'LeakedSource (archived)'},
                {'source': 'MySpace Official Statement (2016)'},
                {'source': 'Have I Been Pwned (HIBP)',
                 'url': 'https://haveibeenpwned.com/PwnedWebsites#MySpace'}],
 'response': {'communication_strategy': 'Public disclosure with user guidance',
              'containment_measures': ['Password invalidation for pre-2013 '
                                       'accounts'],
              'incident_response_plan_activated': 'Yes (password invalidation)',
              'remediation_measures': ['Forced password reset for affected '
                                       'users']},
 'threat_actor': "Unknown (data sold by hacker 'Peace' or 'Tessa88')",
 'title': 'MySpace Data Breach (2016)',
 'type': ['Data Breach', 'Credential Theft']}