His testimony includes a timeline of events going back to March. On March 8, Smith’s testimony reads, the company got an alert from the U.S. Department of Homeland Security, Computer Emergency Readiness Team of a need to patch a flaw in an application known as Apache Struts. That alert, Smith said, was shared with its security team and company policy called for such a security update to be completed within 48 hours.
“We now know that the vulnerable version of Apache Struts within Equifax was not identified or patched in response to the internal March 9 notification to information technology personnel,” Smith’s prepared remarks say.
Subsequent scans of Equifax’s system by its security department that should have found the Struts issue did not find the vulnerability.
A subsequent investigation found that hackers first accessed sensitive data on May 13 and that hackers accessed Equifax’s systems from that date through July 30.
As previously reported, Equifax noticed suspicious activity on July 29 and ultimately took the application offline the next day.
To read more about Smith’s upcoming testimony, go to the subscriber website, MyAJC.com.
MYAJC.COM: REAL JOURNALISM. REAL LOCAL IMPACT.
AJC Business reporter J. Scott Trubey keeps you updated on the latest news about economic development and commercial real estate in metro Atlanta and beyond. You'll find more on myAJC.com, including these stories:
Never miss a minute of what's happening in local business news. Subscribe to myAJC.com.