ResQSoft Wins the 2023 Digital Innovator Award from Intellyx. Click to See the Award

Equifax Cost of Struts Related Data Breach Still Rising

Written byPaul Bowden

January 17, 2020

It could happen to anybody, if we’re honest with ourselves. Even if you have procedures and personnel to monitor security notices and apply patches, relying on all of that operating flawlessly every single day is just not realistic.

Twenty years ago, the Struts Framework was widely used to build enterprise Java applications, and if you really use Struts, it is like mold — it winds up in your application’s roof, drywall, cabinets, and basement. And that is one of the big difficulties with fixing this problem — rewriting a major application can easily cost $20 million. It never seems urgent, and who has $20M sitting around to fix something that “ain’t broken”.

Well, actually, the architecture IS broken. And continuing to sit there with a target painted on your back doesn’t seem wise.

Phil Muncaster at Infosecurity Magazine has an interesting update on the Equifax data breach here. Here’s an attention grabber: “[Equifax] has agreed to spend at least $1bn on improving its cybersecurity posture over the coming five years. It will also need to fund several years of credit monitoring from Experian and its own services for class members. That could amount to an extra $2bn if all 140 miilion+ customers sign up. … The total could creep up towards $10bn — a cautionary tale for organizations tempted to focus on business growth at the expense of cybersecurity and risk mitigation.

‘This settlement is the largest and most comprehensive recovery in a data breach case in US history by several orders of magnitude,’ wrote district judge Thomas Thrash.

‘The minimum cost to Equifax of the settlement is $1.38bn and could be more, depending on the cost of complying with the injunctive relief, the number and amount of valid claims filed for out-of-pocket losses and the number of class members who sign up for credit monitoring.’

A BILLION dollars for Cybersecurity “posture improvements”? Wow…. Makes our Struts2Spring offering look pretty darn good! We can take that Struts target off your back, update your Java, and cut your risk of data breach. Please reach out to us here.

You May Also Like…

Committing to Cloud Native

We're not resting on our laurels. If you commission a custom development project with us now, you can get full Cloud Native architecture by the end of the project. It will match Platform One and other leading CN platforms, with containers, Kubernetes, and all the good...

Benefits of Oracle WebLogic Suite 11g

It is important for businesses and organizations to keep their modern enterprise software in pace with dynamic organizational or business needs. An organization's middleware must evolve along with that organization or business and technical evolution in Information...