Vulnerable software that helped cause Equifax breach still being used by major U.S. corporations

Someone at these companies, please update your software!

Hundreds of major U.S. corporations are using the same flawed version of server software that led to the 2017 Equifax breach, according to open source software automation firm, Sonatype.

In a report published by TechCrunch, Sonatype’s data shows that two-thirds of Fortune 100 companies downloaded unsecure versions of the software, Apache Struts, in the last six months of 2018. Close to 150 million people had their personal information stolen by hackers who broke into the credit reporting agency’s systems. Some of the data stolen included names, social security numbers, birth dates, and addresses.

Since the breach, there have been more than a dozen Struts patches released, with the most recent one being earlier this year. However, a majority of the biggest corporations in the country have downloaded the vulnerable versions. According to Sonatype, more than 18,000 businesses downloaded vulnerable versions of Struts.

On Tuesday, Sonatype announced that the company would be partnering with Equifax in order to help the credit reporting agency prevent future breaches. The company will monitor Equifax’s network-wide open source libraries.

In the fallout of the Equifax hack, a report came out showcasing just how preventable the breach was. Judging by Sonatype’s data, it seems like we may see at least a few more similarly preventable breaches in the future.

UPDATE: Jan. 29, 2019, 11:43 a.m. EST An earlier version of this article misstated the number of companies. It is two-thirds of Fortune 100 corporations, not Fortune 500.