The Federal Trade Commission is investigating the data breach at Equifax that exposed the personal information of 143 million people, a spokesman for the agency confirmed on Thursday.
“The FTC typically does not comment on open investigations,” Peter Kaplan, the agency ‘s spokesman said Thursday. “However in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”
Equifax shares fell more than 8 percent on Thursday morning at one point and have lost more than a third of their value in a week since the breach was disclosed.
The credit reporting company said in an updated post on its website that the breach, which it identified internally in late-July and disclosed to the public last week, was the result of criminals exploiting a vulnerability in a website application called Apache Struts. “We continue to work with law enforcement as part of our criminal investigation,” the company said on its website.
The hack exposed names, Social Security numbers, birth dates, and other identifying information as well as credit card numbers.
Apache Struts is an open-source code used by companies to develop web applications, and is used in Internet of Things devices for financial institutions, government organizations, technology service providers and telecommunications agencies.
A flaw was exposed in it several months ago and the Apache Software Foundation issued a patch to fix it. On Thursday, the foundation said in a statement “The Equifax data compromise was due to their failure to install the security updates in a timely manner.”
Equifax did not yet return a call and e-mail for comment.
— With reporting by Tom Franck