The revelation that the 118-year-old credit-reporting agency suffered two major data breaches in the span of a few months adds to a mounting crisis at the company.
Apache Struts software is especially time-consuming to update, but a delay of several months to remove a high-priority vulnerability is generally considered a dangerous security practice.
Under the pending regulation, the firm would face a potential fine of more than $60 million. With teeth like this, companies must take it seriously and prepare accordingly.
Tougher oversight would need support from the Trump administration and congressional Republicans -- both of whom want to reduce financial regulation not stiffen it.
This attack is totally inexcusable. This wasn’t a technical assault – this was a simple access by hackers through a web application that was not properly secured.
