The Federal Trade Commission (FTC) announced on Thursday it has launched an investigation into Equifax’s massive data breach, where hackers gained access to the personal information of approximately 143 million U.S. consumers.
In an email statement Thursday, FTC spokesman Peter Kaplan said “The FTC typically does not comment on ongoing investigations. However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”
It’s highly unusual for the FTC to publicly comment on the existence or status of an ongoing investigation.
CyberScoop first reported Wednesday that government investigators believed an Apache Struts vulnerability was the entry way for hackers looking to breach Equifax’s servers. The company confirmed that an outdated version of the web application was in fact responsible in a statement published late Wednesday night.
This specific vulnerability was originally disclosed in March but had remained unpatched until recently.
Kaplan’s announcement follows a formal invitation on Wednesday for Equifax CEO Richard F. Smith to testify before Congress. The invitation came from the House Energy and Commerce Committee, which has jurisdiction over the FTC.