EPISODE · Apr 3, 2026 · 42 MIN
The Equifax Breach | One of the Largest Data Exposures in History
from The CISO Signal: True Cybercrime Podcast · host The CISO Signal w/ Jeremy Ladner
The Equifax Breach | One of the Largest Data Exposures in History 🎙 With Jeremy Ladner and guest co-hosts Kavitha Mariappan and Mark Dorsi For months, the warning was sitting in plain sight.A critical vulnerability.Publicly disclosed.Actively exploited.A patch was available.Inside one of the largest credit reporting agencies in the world, the system remained exposed.No zero-day.No advanced exploit chain.Just a missed update. In May 2017, attackers began exploiting a known flaw in the Apache Struts framework.The vulnerability allowed remote code execution.Unauthenticated.Unrestricted.From the outside, it looked like routine traffic.Inside the network, it was something else.They accessed databases.Queried records.And began extracting one of the most sensitive datasets imaginable.Names.Social Security numbers.Birth dates.Addresses.The identity layer of nearly half the United States population. For 76 days, the activity continued.No alarms.No interruption.Until it was too late.By the time Equifax disclosed the breach in September 2017, approximately 147 million individuals had been affected. Executives resigned.Investigations launched.Congress intervened. But the breach itself had already unfolded.Because this was not a story about attackers breaking through hardened defenses. It was a story about what happens when a known vulnerability remains unpatched inside a system that holds national-scale data. In this episode of The CISO Signal | True Cybercrime Podcast, host Jeremy Ladner is joined by Kavitha Mariappan of Rubrik and Mark Dorsi, CISO at Netlify, to examine how a single missed control can cascade into systemic failure, why patch management must be operationalized not assumed, and what resilience actually means when prevention fails. Because in cybersecurity, the most dangerous vulnerabilities are often the ones already documented. And already waiting. 🎙 Guest CISO Co-HostMark DorsiChief Information Security OfficerNetlifyhttps://www.netlify.com 🤝 Sponsor ExpertKavitha MariappanChief Transformation Officer, Rubrikhttps://www.rubrik.com Rubrik delivers cyber resilience by securing data across enterprise, cloud, and SaaS environments, enabling organizations to recover quickly from cyber incidents and maintain operational continuity. 🔎 Episode Topics• The Apache Struts vulnerability (CVE-2017-5638) and how it was exploited• Why patch management failures still drive catastrophic breaches• How attackers operated undetected inside Equifax systems for over two months• The difference between prevention failure and resilience failure• What security leaders must operationalize to avoid systemic exposure 🧩 About The CISO SignalTrue cybercrime storytelling with real CISO lessons.▶️ / @thecisosignal 💼 / the-ciso-signal 🌐 https://www.thecisosignal.com👥 Join the ConversationThe CISO Signal Cybersecurity Leadership Forum / 17974008 #CISOSignal #EquifaxBreach #CyberSecurity#DataBreach #PatchManagement #CyberResilience#CISO #TrueCybercrime
What this episode covers
The Equifax Breach | One of the Largest Data Exposures in History 🎙 With Jeremy Ladner and guest co-hosts Kavitha Mariappan and Mark Dorsi For months, the warning was sitting in plain sight.A critical vulnerability.Publicly disclosed.Actively exploited.A patch was available.Inside one of the largest credit reporting agencies in the world, the system remained exposed.No zero-day.No advanced exploit chain.Just a missed update. In May 2017, attackers began exploiting a known flaw in the Apache Struts framework.The vulnerability allowed remote code execution.Unauthenticated.Unrestricted.From the outside, it looked like routine traffic.Inside the network, it was something else.They accessed databases.Queried records.And began extracting one of the most sensitive datasets imaginable.Names.Social Security numbers.Birth dates.Addresses.The identity layer of nearly half the United States population. For 76 days, the activity continued.No alarms.No interruption.Until it was too late.By the time Equifax disclosed the breach in September 2017, approximately 147 million individuals had been affected. Executives resigned.Investigations launched.Congress intervened. But the breach itself had already unfolded.Because this was not a story about attackers breaking through hardened defenses. It was a story about what happens when a known vulnerability remains unpatched inside a system that holds national-scale data. In this episode of The CISO Signal | True Cybercrime Podcast, host Jeremy Ladner is joined by Kavitha Mariappan of Rubrik and Mark Dorsi, CISO at Netlify, to examine how a single missed control can cascade into systemic failure, why patch management must be operationalized not assumed, and what resilience actually means when prevention fails. Because in cybersecurity, the most dangerous vulnerabilities are often the ones already documented. And already waiting. 🎙 Guest CISO Co-HostMark DorsiChief Information Security OfficerNetlifyhttps://www.netlify.com 🤝 Sponsor ExpertKavitha MariappanChief Transformation Officer, Rubrikhttps://www.rubrik.com Rubrik delivers cyber resilience by securing data across enterprise, cloud, and SaaS environments, enabling organizations to recover quickly from cyber incidents and maintain operational continuity. 🔎 Episode Topics• The Apache Struts vulnerability (CVE-2017-5638) and how it was exploited• Why patch management failures still drive catastrophic breaches• How attackers operated undetected inside Equifax systems for over two months• The difference between prevention failure and resilience failure• What security leaders must operationalize to avoid systemic exposure 🧩 About The CISO SignalTrue cybercrime storytelling with real CISO lessons.▶️ / @thecisosignal 💼 / the-ciso-signal 🌐 https://www.thecisosignal.com👥 Join the ConversationThe CISO Signal Cybersecurity Leadership Forum / 17974008 #CISOSignal #EquifaxBreach #CyberSecurity#DataBreach #PatchManagement #CyberResilience#CISO #TrueCybercrime
NOW PLAYING
The Equifax Breach | One of the Largest Data Exposures in History
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m