Equifax Discloses Hack That Likely Uncovered Data of 143 Million Clients
Equifax, a supplier of customer credit scores, said on Thursday that personal details of as many as 143 million U.S. consumers were accessed by hackers between mid-May and July, in what could be one of the largest data breaches in the United States. The company’s shares fell closely 19 % in after-market trading as investors responded to possible penalties of the exposure of sensitive data of nearly half of the U.S. population. Atlanta-based Equifax said in a statement that it discovered the breach on July 29. It said criminals exploited a U.S. website application susceptibility to gain access to assured files that included names, Social Security numbers and driver’s license numbers. In addition, credit card numbers of around 209,000 U.S. clients and certain dispute documents with personal identifying information of around 182,000 U.S. consumers were accessed. Information of some UK and Canadian residents was also gained in the hack, Equifax said. Equifax said in its statement that it was working with law enforcement organizations and has hired a cyber-security firm to inspect the breach. It said its enquiry is “significantly complete,” and expects it will be completed in the coming weeks. The company declined to comment beyond its statement. The FBI is tracking the situation, a lecturer for the agency said. U.S. Senator Mark Warner, vice chairman of the Senate Select Committee on Intelligence, said in a statement that it would not be an “exaggeration to suggest that a breach such as this represents a real threat to the economic security of Americans.” Equifax’s breach follows rival Experian Plc’s breach two years ago that exposed sensitive personal data of some 15 million people who applied for service with T-Mobile US. “This is visibly a disappointing event for our corporation, and one that strikes at the heart of who we are and what we do,” Equifax CEO Richard Smith said in a statement, adding that the company is conducting “a thorough review of our overall security operations.”
Cyber security experts said the breach was very serious. “On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data,” said Avivah Litan, a Gartner Inc analyst who tracks identity theft and fraud. Equifax handles data on more than 820 million clients and more than 91 million businesses worldwide and manages a database with employee info from more than 7,100 employers, according to its website.
Ryan Kalember, senior vice president of cyber security firm Proof point, said the hack was “especially troubling” because companies typically offer free credit monitoring services from firms such as Equifax, which has now itself suffered a huge cyber-attack. “The info is very individual – the possibility that it could be used for phishing is very high,” said Matt Tait, a former specialist at the British intelligence service GCHQ and a cyber-security researcher. Equifax said consumers could check if their information had been impacted at, www.equifaxsecurity2017.com. Representative Maxine Waters, a member of the House of Legislatures Financial Services Committee, said in a statement that she would reestablish legislation to “enhance consumer protection tools available to minimize the harm caused by identity theft