In one of the most significant cyber attacks ever reported in the Information Age, Equifax, one of the biggest credit reporting firms in the United States, revealed late Thursday that some of the most sensitive, personally identifiable information on 143 million people may have been compromised by a hacking attack that occurred from the middle of May through July. The information includes names, addresses, Social Security numbers and birth dates, and in many cases, driver license numbers as well.
“Criminals exploited a US website application vulnerability to gain access to certain files,” the firm said. “The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.” Further, “In addition, credit card numbers for approximately 209,000 US consumers, and certain dispute documents with personal identifying information for approximately 182,000 US consumers were accessed," it added.
Equifax has established a dedicated website, www.equifaxsecurity2017.com,* to help consumers determine if their information has been potentially affected and to sign up for credit file monitoring and identity theft protection. In addition to the website, the company said it will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were affected.
“Equifax also is in the process of contacting US state and federal regulators and has sent written notifications to all US state attorneys general, which includes Equifax contact information for regulatory inquiries,” it added. The firm said it has engaged a leading, independent cybersecurity firm to conduct an assessment and provide recommendations on steps that can be taken to help prevent a repeat of such incidents.
Meanwhile, Bloomberg reported that the senior Equifax executives unloaded nearly $1.8 million in shares shortly after the breach but weeks before yesterday's revelation. The trio had not been notified about the breach, the company said, according to the Bloomberg account.
*Please exercise caution when visiting the Equifax security site. According to Ars Technica, there are severe security problems with that site.