Equifax, one of the US’s largest consumer credit reporting agencies, today announced a breach of its digital security measures that could affect as many as 143-million Americans.
That’s close to half the country’s population.
No ad to show here.
The hack was first discovered by the company on 29 July, but took place between mid-May and July.
“Criminals exploited a U.S. website application vulnerability to gain access to certain files,” the company explains in a notice.
“Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”
The Equifax breach could affect as many as 143-million Americans
Credit card numbers for around 209 000 Americans were also accessed, while “certain dispute documents with personal identifying information” for 182 000 people were also accessed.
We recently discovered a cybersecurity incident involving consumer information. Once discovered, we acted immediately to stop the intrusion.
— Equifax Inc. (@Equifax) September 7, 2017
But here’s the kicker.
Compromised information includes remarkably sensitive documents and numbers: drivers license information, birth dates, first and last names, addresses and Social Security numbers.
While the vast majority of those affected reside in the US, Equifax has also noted unauthorised assess to UK and Canadian residents’ information.
“The company has found no evidence that personal information of consumers in any other country has been impacted,” it added.
As for the response, it has taken Equifax over a month to announce the breach, with CEO Richard Smith finally breaking the silence today.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” he notes.
“I apologize to consumers and our business customers for the concern and frustration this causes.”
The company also outlined its immediate contingency plans, which included awarding a free year package of credit card monitoring and reporting for all customers.
“I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will,” Smith concluded.