Equifax, one of the three major credit reporting agencies, reports today that a data breach could have affected over 143 million consumers in the United States. The breach leaves birth dates, Social Security numbers, driver's license numbers, addresses, and other sensitive information vulnerable to hackers. The company claims that it discovered the breach on July 29 and says that "criminals exploited a U.S. website application vulnerability to gain access to certain files."
Not only the Social Security numbers were leaked to criminals, the breach also affects 209,000 credit card numbers, along with "dispute documents" that carry personal identifying information of over 182,000 US citizens. The company supplies credit information and other information services.
Equifax added that some personal information of British and Canadian residents was also at risk. Today's disclosure of sensitive data exposure resulted in the company shares falling more than 5 percent in after-hours trading.
Equifax breach could be the largest incident involving such sensitive data
With the US population at about 324 million in January, 2017 according to the Census Bureau, the latest Equifax data breach affects a huge portion of the country's population. In total, the company handles data of more than 820 million consumers and over 91 million businesses worldwide. While this may be one of the biggest data breaches affecting such level of sensitive data, we have previously seen even bigger data breaches, including Yahoo's hack that affected over a billion accounts. However, Yahoo hack didn't affect users' Social Security numbers and other such sensitive private information.
In its statement, the company apologized to consumers and claimed that the criminals gained access to the company's systems from mid-May to July by exploiting a vulnerability in a website application. Discovering the intrusion on July 29, Equifax says there is no evidence of unauthorized activity on its consumer or commercial credit reporting databases. The credit reporting agency had hired a private cybersecurity firm to investigate the issue and also reported the breach to law enforcement.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," Richard F Smith, chairman and chief executive of Equifax, said in a statement. "We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations."
"Confronting cybersecurity risks is a daily fight," he added.
How to protect yourself against potential theft and fraud
Equifax is hired by businesses to protect the credit of their consumers after major data breaches. "You'll feel safer with Equifax," its website ironically claims. "We're the leading provider of data breach services, serving more than 500 organizations with security breach events everyday."
The company is now alerting customers whose information may have been affected during this intrusion and is working with the authorities. Equifax has also created a website (www.equifaxsecurity2017.com) to help consumers determine whether their data is at risk.
If you are worried of your data being affected, you can also call the dedicated call center at 866-447-7559, open seven days, from 7:00 am to 1:00 am Eastern time. Consumers can sign up for credit file monitoring and identity theft protection, which will be provided as a "complimentary" service to US consumers for one year.