Personal information of about 143 million Americans has been accessed by criminals in a stunning data breach at credit-reporting firm Equifax, the company said Sept. 7.
“The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers,” Equifax said in a press release.
“In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”
Get tech news in your inbox weekday mornings. Sign up for the free Good Morning Silicon Valley newsletter.
The company said “criminals” had “exploited a U.S. website application vulnerability to gain access to certain files.”
Of the hack affecting about 44 percent of the U.S. population, Equifax CEO Richard Smith noted the irony of the intrusion into a firm whose brand is built on the company’s reputation as a trustworthy custodian of highly personal data.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” Smith said in the press release.
“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
Although Equifax said it reported the “criminal access” to law enforcement authorities and continues to work with them, it waited more than a month to reveal the incident to the public and potentially affected consumers. The company said it discovered the breach July 29 “and acted immediately to stop the intrusion.”
Equifax has hired a leading cybersecurity company to conduct a “comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted,” the company said.
The firm will mail notices to consumers whose credit card numbers or dispute documents with personal information were accessed, it said.
It’s also set up a website, www.equifaxsecurity2017.com, that it said would help U.S. consumers find out if their information was exposed, and allow them to sign up for a year of free credit-file monitoring and identify-theft protection.
Smith promised that Equifax would do a better job in the future of protecting Americans’ sensitive information.
“I’ve told our entire team that our goal can’t be simply to fix the problem and move on,” Smith said. “Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
Image: Internet hacking (Creative Commons/Max Pixel)
Tags: breach, credit reporting, data breach, Equifax, hack, hacking