Equifax, the credit-monitoring company, has reported a breach that has apparently exposed sensitive data regarding millions of Americans. The company says the hack exposed the Social Security numbers and other data of 143 million american citizens. The Atlanta-based company claimed that “criminals” exploited a US web application. The exploitation allowed for the criminals to access files from mid-May to the end of July 2017. The weakness was not noticed until the end of July.
Despite discovering the hack in late July, the company waited to make the hack public. No reason has been given for the delay, as Equifax has said nothing other than their published statement. Given the nature of the hack, mass identity theft is a real threat, that could potentially affect majority of American consumers. Further troubling news for the company is the realization that three executives sold stock in the company, before the data breach was made public.
3 Equifax executives sold stock after data breach, but before informing the public. https://t.co/JwoRRtcFT2 pic.twitter.com/gfmgRZ8TKW
— MarketWatch (@MarketWatch) September 10, 2017
Consumers’ names, dates of birth, Social Security numbers, addresses and even driver’s license numbers were exposed. The credit card numbers of some 200,000 consumers were accessed as well. The company also stated that “limited personal information” was accessed of both British and Canadian residents. Despite this, the company does not believe that consumers of other countries were affected.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said Equifax chairman and CEO Richard F. Smith. Because of the nature of Equifax’s business, it is entirely possible for a consumer to not know they have a connection to Equifax, or that they are a customer. Many people who believe to have never had business dealings with Equifax still found their sensitive data leaked during the breach.
Equifax represents one of three major credit monitoring services in the United States. All three track the financial data and histories of consumers. The companies have access to data regarding loans, loan payments, and credit cards. In addition, the companies also have information on things such as missed rent and utility payments, addresses and employment history. Each one of these pieces of data factor into credit scores.
Equifax is mailing notices to those consumers who may have been affected by the hack. While consumers can also submit their last names and final six digits of their Social Security number to determine personal impact of the breach.
This marks one of the largest data breaches since Yahoo was the victim of separate attacks that affected more than 1 Billion users. However, those did not leak Social Security numbers or Driver’s License numbers, thus making the potential identity theft much more troubling.