Equifax says data from 143 million Americans exposed in hack


Recommended Posts

Jim K
Quote

Credit monitoring company Equifax has been hit by a high-tech heist that exposed the social security numbers and other data of about 143 million Americans. Now those people have to worry about the threat of having their identities stolen.

 

The Atlanta-based company said Thursday that "criminals" exploited a U.S. website application to access files between mid-May and July of this year.

 

The theft obtained consumers' names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers. Such sensitive information can be enough for crooks to hijack the identities of people whose credentials were stolen through no fault of their own, potentially wreaking havoc on the victims' lives.

 

Equifax discovered the hack July 29, but waited until Thursday to warn consumers. The Atlanta-based company has set up a special website, https://www.equifaxsecurity2017.com/ , where people can check to see if their personal information may have been stolen.

 

Consumers can also call 866-447-7559 for more information.

 

This isn't the biggest data breach in history. That indignity still belongs to Yahoo, which was targeted in at least two separate digital burglaries that affected more than 1 billion of its users' accounts throughout the world.

/snip

ABC News

 

 

Quote

 

Three Equifax Managers Sold Stock Before Cyber Hack Was Revealed

 

Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers.

 

The credit-reporting service said late Thursday in a statement that it discovered the intrusion on July 29. Regulatory filings show that three days later, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 pre-scheduled trading plans.

/snip

 

Bloomberg

Quote

 

//

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.

 

Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.

//

 

Equifax

Link to post
Share on other sites
Quillz

Conspiracy theories aside, why would they wait more than a month to announce the hack? If they knew about it on July 29, why not announce it July 30? Now they're just asking for lawsuits.

  • Like 1
Link to post
Share on other sites
Jim K

//moved to Real World Issues (noticed that some UK and Canadian residents could be affected)

//edited to make it less conspiratorial.  

Link to post
Share on other sites
+jnelsoninjax
19 minutes ago, Quillz said:

Conspiracy theories aside, why would they wait more than a month to announce the hack? If they knew about it on July 29, why not announce it July 30? Now they're just asking for lawsuits.

The website says that they were working to stop the attack/intrusion and that they notified law enforcement.

Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.

I went through and had it check for me, and all I get is:

59b1d05be2ab8_Screenshot-2017-9-7Enrollment.thumb.png.e74fc88af5f9f569636a1d2541a88760.png

Nowhere does it say your data was stolen, this just seems completely wrong.

Link to post
Share on other sites
BigBoy

Sucks. :(

 

A PSA: placing a security freeze on your credit with all reporting agencies is a Good Thing. Costs a little money, adds a little inconvenience when applying for credit but it also makes it harder for anyone to actually do damage to your credit, as a result of such things or not.

Link to post
Share on other sites
Jim K
5 minutes ago, jnelsoninjax said:

The website says that they were working to stop the attack/intrusion and that they notified law enforcement.

 

 

I went through and had it check for me, and all I get is:

59b1d05be2ab8_Screenshot-2017-9-7Enrollment.thumb.png.e74fc88af5f9f569636a1d2541a88760.png

Nowhere does it say your data was stolen, this just seems completely wrong.

I got the same thing. 

Link to post
Share on other sites
Jim K
1 hour ago, jnelsoninjax said:

The website says that they were working to stop the attack/intrusion and that they notified law enforcement.

 

 

I went through and had it check for me, and all I get is:

59b1d05be2ab8_Screenshot-2017-9-7Enrollment.thumb.png.e74fc88af5f9f569636a1d2541a88760.png

Nowhere does it say your data was stolen, this just seems completely wrong.

Reading through some TechCrunch comments ... it appears that you would get 1 of 2 notices.  The ones we got basically says we have been compromised (so to sign up for the TrustedID) while the other would say, flat out, you weren't affected.

https://techcrunch.com/2017/09/07/equifax-data-leak-could-involve-143-million-consumers/

 

ugh.  I have a few choice words for Equifax right now ... but if I posted them here I would have to ban myself.

Link to post
Share on other sites
Clirion

So to verify this.  Equifax has my name, social, last 5 addresses, telephone number and accounts.

 

Tell me Why I have to sign up for this?   

Link to post
Share on other sites
+warwagon
Quote

 

Equifax, one of the three major consumer credit reporting agencies, said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers.

The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cybersecurity threat for the agency since 2015.

 

Equifax, based in Atlanta, is a particularly tempting target for hackers. If identity thieves wanted to hit one place to grab all the data needed to do the most damage, they would go straight to one of the three major credit reporting agencies.

 

“This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”

 

Criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants. The company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases.

 

In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken.

 

Other cyberattacks, such as the two breaches that Yahoo announced in 2016, have eclipsed the penetration at Equifax in sheer size, but the Equifax attack is worse in terms of severity. Thieves were able to siphon far more personal information — the keys that unlock consumers’ medical histories, bank accounts and employee accounts.

 

“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” said Avivah Litan, a fraud analyst at Gartner.

 

 

https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html

Link to post
Share on other sites
+warwagon

Was this ever on the front page?

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By alex.alderson
      Equifax fined £500,000 by ICO for 2017 security breach
      by Alex Alderson



      The Information Commissioner’s Office (ICO) in the United Kingdom has today announced a £500,000 fine for Equifax Ltd in response to its security breach in 2017. The breach affected 146 million customers globally and compromised up to 15 million British citizen’s personal information.

      ICO is the United Kingdom’s independent regulator for data protection and has been investigating Equifax’s security breach in cooperation with the Financial Conduct Authority (FCA) in the UK. The investigation revealed that Equifax had failed on multiple ways to take adequate measures to prevent information loss and that the company had been retaining data for longer than necessary.

      While hackers compromised Equifax Inc systems in the USA, ICO determined that Equifax Ltd had been responsible for the protection of customer data of its UK customers. Equifax Inc had been processing Equifax Ltd customer data in the USA and according to ICO Equifax Ltd should have been more stringent in their steps to ensure that their parent company followed adequate data processing methods.

      ICO conducted its investigation in line with the Data Protection Act 1998, which allowed ICO to issue a maximum fine of up to £500,000. ICO could not conduct their investigation under GDPR rules as the breach occurred before the date by which GDPR came into effect. ICO’s inability to retroactively apply GDPR’s harsher fines is somewhat of a win for Equifax, as GDPR rules would have allowed ICO to levy a fine of up to €20 million or 4% of global turnover.



      According to ICO’s report, Equifax must pay the fine by October 19th, 2018. ICO will reduce the fine by 20%, or to £400,000, if Equifax pays by October 18th, 2018. If Equifax fails to pay the fine by this date, ICO can then apply to a County Court or the High Court in England or Wales for an order to recover the outstanding money.

      Equifax Ltd also has a right to appeal to a Tribunal but doing so would mean that they would have to pay the full £500,000 if the Tribunal dismisses the appeal.

      Equifax Ltd has reported that they have received the notice and are “considering the detailed points made”.

      You can read the details of ICO's investigation here and Equifax's full response too at this link.

      Sources: techcrunch.com|ICO|Equifax

    • By Goalie33
      Equifax Inc.’s former chief executive officer said the credit-reporting company didn’t meet its responsibility to protect sensitive consumer information, confirming that the failure to fix a software vulnerability months ago led to the theft of more than 140 million Americans’ personal data......
       
       
      http://www.msn.com/en-us/money/companies/equifax-made-major-errors-that-led-to-hack-smith-concedes/ar-AAsNC8h?li=BBmkt5R&ocid=spartandhp
    • By Hum
      PORTLAND, OR (AP) -- A federal jury in Oregon awarded $18.6 million to a woman who spent two years unsuccessfully trying to get Equifax Information Services to fix major mistakes on her credit report.

      Julie Miller of Marion County was awarded $18.4 million in punitive damages and $180,000 in compensatory damages, though Friday's award against one of the nation's major credit bureaus is likely to be appealed, The Oregonian reported (http://is.gd/VYkiIs ).

      The jury was told she contacted Equifax eight times between 2009 and 2011 in an effort to correct inaccuracies, including erroneous accounts and collection attempts, as well as a wrong Social Security number and birthday. Her lawsuit alleged the Atlanta-based company failed to correct the mistakes.

      "There was damage to her reputation, a breach of her privacy and the lost opportunity to seek credit," said Justin Baxter, a Portland attorney who worked on the case with his father and law partner, Michael Baxter. "She has a brother who is disabled and who can't get credit on his own, and she wasn't able to help him."

      Tim Klein, an Equifax spokesman, declined to comment on specifics of the case, saying he didn't have any details about the decision from the Oregon Federal District Court.

      Miller discovered the problem when she was denied credit by a bank in early December 2009. She alerted Equifax and filled out multiple forms faxed by the credit agency seeking updated information. She had found similar mistakes in her reports with other credit bureaus, Baxter said, but those companies corrected their errors.

      A Federal Trade Commission study earlier this year of 1,001 consumers who reviewed 2,968 of their credit reports found 21 percent contained errors. The survey found that 5 percent of the errors represented issues that would lead consumers to be denied credit.

      source