Equifax Cyberattack Affected 143 Million Customers
There’s some terrible news if you do business with consumer credit monitoring agency Equifax (or even if you don’t). Your sensitive personal info — including Social Security and possibly driver’s license numbers — may be in the hands of data thieves. This is arguably the worst data breach ever.
Equifax, which supplies credit information and other information services, revealed on Thursday that it suffered a data breach that could potentially affect 143 million consumers. The company said 209,000 credit card numbers were obtained, in addition to “certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers.”
The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cybersecurity threat for the agency since 2015.
Equifax says credit-card numbers for roughly 209,000 people were also accessed by the hackers, as were dispute documents with “personal identifying information” for about 182,000 people. That may sound worse than getting SSNs, but it’s not — credit-card fraud is easily resolved, and customers are almost never on the hook for fraudulent charges. But with your name, address, date of birth and SSN, an identity thief could just have new credit cards issued in your name and sent to the thief’s mailing address.
Equifax discovered the breach on July 29. Hackers apparently used a website vulnerability to access files, with the breach occurring from mid-May through July, according to Equifax’s investigation.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax chairman and CEO Richard F. Smith said in a statement posted to a website created by Equifax that details the breach and steps you can take to protect yourself. “I apologize to consumers and our business customers for the concern and frustration this causes.”
When asked why Equifax waited until Sept. 7 to inform the public when it discovered the intrusion on July 29, the company’s director of social media and PR, Francesca De Girolami, shared the following statement:
As soon as Equifax discovered the unauthorized access, Equifax acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm which has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Because this incident involves a substantial amount of personal identifying information, the investigation has been complex and time-consuming. As soon as we had enough information to begin notification, we took appropriate steps to do so.
Equifax, based in Atlanta, is a particularly tempting target for hackers. If identity thieves wanted to hit one place to grab all the data needed to do the most damage, they would go straight to one of the three major credit reporting agencies.
What to Do Now
- Go to Equifax’s website to see if your data was compromised.