Equifax, one of the three main credit reporting companies operating in the US, last week announced that they had suffered a major data breach that exposed the Social Security numbers and other sensitive information of millions of people.
When did the hack occur and when was it made public?
According to Equifax, the hackers had access to the data between May and July of 2017. The company discovered the breach on July 29. The Atlanta-based company announced it more than a month later on Thursday, September 7, 2017.
How many people were affected?
The company says as many as 143 million people in the United States were impacted by this breach. Others in the U.K. and Canada were also affected, but Equifax hasn’t disclosed how many. The credit card numbers of over 200,000 U.S. customers were compromised. Additionally, “personal identifying information” – as described by Equifax – on about 182,000 U.S. customers was stolen as part of this breach.
Which consumers were impacted?
The breach impact is extremely widespread. With 143 million people impacted, that works out to over 44% of the population of the US. Equifax has stated they are sending letters in the mail to people whose credit card numbers or dispute records were breached. The company said it is unaware of any consumers in other countries beyond the U.S., U.K. and Canada being impacted.
What information was accessed?
The hackers had access to Social Security numbers, birth dates, addresses, driver’s license numbers, credit card numbers and other information – all crucial pieces of personal data that criminals could use to commit identity theft. According to John Ulzheimer, an independent credit consultant and previous Equifax employee, these are “the crown jewels of personal information.” This event breach is particularly damaging to Equifax, considering its core business of providing a secure repository of a consumer’s sensitive financial information. Equifax’s security lapse also could be the largest theft ever involving Social Security numbers.
How did this happen?
Equifax said criminals “exploited a U.S. website application vulnerability to gain access to certain files.” Security experts say it’s hard to say for sure without more information exactly how this happened.
Who was behind the breach and who is investigating it?
The company hasn’t disclosed any theories as to who the hackers are but noted an investigation is ongoing. That investigation may involve a lot of people since credit bureaus like Equifax are lightly regulated parts of the financial system. Several US Representatives and state attorneys general have stated they would investigate.