143 mn affected in hack of US credit agency

September 8, 2017 by Glenn Chapman
Hackers penetrated the computer network of credit reporting firm Equifax, the latest big company to report a major breach

A major American credit reporting agency entrusted to safeguard personal financial information said Thursday hackers looted its system in a colossal breach that could affect nearly half the US population as well as people in Britain and Canada.

Equifax said that a hack it learned about on July 29 had the potential to affect 143 million US customers, and involved some data for British and Canadian residents.

The Atlanta-based disclosed the breach in a release that did not explain why it waited more than a month to warn those affected about a risk of identity theft.

Filings with the US Securities and Exchange Commission showed that three high-ranking Equifax executives sold shares worth almost $1.8 million in the days after the hack was discovered.

An Equifax spokesperson told AFP the executives "had no knowledge that an intrusion had occurred at the time they sold their shares."

Copies of SEC filings regarding the transactions were on an investor relations page at the company's website.

Equifax collects information about people and businesses around the world and provides credit ratings used for decisions regarding loans and other financial matters.

It also touts a service protecting against identity theft.

"The fact that it is a credit company that people pay to be protected from breaches, and now they have been breached... it feels like a betrayal of trust to a point," said Aires Security chief executive Brian Markus, whose firm specializes in computer network defenses.

He considered the breach "gigantic," made worse by the fact that Equifax stores extensive personal information about people and keeps it up to date.

Markus wondered what level of responsibility Equifax is going to take if stolen information is used for fraud or identity theft, and advised people to enlist to alert them to trouble.

'Strikes at the heart'

Equifax released a statement saying that it learned of the breach on July 29 and "acted immediately" with the assistance of an independent cybersecurity firm to assess the impact.

"Criminals exploited a US website application vulnerability to gain access to certain files," the statement said.

An internal investigation determined the unauthorized access occurred from mid-May through July 2017, according to the company.

Equifax said the hackers obtained names, social security numbers, birth dates, addresses and, in some instances, driver's license numbers from the database, potentially opening up victims to identity theft.

The company said were compromised for some 209,000 US consumers, as were credit dispute documents for 182,000 people.

Equifax vowed to work with British and Canadian regulators to determine appropriate next steps for customers affected in those countries, but added in the release that it "found no evidence that personal information of consumers in any other country has been impacted."

"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," said company chairman and chief executive Richard Smith.

"I apologize to consumers and our business customers for the concern and frustration this causes."

He added that Equifax is reviewing its overall security operations.

Equifax said it had established a website to enable consumers to determine if they are affected and would be offering free credit monitoring and protection to customers.

The company is the latest to announce a major breach. Yahoo last year disclosed two separate cyber attacks which affected as many as one billion accounts.

More than 400 million accounts were affected by a breach disclosed last year at the hookup site Adult Friend Finder, and other firms affected in recent years included Heartland Payment Systems and retail giant Target.

"Every company out there is potentially susceptible in today's cyber landscape," Markus said of hacking attacks, some even by nation states.

"These incidents can put companies out of business."

Equifax shares were down more than 13 percent to $124 in after-market trades that followed news of the hack.

Explore further: Experian says 15M have info stolen in hack of T-Mobile data (Update)

Related Stories

Why you should consider freezing your credit reports

December 30, 2015

Freeze your credit reports before you get burned. That's the message from security experts, consumer advocates and some state Attorneys General. They say more people should consider a credit freeze as a way to block identity ...

Why credit bureau Experian has data on T-Mobile customers

October 3, 2015

In the latest high-profile breach of a U.S. organization, hackers broke into Experian's database of information on 15 million T-Mobile customers and potential customers. But what is Experian, and why does the credit bureau ...

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

2 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

MarsBars
not rated yet Sep 09, 2017
Fine Equifax $100 for every customer affected ($14.3 billion) and put senior managers from the CEO down in jail. That should then smarten everybody else in the industry up and make them realize that data security in the digital age is of paramount importance. Particular attention should be given to those three high-ranking executives who sold their shares before the breach was publicly announced.
BendBob
5 / 5 (1) Sep 09, 2017
"Equifax collects information about people and businesses around the world and provides credit ratings used for decisions regarding loans and other financial matters."

I wonder what the Equifax credit rating is? If they can ruin lives by security that sucks, then they should fork over like MarsBars suggested above.

I wonder where the software QA is done, India, Pakistan, maybe North Korea? It isn't that hard to use the correct tools and do a complete web test. But, most companies think that is part of the engineers that design and code the web sites job - NOT!

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.