US watchdog confirms probe of huge Equifax data breach

The huge data breach at Equifax, which leaked credit card numbers and other sensitive data, is now being investigated by the US
The huge data breach at Equifax, which leaked credit card numbers and other sensitive data, is now being investigated by the US Federal Trade Commission as well as congressional panels

A US consumer protection watchdog agency said Thursday it has begun an investigation into a massive data breach at credit bureau Equifax that may have leaked sensitive information on 143 million people.

The Federal Trade Commission joins US congressional committees promising to probe the causes and implications of what could be the worst breach of personal information in the United States.

"The FTC typically does not comment on ongoing investigations," said Peter Kaplan, the agency's acting director of public affairs.

"However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach."

The hack disclosed last week at Equifax, one of the three major credit bureaus that collect consumer financial data, potentially affects more than half the adult population.

While not the largest breach—Yahoo attacks leaked data on as many as one billion accounts—the Equifax incident could be the most damaging because of the nature of data collected: bank and social security numbers and personal information of value to hackers and others.

US lawmakers have expressed concern over the implications of the hack and have called for hearings.

The House Energy and Commerce Committee announced it would hold an October 3 hearing with Equifax chief executive Richard Smith.

"We know members on both sides of the aisle appreciate Mr Smith's willingness to come before the committee and explain how our constituents might be impacted and what steps are being taken to rectify this situation," said a statement from Senators Greg Walden and Bob Latta.

Smith earlier this week offered an expanded apology to consumers in a column in USA Today.

"Consumers and media have raised legitimate concerns about the services we offered and the operations of our call center and website. We accept the criticism and are working to address a range of issues," Smith wrote.

"We are devoting extraordinary resources to make sure this kind of incident doesn't happen again."

Equifax said in a "progress report" on its website that criminals exploited a vulnerability in a website application called Apache Struts.

Security researcher Kevin Beaumont said in a blog post that he warned of the vulnerability in March and urged companies to fix it.

"I kept reissuing warnings," Beaumont said in a blog this week. "And then I gave up. Many Fortune 500 companies are still running these systems."

Explore further

Canadian class action suit launched against Equifax over data breach

© 2017 AFP

Citation: US watchdog confirms probe of huge Equifax data breach (2017, September 14) retrieved 21 September 2019 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Sep 14, 2017
This comment has been removed by a moderator.

Sep 15, 2017
The fix for the problem should be to hold the organization that opened an account for an identity thief fully responsible for cleaning up the mess they caused by their failure to do proper identity checks. Once companies are fully on the hook for these costs, instead of sticking them on the innocent whose identity was stolen, you can bet that the problem will get fixed.

Seems like one fix would be to demand physical identity verification instead of relying on info over the web. That would make it rather difficult for cybercriminals on the other side of the planet to commit fraud. (Something akin to a notary public, identity agent, etc.)

Sep 15, 2017
This may be overkill to my wishes that something bad would happen when I wished them the nasties for dropping my perfect score because I don't use credit enough. We will see if the law is out there to protect us after all the horses are gone. I am assuming, they will reduce my claim because Anthem BC-BS already gave away my secrets a couple of years ago. Me? I'm ready to follow a Great Revolutionary Leader when found.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more