US watchdog confirms probe of huge Equifax data breach

September 14, 2017
The huge data breach at Equifax, which leaked credit card numbers and other sensitive data, is now being investigated by the US Federal Trade Commission as well as congressional panels

A US consumer protection watchdog agency said Thursday it has begun an investigation into a massive data breach at credit bureau Equifax that may have leaked sensitive information on 143 million people.

The Federal Trade Commission joins US congressional committees promising to probe the causes and implications of what could be the worst breach of personal information in the United States.

"The FTC typically does not comment on ongoing investigations," said Peter Kaplan, the agency's acting director of public affairs.

"However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach."

The hack disclosed last week at Equifax, one of the three major credit bureaus that collect consumer financial data, potentially affects more than half the adult population.

While not the largest breach—Yahoo attacks leaked data on as many as one billion accounts—the Equifax incident could be the most damaging because of the nature of data collected: bank and social security numbers and personal information of value to hackers and others.

US lawmakers have expressed concern over the implications of the hack and have called for hearings.

The House Energy and Commerce Committee announced it would hold an October 3 hearing with Equifax chief executive Richard Smith.

"We know members on both sides of the aisle appreciate Mr Smith's willingness to come before the committee and explain how our constituents might be impacted and what steps are being taken to rectify this situation," said a statement from Senators Greg Walden and Bob Latta.

Smith earlier this week offered an expanded apology to consumers in a column in USA Today.

"Consumers and media have raised legitimate concerns about the services we offered and the operations of our call center and website. We accept the criticism and are working to address a range of issues," Smith wrote.

"We are devoting extraordinary resources to make sure this kind of incident doesn't happen again."

Equifax said in a "progress report" on its website that criminals exploited a vulnerability in a website application called Apache Struts.

Security researcher Kevin Beaumont said in a blog post that he warned of the vulnerability in March and urged companies to fix it.

"I kept reissuing warnings," Beaumont said in a blog this week. "And then I gave up. Many Fortune 500 companies are still running these systems."

Explore further: Canadian class action suit launched against Equifax over data breach

Related Stories

Investors punish Equifax for massive data breach

September 8, 2017

Investors were bailing out on Equifax a day after the credit monitoring company said a data breach exposed the Social Security numbers and other personal data of 143 million Americans.

143 mn affected in hack of US credit agency

September 8, 2017

A major American credit reporting agency entrusted to safeguard personal financial information said Thursday hackers looted its system in a colossal breach that could affect nearly half the US population as well as people ...

Recommended for you

Volumetric 3-D printing builds on need for speed

December 11, 2017

While additive manufacturing (AM), commonly known as 3-D printing, is enabling engineers and scientists to build parts in configurations and designs never before possible, the impact of the technology has been limited by ...

Tech titans ramp up tools to win over children

December 10, 2017

From smartphone messaging tailored for tikes to computers for classrooms, technology titans are weaving their way into childhoods to form lifelong bonds, raising hackles of advocacy groups.

Mapping out a biorobotic future  

December 8, 2017

You might not think a research area as detailed, technically advanced and futuristic as building robots with living materials would need help getting organized, but that's precisely what Vickie Webster-Wood and a team from ...

Lyft puts driverless cars to work in Boston

December 6, 2017

Lyft on Wednesday began rolling out self-driving cars with users of the smartphone-summoned ride service in Boston in a project with technology partner nuTonomy.

3 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

RichManJoe
Sep 14, 2017
This comment has been removed by a moderator.
carbon_unit
not rated yet Sep 15, 2017
The fix for the problem should be to hold the organization that opened an account for an identity thief fully responsible for cleaning up the mess they caused by their failure to do proper identity checks. Once companies are fully on the hook for these costs, instead of sticking them on the innocent whose identity was stolen, you can bet that the problem will get fixed.

Seems like one fix would be to demand physical identity verification instead of relying on info over the web. That would make it rather difficult for cybercriminals on the other side of the planet to commit fraud. (Something akin to a notary public, identity agent, etc.)
PointyHairedEE
not rated yet Sep 15, 2017
This may be overkill to my wishes that something bad would happen when I wished them the nasties for dropping my perfect score because I don't use credit enough. We will see if the law is out there to protect us after all the horses are gone. I am assuming, they will reduce my claim because Anthem BC-BS already gave away my secrets a couple of years ago. Me? I'm ready to follow a Great Revolutionary Leader when found.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.