US watchdog confirms probe of huge Equifax data breach

September 14, 2017
The huge data breach at Equifax, which leaked credit card numbers and other sensitive data, is now being investigated by the US Federal Trade Commission as well as congressional panels

A US consumer protection watchdog agency said Thursday it has begun an investigation into a massive data breach at credit bureau Equifax that may have leaked sensitive information on 143 million people.

The Federal Trade Commission joins US congressional committees promising to probe the causes and implications of what could be the worst breach of personal information in the United States.

"The FTC typically does not comment on ongoing investigations," said Peter Kaplan, the agency's acting director of public affairs.

"However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach."

The hack disclosed last week at Equifax, one of the three major credit bureaus that collect consumer financial data, potentially affects more than half the adult population.

While not the largest breach—Yahoo attacks leaked data on as many as one billion accounts—the Equifax incident could be the most damaging because of the nature of data collected: bank and social security numbers and personal information of value to hackers and others.

US lawmakers have expressed concern over the implications of the hack and have called for hearings.

The House Energy and Commerce Committee announced it would hold an October 3 hearing with Equifax chief executive Richard Smith.

"We know members on both sides of the aisle appreciate Mr Smith's willingness to come before the committee and explain how our constituents might be impacted and what steps are being taken to rectify this situation," said a statement from Senators Greg Walden and Bob Latta.

Smith earlier this week offered an expanded apology to consumers in a column in USA Today.

"Consumers and media have raised legitimate concerns about the services we offered and the operations of our call center and website. We accept the criticism and are working to address a range of issues," Smith wrote.

"We are devoting extraordinary resources to make sure this kind of incident doesn't happen again."

Equifax said in a "progress report" on its website that criminals exploited a vulnerability in a website application called Apache Struts.

Security researcher Kevin Beaumont said in a blog post that he warned of the vulnerability in March and urged companies to fix it.

"I kept reissuing warnings," Beaumont said in a blog this week. "And then I gave up. Many Fortune 500 companies are still running these systems."

Explore further: Canadian class action suit launched against Equifax over data breach

Related Stories

Investors punish Equifax for massive data breach

September 8, 2017

Investors were bailing out on Equifax a day after the credit monitoring company said a data breach exposed the Social Security numbers and other personal data of 143 million Americans.

143 mn affected in hack of US credit agency

September 8, 2017

A major American credit reporting agency entrusted to safeguard personal financial information said Thursday hackers looted its system in a colossal breach that could affect nearly half the US population as well as people ...

Recommended for you

After a reset, Сuriosity is operating normally

February 23, 2019

NASA's Curiosity rover is busy making new discoveries on Mars. The rover has been climbing Mount Sharp since 2014 and recently reached a clay region that may offer new clues about the ancient Martian environment's potential ...

Study: With Twitter, race of the messenger matters

February 23, 2019

When NFL player Colin Kaepernick took a knee during the national anthem to protest police brutality and racial injustice, the ensuing debate took traditional and social media by storm. University of Kansas researchers have ...

Solving the jet/cocoon riddle of a gravitational wave event

February 22, 2019

An international research team including astronomers from the Max Planck Institute for Radio Astronomy in Bonn, Germany, has combined radio telescopes from five continents to prove the existence of a narrow stream of material, ...


Adjust slider to filter visible comments by rank

Display comments: newest first

Sep 14, 2017
This comment has been removed by a moderator.
not rated yet Sep 15, 2017
The fix for the problem should be to hold the organization that opened an account for an identity thief fully responsible for cleaning up the mess they caused by their failure to do proper identity checks. Once companies are fully on the hook for these costs, instead of sticking them on the innocent whose identity was stolen, you can bet that the problem will get fixed.

Seems like one fix would be to demand physical identity verification instead of relying on info over the web. That would make it rather difficult for cybercriminals on the other side of the planet to commit fraud. (Something akin to a notary public, identity agent, etc.)
not rated yet Sep 15, 2017
This may be overkill to my wishes that something bad would happen when I wished them the nasties for dropping my perfect score because I don't use credit enough. We will see if the law is out there to protect us after all the horses are gone. I am assuming, they will reduce my claim because Anthem BC-BS already gave away my secrets a couple of years ago. Me? I'm ready to follow a Great Revolutionary Leader when found.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.