Data Breach at Credit Agency Equifax Could Affect 143 Million Americans
The credit agency Equifax has suffered a massive cyberattack, resulting in the possible release of personal information of 143 million Americans. The company, one of the three major credit-reporting agencies along with TransUnion and Experian, released a statement describing what was accessed in what could be the most devastating computer security breach in U.S. history:
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
Those pieces of information are often exactly what identity thieves need to take over bank accounts, make illicit credit card purchases, and execute other financial and identity-related crimes. That they were able to steal the data from a credit-reporting agency is particularly alarming, since Americans often do not have a choice as to whether their information is given to Equifax.
NBC pointed out the enormously dangerous irony here: “Equifax is the agency many people use to guard against identity theft and one that businesses turn to when verifying a person is who they say they are.”
“On a scale of 1 to 10 in terms of risk to consumers, this is a 10,” fraud analyst Avivah Litan told The New York Times.
Pamela Dixon, executive director of the nonprofit research group World Privacy Forum agreed. “This is about as bad as it gets,” she said. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”
The hackers gained access through a weakness in the company’s website starting in mid-May. Equifax discovered the breach July 29. Compounding the problem is news that three top Equifax executives apparently sold $1.8 million in company stock just days after the discovery of the hack, though the company claims the three did not know about the hack at the time of the sales.
The credit-reporting service said earlier in a statement that it discovered the intrusion on July 29. Regulatory filings show that on Aug. 1, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans.
Following the release of news of the hack yesterday (September 7), Equifax shares fell 19 percent.
Equifax CEO Richard Smith has apologized to consumers. “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said Smith.
The FBI has joined with Equifax to investigate the intrusion. They expect the process to take several more weeks.