San Francisco: A major American creditreporting agency entrusted to safeguard personal financialinformation has said hackers looted its system in a colossalbreach that could affect nearly half the US population as wellas people in Britain and Canada. Equifax yesterday said that a hack it learned about onJuly 29 had the potential to affect 143 million US customers, and involved some data for British and Canadian residents.
The Atlanta-based company disclosed the breach in a release that did not explain why it waited more than a month to warn those affected about a risk of identity theft. Filings with the US Securities and Exchange Commissionshowed that three high-ranking Equifax executives sold sharesworth almost USD 1.8 million in the days after the hack wasdiscovered. An Equifax spokesperson told AFP the executives “had noknowledge that an intrusion had occurred at the time they soldtheir shares.”
Copies of SEC filings regarding the transactions were on an investor relations page at the company’s website. Equifax collects information about people and businessesaround the world and provides credit ratings used fordecisions regarding loans and other financial matters. It also touts a service protecting against identitytheft. “The fact that it is a credit company that people pay tobe protected from breaches, and now they have been breached…it feels like a betrayal of trust to a point,” said AiresSecurity chief executive Brian Markus, whose firm specializesin computer network defenses. He considered the breach “gigantic,” made worse by thefact that Equifax stores extensive personal information aboutpeople and keeps it up to date.
Markus wondered what level of responsibility Equifax is going to take if stolen information is used for fraud or identity theft, and advised people to enlist credit monitoring services to alert them to trouble. Equifax released a statement saying that it learned ofthe breach on July 29 and “acted immediately” with theassistance of an independent cybersecurity firm to assess theimpact. “Criminals exploited a US website applicationvulnerability to gain access to certain files,” the statementsaid. An internal investigation determined the unauthorizedaccess occurred from mid-May through July 2017, according tothe company.
Equifax said the hackers obtained names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers from the database, potentially opening up victims to identity theft. The company said credit card numbers were compromised for some 209,000 US consumers, as were credit dispute documents for 182,000 people. Equifax vowed to work with British and Canadian regulators to determine appropriate next steps for customers affected in those countries, but added in the release that it”found no evidence that personal information of consumers in any other country has been impacted.” “This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do,” said company chairman and chief executive, Richard Smith.
“I apologise to consumers and our business customers for the concern and frustration this causes.” He added that Equifax is reviewing its overall securityoperations. Equifax said it had established a website to enableconsumers to determine if they are affected and would beoffering free credit monitoring and identity theft protectionto customers. The company is the latest to announce a major breach.Yahoo last year disclosed two separate cyber attacks whichaffected as many as one billion accounts. More than 400 million accounts were affected by a breachdisclosed last year at the hookup site Adult Friend Finder, and other firms affected in recent years included HeartlandPayment Systems and retail giant Target. “Every company out there is potentially susceptible intoday’s cyber landscape,” Markus said of hacking attacks, someeven by nation states. “These incidents can put companies out of business.” Equifax shares were down more than 13 percent to USD 124in after-market trades that followed news of the hack.
(To receive our E-paper on whatsapp daily, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)