Approximately 143 million U.S. consumers’ names, Social Security numbers, birth dates, addresses, and in some cases, driver’s license numbers were exposed Thursday due to a cybersecurity incident, according to a press release [1] issued by Equifax [2].
After investigating, Equifax determined that the criminals exploited a vulnerability in a website application to gain access to particular files, but the company found no evidence of unauthorized activity on their core consumer or commercial credit reporting databases.
In addition to the information mentioned above, about 209,000 consumers had their credit card numbers exposed and 182,000 U.S. consumers had dispute documents with personal identifying information uncovered. Though the company found no evidence that consumers’ from other countries had personal information exposed, Equifax identified unauthorized access to limited personal information for certain UK and Canadian residents and is working with regulators to determine next steps.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said Chairman and CEO Richard F. Smith. “I apologize to consumers and our business customers for the concern and frustration this causes.”
On July 29, Equifax first discovered unauthorized access and immediately acted to cease the intrusion by hiring an independent cybersecurity firm to conduct a comprehensive forensic review and alerted law enforcement. The investigation to determine how big the intrusion was and what data was impacted is substantially complete, but remains ongoing.
"We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations,” said Smith. “We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident."
For consumers who think they may have been affected, visit http://www.equifaxsecurity2017.com [3] to determine exposure and enroll in Equifax’s credit file monitoring and identity theft protection program.