Equifax, one of the three main credit reporting agencies, recently announced a cybersecurity breach affecting around 143 million US consumers. More than half of US adult's information was compromised. Criminals exploited a US website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorized access occurred from mid-May through July 2017.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers. In addition, hackers accessed credit card numbers for 209,000 US consumers, and dispute documents with personal identifying information for 182,000 US consumers.
Equifax discovered the breach on July 29. The company has hired an independent cybersecurity firm that has been conducting a forensic review to figure out the scope of the intrusion, including the specific data affected. The company's investigation is still ongoing and is expected to be completed in the coming weeks.
I apologize to consumers... for the concern and frustration this causes.
—Richard Smith, Equifax CEO
Richard Smith, Chairman and CEO of Equifax said, "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes."
Equifax has set up a dedicated website, equifaxsecurity2017.com, to help consumers find if their information was affected and to sign up for credit file monitoring and identity theft protection.