Credit Reporting Firm Equifax Hacked; SSNs of 143M Americans Stolen

Another day, another data breach but this one will haunt the targeted customers for a long time.

Equifax, a consumer credit reporting agency in the United States has suffered a massive data breach in which personal details of 143 million Americans have been stolen – This is over 40% of the entire population of the United States.

According to the security notice from Equifax, the breach took place between mid-May through July 2017 allowing unknown hackers to steal details like names, social security numbers (SSN), birth days, addresses, driver license numbers, credit card data of 209,000 U.S. consumers, dispute documents with personal identifying information for approximately 182,000 U.S. consumers.

That’s not it; hackers also stole personal details of some Canadian and British residents using “a U.S. website application vulnerability to gain access to certain files.” It’s unclear what kind of vulnerability was exploited.

In a video message, Rick Smith, Chairman, and CEO of Equifax said that “On July 29th of this year we discovered that attackers had gained unauthorized access to certain Equifax data files, we acted immediately to stop the intrusion. We promptly engaged a leading cyber security firm which has been conducting a comprehensive forensic review to determine the scope of the intrusion, we also reported the incident to the law enforcement and continued to work with the authorities.”

[…]

“The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases,” Smith added.

Furthermore, Smith apologized for the inconvenience and announced that company is offering free identity theft protection and credit file monitoring to all U.S. consumers

Equifax Inc. is considered one of the three largest American credit agencies along with Experian and TransUnion. Therefore, a successful hack attack against the agency is a big deal since privacy and security of million of Americans is at risk now.

Previously, Experian suffered a data breach in which personal details including names, addresses, and social security numbers, etc. of around 15 million T-Mobile consumers were stolen. The data was being sold on Hansa dark web marketplace for just Bitcoin 0.8082 (USD 600.00).

In an email conversation, CTO of CYBRIC Mr. Mike Kail said that: “This massive, and unfortunate for those affected, breach once again amplifies the need for better application security testing and assurance on a continuous basis. The status quo isn’t working as these types of exploits are becoming all too common.”

Richard Henderson, the global security strategist from Absolute, said that: “Just when we think the days of massive breaches are behind us, another company pops up and says, “here, hold my beer and watch this!” All joking aside, this is likely going to be the ‘breach of the year,’ if such awards were handed out. Over 140 million Americans have had their info potentially stolen. That’s over 40% of the entire population of the United States.

Eduard Goodman, Global Privacy Officer at CyberScout said that “This incident underlies one of the key issues with the U.S. consumer credit system and centralization of credit data on Americans: We have become overly reliant on the three credit bureaus who act as the sole data ‘brokers’  and repositories of data for credit worthiness, making an exposure like this a very dangerous event.

With loss of not just SSNs but other secondary pieces of data like previous addresses, mother’s maiden name or the banking institutions with which consumers hold loans, to some degree we have exposed an entire consumer facing security ecosystem to failure since everyone from credit loan verification to online account sign ups depend on this information to help verify us all. The impact of this breach, depending upon who actually has obtained the information and how it is misused could last for a decade.”

The irony of this hack, however, is that Equifax is frequently hired by businesses and organizations to help prepare data breach response plan. The following slogan from the site’s homepage says it all: “Think your business is safe from a data breach? Think again.”

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.