September 11, 2017
Equifax reported that hackers likely gained access to the personal information of about 143 million people in the U.S., making it the second biggest data breach after last year’s two Yahoo hacks, which impacted as many as 1.5 billion customers. The Equifax hack is almost twice as large as the J.P. Morgan Chase & Co. hack three years ago. The damage the hack to Equifax will do is as of yet unknown, but it could be serious, given the immense scope of the attack and the future potential for fraud.
The Wall Street Journal reports that, “the attack differs, too, in that the attackers in one swoop gained access to several pieces of consumers’ information that could make it easier for the attackers to try to commit fraud.” Hackers got consumers’ names, Social Security numbers, birth dates and addresses.
“This is the nightmare scenario — all four pieces of information in one place,” said Equifax credit specialist/former manager John Ulzheimer. Because “more companies are putting more information online from more users … the number of large hacks has increased in recent years.” Equifax, TransUnion and Experian are the three major credit-reporting firms in the U.S.; Equifax has credit reports on more than 200 million U.S. adults.
Equifax chief executive Richard Smith apologized to consumers and business customers, calling it “a disappointing event for our company.” With the four pieces of information, con artists will find it easier to get credit approval, coming at a time “when various forms of fraud are already hitting lenders and contributing to higher losses.”
An Equifax internal report found that hackers got access to the files from mid-May through July, and that “credit-card numbers for approximately 209,000 U.S. consumers were accessed, as well as dispute documents with sensitive information for another 182,000 people.” Banks will reissue credit cards for consumers whose information was stolen, but the theft of Social Security numbers and birth dates “could have a permanent effect.”
According to Reuters, “the company’s shares fell nearly 19 percent in after-market trading as investors reacted to possible consequences of the exposure of sensitive data of nearly half of the U.S. population.” It also noted that, “information of some U.K. and Canadian residents was also gained in the hack,” and that the company is “working with law enforcement agencies and has hired a cyber-security firm to investigate the breach.”
The FBI is also tracking the situation, says U.S. Senator Mark Warner, vice chairman of the Senate Select Committee on Intelligence. The investigation, it added, is “substantially complete.” It notes that, Experian, a rival credit-reporting firm, had a breach two years ago of the personal information of 15 million people who applied for T-Mobile US service.
Three days after Equifax discovered the breach in July, says Reuters, three top executives in the company sold shares or disposed of stock worth about $17.8 million. U.S. Representative Maxine Waters, a member of the House of Representatives Financial Services Committee, said she will again introduce legislation to “enhance consumer protection tools available to minimize harm caused by identity theft.”
Equifax opened a website “to help consumers determine if their information has been compromised and to allow them to sign up for free credit-monitoring and identity-theft protection.”
Seriously, Equifax? This Is a Breach No One Should Get Away With, The New York Times, 9/8/17
Equifax Data Breach Spurs Lawsuits, Reuters, 9/8/17