Equifax, a US-based credit reporting agency, has confirmed that sensitive consumer data belonging to over 143 million customers was compromised earlier this year.
According to the official press release, hackers were able to exploit one of their website applications, allowing them access to certain files including “names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers” of customers within the United States.
Credit card numbers belong to about 209,000 US consumers and dispute documents related to another 182,000 US consumers were also accessed in the hack which took place between May and July of this year.
A number of Canadian and UK consumer records were also accessed during the breach.
According to them, their core reporting applications were not breached, which means you should not have to worry too much about your credit score being illegally modified.
Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.
With the numbers accounting for just about one in every two US citizens, the likelihood of identity theft is now much greater as a result of critical details such as Social Security and credit card numbers being leaked.
Equifax launched a dedicated website at www.equifaxsecurity2017.com to outline steps that should be taken to confirm whether your data was indeed compromised, and what to do if your information is out in the open.
The credit company also stated that a top security team was hired to discover how such an intrusion took place, and what needs to be done to prevent it in the future.
At this point however, it may be too late for the company to rebuild client trust given the severity of the leak.