Disastrous Equifax Breach Exposes 44% Of The US Population

An estimated 143 million US consumers could be affected by a cybersecurity attack carried out by suspected criminal hackers, national credit-reporting company  Equifax announced last week.

The unauthorised access to information for nearly 44% of the US population occurred from mid-May through July 2017 and primarily involved names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers, the company said in a detailed announcement of the attack.

Additionally, the hackers gained access to credit card numbers for roughly 209,000 consumers, plus certain dispute documents with personal identifying information for approximately 182,000 consumers.Equifax also identified unauthorised access to limited personal information for certain United Kingdom, and Canadian residents.

However, there was no evidence of unauthorised activity on Equifax's core consumer or commercial credit reporting databases, the company said. "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," Equifax Chairman and CEO Richard Smith said in a statement issued with the announcement. "I apologise to consumers and our business customers for the concern and frustration this causes." 

The company also posted questions and answers about the incident for investors. The news sent shares of Equifax down nearly 9% to $130.05. Financial regulatory filings show that three of the company's top executives sold shares of Equifax stock after July 29, the date the firm said the cyber-breach was detected.

On Aug. 1, Chief Financial Officer John Gamble sold shares with a market value of nearly $946,400, while Joseph Loughran, president of Equifax's US Information Solutions, exercised options to sell nearly $584,100. 

Rodolfo Ploder, president of business unit Workforce Solutions, sold shares valued at nearly $250,500 on Aug. 2, the filings show. The three executives continued to hold tens of thousands of Equifax shares after the transactions. 

News of the cyber-attack comes less than three months after the global Petya ransomware attack spread through computers across North America and Europe, affecting 65 countries. Similarly, the massive attack of the WannaCry ransomware virus infected computers around the world in May. 

Computer systems for the US Tax Service, Target, and other government agencies and private companies have also been struck by cyber-attacks in recent years. And Yahoo last year disclosed that information from an estimated 500 million of the internet giant's accounts was stolen in 2014.

Atlanta-based Equifax is one of the nation's largest credit-reporting companies, along with Experian and TransUnion. Equifax says it organizes and analyses data on more than 820 million consumers and more than 91 million businesses worldwide, and the company's databases hold employee data submitted by more than 7,100 employers.

After discovering the electronic intrusion, Equifax said it hired an independent cyber-security firm that has since been conducting a forensic investigation aimed at determining the scope of the electronic intrusion and the specific data accessed.

Equifax also reported the attack to law enforcement agencies and is continuing to work with them, the company said.
Separately, Equifax said the company would send direct mail notices to consumers whose credit card numbers or dispute documents were affected by the cyber-breach.

The company also is contacting US state and federal regulators and has sent written notifications to all US state attorneys general about the incident.

USA Today

You Might Also Read:

Crime Has Become Cybercrime:

How Cybersecurity Benefits from Hackers:

 

 

 

 

« US Military Fighting ISIS In Cyberspace
US Conducts Computer War Games in Response to North Korea Missile Launch »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

Keyfactor

Keyfactor

Keyfactor is a leader in cloud-first PKI as-a-Service and crypto-agility solutions. Our Crypto-Agility Platform seamlessly orchestrates every key and certificate across the enterprise.

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

S21sec

S21sec

S21sec is a leading European pure play cybersecurity consultancy, services and solutions provider.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

SterlingRisk Programs

SterlingRisk Programs

Sterling New Age Cyber, Cyber Liability Program. Understanding new Cyber Risks to provide you with the right protection.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Sontiq

Sontiq

Sontiq is committed to providing best-in-class, highly scalable, award-winning identity security solutions to consumers, businesses and government agencies.

Axitea

Axitea

Axitea designs, implements and develops the solutions best suited to its customers’ needs and their physical and cyber security requirements.

Akito

Akito

Akito was set up to become a point of reference in the ICT market for issues related to Security and in particular Cyber Security.

Oman Data Park

Oman Data Park

The Data Park is Oman’s premier IT Managed Services provider. We offer a superior Tier 3 Data Center network providing cyber security and cloud services.

RealTyme

RealTyme

RealTyme is a secure communication and collaboration platform with privacy and human experience at its core.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.