Disastrous Equifax Breach Exposes 44% Of The US Population

An estimated 143 million US consumers could be affected by a cybersecurity attack carried out by suspected criminal hackers, national credit-reporting company  Equifax announced last week.

The unauthorised access to information for nearly 44% of the US population occurred from mid-May through July 2017 and primarily involved names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers, the company said in a detailed announcement of the attack.

Additionally, the hackers gained access to credit card numbers for roughly 209,000 consumers, plus certain dispute documents with personal identifying information for approximately 182,000 consumers.Equifax also identified unauthorised access to limited personal information for certain United Kingdom, and Canadian residents.

However, there was no evidence of unauthorised activity on Equifax's core consumer or commercial credit reporting databases, the company said. "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," Equifax Chairman and CEO Richard Smith said in a statement issued with the announcement. "I apologise to consumers and our business customers for the concern and frustration this causes." 

The company also posted questions and answers about the incident for investors. The news sent shares of Equifax down nearly 9% to $130.05. Financial regulatory filings show that three of the company's top executives sold shares of Equifax stock after July 29, the date the firm said the cyber-breach was detected.

On Aug. 1, Chief Financial Officer John Gamble sold shares with a market value of nearly $946,400, while Joseph Loughran, president of Equifax's US Information Solutions, exercised options to sell nearly $584,100. 

Rodolfo Ploder, president of business unit Workforce Solutions, sold shares valued at nearly $250,500 on Aug. 2, the filings show. The three executives continued to hold tens of thousands of Equifax shares after the transactions. 

News of the cyber-attack comes less than three months after the global Petya ransomware attack spread through computers across North America and Europe, affecting 65 countries. Similarly, the massive attack of the WannaCry ransomware virus infected computers around the world in May. 

Computer systems for the US Tax Service, Target, and other government agencies and private companies have also been struck by cyber-attacks in recent years. And Yahoo last year disclosed that information from an estimated 500 million of the internet giant's accounts was stolen in 2014.

Atlanta-based Equifax is one of the nation's largest credit-reporting companies, along with Experian and TransUnion. Equifax says it organizes and analyses data on more than 820 million consumers and more than 91 million businesses worldwide, and the company's databases hold employee data submitted by more than 7,100 employers.

After discovering the electronic intrusion, Equifax said it hired an independent cyber-security firm that has since been conducting a forensic investigation aimed at determining the scope of the electronic intrusion and the specific data accessed.

Equifax also reported the attack to law enforcement agencies and is continuing to work with them, the company said.
Separately, Equifax said the company would send direct mail notices to consumers whose credit card numbers or dispute documents were affected by the cyber-breach.

The company also is contacting US state and federal regulators and has sent written notifications to all US state attorneys general about the incident.

USA Today

You Might Also Read:

Crime Has Become Cybercrime:

How Cybersecurity Benefits from Hackers:

 

 

 

 

« US Military Fighting ISIS In Cyberspace
US Conducts Computer War Games in Response to North Korea Missile Launch »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

Enterprise Ethereum Alliance (EEA)

Enterprise Ethereum Alliance (EEA)

EEA is a member-led industry organization whose objective is to drive the use of Ethereum blockchain technology as an open-standard to empower ALL enterprises.

Deepnet Security

Deepnet Security

Deepnet Security is a leading vendor in Multi-Factor Authentication (MFA) and Identity & Access Management (IAM).

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

Infuse Technology

Infuse Technology

Infuse Technology provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

Blackpanda

Blackpanda

Blackpanda is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Iron Mountain

Iron Mountain

Iron Mountain Incorporated is a global business dedicated to storing, protecting and managing, information and assets.