The company said the intrusion — enabled by a website vulnerability — occurred from mid-May through July.
Equifax, one of the nation’s three major credit reporting firms, announced Thursday that its computer systems had been breached, leading to the unauthorized access of Social Security numbers and birthdates of up to 143 million U. S. consumers.
The Atlanta-based company said the intrusion — enabled by a website vulnerability — occurred from mid-May through July. The issue was discovered July 29, and the company spent recent weeks working with a cybersecurity consultant and authorities on an investigation, which is continuing.
Equifax said it launched a website for people to check whether their data was affected and to sign up for the company’s credit-monitoring services. But a form on the website purportedly offering to “check potential impact” instead just gives users a date they must remind themselves of to return to Equifax’s website to enroll in credit monitoring.
The discrepancy drew quick scorn from consumers on social media. Equifax didn’ t immediately respond to requests to comment.
Beside Social Security numbers and birthdates, the information accessed on as many as 143 million people “primarily” includes names, addresses and, in some cases, driver’s license numbers, according to the company.
The credit card numbers for 209,000 U. S. consumers were compromised, and dispute documents related to 182,000 U. S. consumers also were accessed.
Equifax has acknowledged or been implicated in several previous data breaches, including much smaller incidents in 2013 and 2015.
The latest breach is potentially among the largest on record in the U. S., surpassing incidents in the last few years involving Target, T. J. Maxx and health insurer Anthem. Experian, an Equifax competitor, has suffered major breaches too.
In a statement, Equifax Chairman and Chief Executive Richard Smith vowed to increase cybersecurity spending.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do, ” his statement said.
paresh.dave@latimes.com / PGP
Twitter: @peard33
UPDATES:
2: 45 p.m.: This article was updated with details about discrepancies on a website Equifax set up for consumers to get information about the data breach.
2: 30 p.m.: This article was updated with additional context on other data breaches and a statement from Equifax’s chief executive.
The article was originally published at 2: 05 p.m.
