The Equifax credit reporting agency suffered a data breach that affects the information of 143 million Americans.
Equifax, as one of the largest credit reporting agencies, possesses a massive cache of sensitive private information. As is generally known, the firm was recently hacked, with the breach putting 143 million Americans at risk of having sensitive data stolen.
As originally reported by the New York Times, the cyberattack occurred sometime between the middle of May 2017 and July 29 when the intrusion was discovered. What makes the Equifax attack particularly troublesome is the company’s status as a central clearinghouse for sensitive credit-related information including social security numbers, driver’s license numbers, and other data that can be used in a variety of ways to harm those affected.
While the Equifax breach isn’t the largest in terms of the number of victims — Yahoo’s attacks involved more people, for example — it’s of concern because of the kind of personal information that was stolen. Examples of sensitive information include 209,000 credit card numbers, personal information relating to credit disputes for 182,000 victims, and data that could be further used to access medical histories, bank accounts, and more.
This isn’t the first attack to target Equifax. An earlier hack stole W-2 data from the credit giant, and other attacks have occurred against the company’s subsidiaries. This breach, however, is by far the company’s largest.
On September 15, Equifax released more information about the hack, and also noted that two senior executives — the Chief Information Officer and Chief Security Officer are “retiring.” Given recent events, however, there is likely more to the story than mere retirement. Equifax further revealed that its internal investigation is still ongoing, and that the company “continues to work closely with the FBI in its investigation.” Thus far, it’s been revealed that Equifax first noticed suspicious activity on July 29,2017, but waited until August 2 to contact a cybersecurity firm and conduct a “comprehensive forensic review.”
As Pamela Dixon, executive director for the nonprofit research group World Privacy Forum, said in a statement that “This is about as bad as it gets. If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent.”
According to a press release issued by the office of U. S. Senator Mark Warren, the Equifax attack raises important questions about the role of government in responding to the ongoing threat to personal information.
“While many have perhaps become accustomed to hearing of a new data breach every few weeks, the scope of this breach – involving Social Security numbers, birth dates, addresses, and credit card numbers of nearly half the U. S. population – raises serious questions about whether Congress should not only create a uniform data breach notification standard, but also whether Congress needs to rethink data protection policies, so that enterprises such as Equifax have fewer incentives to collect large, centralized sets of highly sensitive data like SSNs and credit card information on millions of Americans.”
In calling such attacks “a real threat to the economic security of Americans,” it’s likely that Warren and other government officials will push for legislation creating stronger consumer protections from data theft. Warner has been working on developing just that sort of legislation, and that’s likely to accelerate.
In the meantime, Equifax has established a website that individuals can visit to learn more about the attack, find out if they’re affected, and enroll in free identity theft protection and file monitoring services. It’s a good idea to head over to the site sooner rather than later.
Update: Equifax released more information about the hack.
