Data of 143 million Americans exposed in hack of credit reporting agency Equifax

The credit reporting agency Equifax said Thursday that hackers gained access to sensitive personal data — Social Security numbers, birth dates, and home addresses — for up to 143 million Americans, a major cybersecurity breach at a firm that serves as one of the three major clearinghouses for Americans' credit histories.

Equifax said the breach began in May and continued until it was discovered in late July. It said hackers exploited a "website application vulnerability" and obtained personal data about British and Canadian consumers as well as Americans. Social Security numbers and birth dates are particularly sensitive data, giving those who possess them the ingredients for identity fraud and other crimes.

Equifax also lost control of an unspecified number of driver's licenses, along with the credit card numbers for 209,000 consumers and credit dispute documents for 182,000 others. The company said it did not detect intrusions into its "core consumer or commercial credit reporting databases."

Equifax is one of the largest U.S.-based credit reporting agencies that collect and analyze detailed records of financial data for a wide range of consumers worldwide. The judgments of these companies about the creditworthiness of individuals can affect their ability to gain loans, housing, and jobs, while also determining the interest rates on consumer products.

The information exposed in the Equifax breach is categorized as "personally identifiable information" or PII, and is regarded as particularly sensitive, experts say.

Equifax, based in Atlanta, is working with law enforcement on an investigation of the breach and has hired an independent cybersecurity research firm to assess the scope of the intrusion. The company's website says it operates in 24 countries and has access to the data of more than 820 million consumers worldwide, along with data for 91 million businesses.

Companies often do not immediately alert affected people to cybersecurity incidents, prompting periodic calls from state and federal legislators for new laws to require more rapid and complete disclosures to affected consumers.

On Thursday night, Sen. Mark R. Warner (D-Va.), co-founder of the Senate Cybersecurity Caucus, described the Equifax breach as "profoundly troubling" and called for more consumer protections against data theft and timely notification to consumers whose personal information is compromised.

Source: The Washington Post - By Craig Timberg, Elizabeth Dwoskin, Brian Fung

Comments are closed.