26 September 2017
Find out more

Huge Equifax breach hits 143 million consumers

08 September 2017  |  7435 views  |  2 Computer virus

Credit referencing firm Equifax has reported a cyber-breach which spilled the personal details of approximately 143 million US consumers.

The company says unidentified intruders exploited a US website application vulnerability to gain access to certain files over a three-month period between May and July of this year.

The information leaked primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers.

In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.

Equifax also identified snooping activity relating to "limited personal information" for a number of UK and Canadian residents.

The company says it has found no evidence of unauthorised activity on its core consumer or commercial credit reporting databases.

Equifax chairman and CEO, Richard Smith, says: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes"

The firm has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection.

The response has left many unimpressed:
Commenting on the leak, Chris Morales, head of security analytics at Vectra, says: “Equifax needs to raise their cybersecurity score. Enterprises have to realise they cannot address cybersecurity by simply spending money on intrusion prevention solutions and instead need to shift investments to detection and response solutions that are being used by today’s advanced attackers. The cyber attackers gained a foothold by seemingly exploiting a web application vulnerability. From there, they most likely escalated privileges, abused credentials and admin protocols, moving laterally through the network, which businesses rarely have the necessary tools to detect.”

Equifax CEO Smith retorts: "I've told our entire team that our goal can't be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we've made significant investments in data security, we recognize we must do more. And we will."

Comments: (2)

Gerard Hergenroeder
Gerard Hergenroeder - Payments Shark - Millersvile | 08 September, 2017, 14:26

Someone must have been asleep at the wheel or someone did not want to respond to an obvious threat. Sounds like an executive management problem to me!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 10 September, 2017, 08:59 "Disappointing event"   seems bit of an understatement for a company like Equifax. I CEO Smith would described the Titianic/Iceburg collision as an "Unfortunate Incident"   
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Financial sector breaches skyrocket in 2016

Financial sector breaches skyrocket in 2016

28 April 2017  |  10536 views  |  0 comments | 20 tweets | 33 linkedin
Number of US data breaches jumps 40% in 2016

Number of US data breaches jumps 40% in 2016

20 January 2017  |  7860 views  |  0 comments | 7 tweets | 18 linkedin
PayPal, Google and Equifax back launch of Open Identity Exchange

PayPal, Google and Equifax back launch of Open Identity Exchange

03 March 2010  |  19490 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.vasco.comvisit www.capgemini.comvisit www.sibos.com

Top topics

Most viewed Most shared
AXA launches blockchain to cover late flight compensationAXA launches blockchain to cover late flig...
11975 views comments | 16 tweets | 30 linkedin
European Commission makes fintech a priority in supervisory shakeupEuropean Commission makes fintech a priori...
8751 views comments | 34 tweets | 46 linkedin
hands typing furiouslyBlockchain is a new way of thinking?
7467 views 2 | 10 tweets | 1 linkedin
Sophia the humanoid gets UBS conference speaking gigSophia the humanoid gets UBS conference sp...
7179 views comments | 16 tweets | 20 linkedin

Featured job

Competitive base, double ote, benefits
London, UK

Find your next job