Credit reporting company Equifax (EFX) announced Thursday a cybersecurity data breach that could have impacted about 143 million U.S. consumers.
The company said in a statement the unauthorized entry occurred mid-May through July 2017, as criminals “exploited U.S. website application vulnerability” to access files ranging from social security numbers, birth dates, addresses and driver’s license numbers. Hackers also accessed the credit card numbers of about 209,000 consumers in the U.S. and other documents with personal identifying information for about 182,000 people in the U.S. Equifax said it discovered the breach on July 29, 2017 but did not publically disclose the information until Sept. 7, 2017.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” Equifax Chairman and CEO Richard F. Smith said in a statement. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
Equifax said it also found that hackers gained unauthorized access to limited personal information for certain residents in the United Kingdom and Canada. The company said its investigation has not found any evidence of illegal activity on its “core consumer or commercial credit reporting databases.”
“This is the nuclear explosion of identity theft opportunity. They’ve got names, dates of birth, Social Security numbers, addresses … I don’t think 143 [million] is going to be the number. Like with anything else, it starts at a number and it always seems to grow. So this thing could grow higher than 143 million,” cybersecurity expert Morgan Wright told “Risk & Reward.”
As a result,…