Up to 143 million accounts may be affected

Credit reporting agency Equifax on Thursday announced a massive data breach that could impact up to 143 million Americans. Cybercriminals stole consumers’ social security numbers, names, birth dates, addresses, and driver’s license numbers.

The unauthorized access took place from mid-May through July 2017.

The credit card account numbers for about 209,000 people and dispute documents that contained personal data for 182,000 people were also leaked.

Hackers also obtained “limited personal information” from British and Canadian citizens.

The Atlanta-based credit bureau discovered the breach on July 29 and says it immediately launched an investigation. The incident was reported to law enforcement and remains ongoing.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” says Equifax chairman and CEO Richard F. Smith.

Equifax is one of three U.S. companies that monitors and scores the financial activity of consumers. Along with TransUnion and Experian, Equifax evaluates data related to personal loans and credit card accounts. The agency also stores information on credit limits, utility and rent payments, employer history and child support payments.

Some people affected by the breach may not even know it – Equifax gathers its data from banks, retailers, lenders and credit card companies.

“Unfortunately, in cases like this, there’s not much the user can do outside monitoring their credit reports and using an identity protection service like LifeLock or something similar,” Alex Heid, white hat hacker and Chief Research Officer at SecurityScorecard, tells us Thursday. “If it’s not from this breach, then their information was exposed in one of the several others in the last few years.”

In May, it was revealed that hackers infiltrated consumers’ W-2 data from April 17, 2016 to March 29, 2017 by exploiting Equifax subsidiary TALX, which offers tax and payroll services. The division was compromised when criminals reset customer employees’ 4-digit PIN numbers and then correctly answered their security questions.

“The basic practice of centralizing sensitive consumer information, still commonplace in large enterprises, is a critical factor that leaves it vulnerable to attack,” adds George Avetisov, CEO of HYPR. “If a service provider such as a bank, insurer, payment network, or other enterprise warehouses data that is appealing to hackers, the data will be hacked….

Read the full article from the Source…

Leave a Reply

Your email address will not be published. Required fields are marked *