Equifax, one of the leading consumer credit reporting agencies, last week announced a cyber security incident, which may have put the personal information of 143 million consumers in the U.S. at risk. The data compromised includes consumer names, Social Security numbers, birth dates and addresses. In some cases, driver’s license identification numbers were compromised as well.
They also found that about 209,000 U.S. consumers had their credit card numbers accessed, and 182,000 U.S. consumers with dispute documents on file were breached as well. Right now they say that there is no evidence that hackers accessed their main consumer or commercial credit reporting databases.
“This is clearly a disappointing event for our company and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith.
“We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident,” he said.
Free credit monitoring and services
Equifax is offering consumers in the U.S. free identity theft protection and credit file monitoring. They have set up a website where people can find out if their information may have been compromised.
While on the site they can also sign up for TrustedID Premier, a service offering three bureau credit monitoring, along with other features to protect users. To get the free security service people can also call their dedicated phone number (866-447-7559), from 7:00 a.m. – 1:00 a.m. Eastern time, seven days a week.
Equifax found out about the incident on July 29, 2017, and began a forensic investigation to determine its scope of the event, finding that this cyber-attack occurred between mid-May and July 2017.
Once discovered, they reported the attack to authorities and are currently working with law enforcement. While for the most part, their investigation is over, some aspects are still going on and will continue to move forward for a few more weeks.
During their investigation, they found that a limited amount of personal information for some residents in the U.K. and Canada were accessed during this cyber-attack as well. They are working with regulators in those countries to determine what to do next.
There is no evidence to suggest that this incident involves any other countries, besides the U.S., Canada, and the UK.