Well, this is just about the last thing that millions of Americans wanted to hear right now.
The credit reporting service Equifax has just announced a “cybersecurity incident” that could potentially impact an estimated 143 million consumers in the United States:
Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.
The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.
Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities.
They claim that there has been “no evidence of unauthorized access to core consumer or commercial credit reporting databases,” but that’s a little hard to feel too content about that when Social Security and credit card numbers were among the information accessed.
And what is the company doing about it? For starters, they have established this website through which their customers can find out if their personal information is affected and acquire credit file monitoring and identity theft protection services:
The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information. Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time.
In addition to the website, Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted. Equifax also is in the process of contacting U.S. state and federal regulators and has sent written notifications to all U.S. state attorneys general, which includes Equifax contact information for regulator inquiries.
Naturally, the statement also takes pains to ensure their customers that they are working to identify vulnerabilities in their system to prevent similar breaches from happening in the future.
At TechRadar, Ron Miller puts the news in perspective:
This is not the worst breach of all time by a long shot in terms of pure numbers. That distinction goes to Yahoo, now part of Oath (which was acquired by our parent company, Verizon). They had a leak involving more than a billion users.
But this leak is particularly worrisome because Equifax is a credit reporting service and tracks a history of you consumer life, credit cards, credit scores and more — and it gives the black market a potential gold mine of information about people’s financial lives.
Do you fear you were affected? Even if not, does this affect whether you’ll turn to Equifax for credit services in the future? Share your thoughts below.