Register with us for free to get unlimited news, dedicated newsletters, and access to 5 exclusive Premium articles designed to help you stay in the know.
Join the UK's leading credit and lending community in less than 60 seconds.
A cyber attack on Equifax has exploited a website application vulnerability to gain access to consumer files, the credit reference agency reported yesterday (September 7).
Group Editor
A cyber attack on Equifax has exploited a website application vulnerability to gain access to consumer files, the credit reference agency reported yesterday (September 7).
Equifax discovered the unauthorised access on July 29 this year and acted immediately to stop the intrusion by hiring an independent cyber security firm to carry out a forensic investigation.
The access occurred from the middle of May through to July 2017. The company has found no evidence of unauthorised activity on Equifax’s core consumer or commercial credit reporting databases.
However, the information that was accessed included names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
Credit card numbers for 209,000 US consumers were accessed as well as certain dispute documents with personal identifying information for about 182,000 US consumers.
Equifax has also identified unauthorised access to limited personal information for certain UK and Canadian residents. It will now work with UK and Canadian regulators to determine appropriate next steps.
"While we’ve made significant investments in data security, we recognize we must do more. And we will"
Richard F. Smith, chairman and chief executive of Equifax, said: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes.
"I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will."
Commenting on the cyber attack, James Dipple-Johnstone, deputy commissioner at the Information Commissioner’s Office, said: "We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised. We will be advising Equifax to alert affected UK customers at the earliest opportunity.”
The investigation remains ongoing and is expected to be completed in the coming weeks.
Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.
It has also set up a website offering TrustedID Premier, a product to help consumers determine if their information has been potentially impacted. TrustedID can be found here: equifaxsecurity2017.com
Get the latest industry news