Search

Cyber attack affects 143 million US Equifax consumers

A cyber attack on Equifax has exploited a website application vulnerability to gain access to consumer files, the credit reference agency reported yesterday (September 7).



LinkedIn Twitter
LinkedIn Twitter

A cyber attack on Equifax has exploited a website application vulnerability to gain access to consumer files, the credit reference agency reported yesterday (September 7).

 

Equifax discovered the unauthorised access on July 29 this year and acted immediately to stop the intrusion by hiring an independent cyber security firm to carry out a forensic investigation.

 

The access occurred from the middle of May through to July 2017. The company has found no evidence of unauthorised activity on Equifax’s core consumer or commercial credit reporting databases.

 

However, the information that was accessed included names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

 

Credit card numbers for 209,000 US consumers were accessed as well as certain dispute documents with personal identifying information for about 182,000 US consumers.

 

Equifax has also identified unauthorised access to limited personal information for certain UK and Canadian residents. It will now work with UK and Canadian regulators to determine appropriate next steps.

 

"While we’ve made significant investments in data security, we recognize we must do more. And we will"

 

Richard F. Smith, chairman and chief executive of Equifax, said: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes.

 

"I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will."

 

Commenting on the cyber attack, James Dipple-Johnstone, deputy commissioner at the Information Commissioner’s Office, said: "We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised. We will be advising Equifax to alert affected UK customers at the earliest opportunity.”

 

The investigation remains ongoing and is expected to be completed in the coming weeks.

 

Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.

 

It has also set up a website offering TrustedID Premier, a product to help consumers determine if their information has been potentially impacted. TrustedID can be found here: equifaxsecurity2017.com

LinkedIn Twitter
YOU MIGHT ALSO LIKE

Equifax chiefs resign as details emerge of cyber vulnerability

Equifax’s chief information officer and chief security officer have resigned, as part of senior management changes in the aftermath of a cyber attack

Tesco Bank and Capita extend mortgage services contract

Business processing outsourcer Capita has agreed a contract extension until 2020 to provide mortgage services to Tesco Bank.
LATEST IN ANALYSIS

The CS Interview

Renaissance man
LinkedIn Twitter

Renaissance man

Features

Engineering a self-service solution in car finance
LinkedIn Twitter

Engineering a self-service solution in car finance

Opinion

"It’s up to the financial services industry to help teach students the necessary skills to manage their finances"
LinkedIn Twitter

"It’s up to the financial services industry to help teach students the necessary skills to manage their finances"

Dispatches

Lloyds results reveal £2bn of debt in forbearance
LinkedIn Twitter

Lloyds results reveal £2bn of debt in forbearance

Credit Strategy

Did you find our website useful?

Thank you for your input

Thank you for your feedback

creditstrategy.co.uk – an online news and information service for the UK’s commercial and consumer credit industry. creditstrategy.co.uk is published by Shard Financial Media Limited, registered in England & Wales as 5481132, Axe & Bottle Court, 70 Newcomen St, London, SE1 1YT. All rights reserved. Credit Strategy is committed to diversity in the workplace.
@ Copyright Shard Media Group