Search

Dear visitor,
You are viewing 1 of your 5 free articles


To view more free articles, please register

Free registration or Login

Cyber attack affects 143 million US Equifax consumers

A cyber attack on Equifax has exploited a website application vulnerability to gain access to consumer files, the credit reference agency reported yesterday (September 7).



Share on Twitter Linkedin black
Share on Twitter Linkedin black

A cyber attack on Equifax has exploited a website application vulnerability to gain access to consumer files, the credit reference agency reported yesterday (September 7).

 

Equifax discovered the unauthorised access on July 29 this year and acted immediately to stop the intrusion by hiring an independent cyber security firm to carry out a forensic investigation.

 

The access occurred from the middle of May through to July 2017. The company has found no evidence of unauthorised activity on Equifax’s core consumer or commercial credit reporting databases.

 

However, the information that was accessed included names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

 

Credit card numbers for 209,000 US consumers were accessed as well as certain dispute documents with personal identifying information for about 182,000 US consumers.

 

Equifax has also identified unauthorised access to limited personal information for certain UK and Canadian residents. It will now work with UK and Canadian regulators to determine appropriate next steps.

 

"While we’ve made significant investments in data security, we recognize we must do more. And we will"

 

Richard F. Smith, chairman and chief executive of Equifax, said: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologise to consumers and our business customers for the concern and frustration this causes.

 

"I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will."

 

Commenting on the cyber attack, James Dipple-Johnstone, deputy commissioner at the Information Commissioner’s Office, said: "We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised. We will be advising Equifax to alert affected UK customers at the earliest opportunity.”

 

The investigation remains ongoing and is expected to be completed in the coming weeks.

 

Equifax will send direct mail notices to consumers whose credit card numbers or dispute documents with personal identifying information were impacted.

 

It has also set up a website offering TrustedID Premier, a product to help consumers determine if their information has been potentially impacted. TrustedID can be found here: equifaxsecurity2017.com

Share on Twitter Linkedin black
YOU MIGHT ALSO LIKE

LATEST IN ANALYSIS

The CS Interview

The patriot

The patriot

Features

Beyond defining vulnerability

Beyond defining vulnerability

Opinion

The Editor's View: "A mixed picture"

The Editor's View: "A mixed picture"

Bank NPL analysis

Banks continue purge of bad debt from balance sheets

Banks continue purge of bad debt from balance sheets

Upcoming events

Credit Week 2018


Credit 500 Gala


Credit Awards 2018


Car Finance Conference 2018

Credit Strategy

Did you find our website useful?

Thank you for your input

Thank you for your feedback

creditstrategy.co.uk – an online news and information service for the UK’s commercial and consumer credit industry. creditstrategy.co.uk is published by Shard Financial Media Limited, registered in England & Wales as 5481132, Axe & Bottle Court, 70 Newcomen St, London, SE1 1YT. All rights reserved. Credit Strategy is committed to diversity in the workplace.
@ Copyright Shard Media Group