Equifax breach ex­poses data of 143M Amer­i­cans

Baltimore Sun - - NATION - By Craig Tim­berg

Crim­i­nal hack­ers have ac­quired sen­si­tive per­sonal data — in­clud­ing So­cial Se­cu­rity num­bers, birth dates and home ad­dresses — of 143 mil­lion Amer­i­cans by pen­e­trat­ing a web-based ap­pli­ca­tion for Equifax, the credit re­port­ing agency said Thurs­day.

The breach, which the company said be­gan in May, was dis­cov­ered in July. Though Equifax said in a state­ment that “core data­base” was not pen­e­trated, the at­tack­ers did gain ac­cess to a wide range of data for what ap­pears to be a ma­jor­ity of Amer­i­can adults and some for­eign con­sumers as well.

So­cial Se­cu­rity num­bers and birth dates are par­tic­u­larly sen­si­tive data, giv­ing those who pos­sess them the ingredients for iden­tity fraud and other crimes. Equifax said that it also lost con­trol of an un­spec­i­fied num­ber of driver’s li­censes along with the credit card num­bers for 209,000 con­sumers and credit dis­pute doc­u­ments for 182,000 others.

“In ad­di­tion to the num­ber (of vic­tims) be­ing re­ally large, the type of in­for­ma­tion that has been ex­posed is re­ally sen­si­tive,” said Beth Givens, ex­ec­u­tive direc­tor of the Pri­vacy Rights Clear­ing­house, a con­sumer ad­vo­cacy group based in San Diego, Calif. “All in all, this has the po­ten­tial to be a very harm­ful breach to those who are af­fected by it.”

Equifax said it was alert­ing those who were af­fected by mail. It also set up a web­site, equifaxse­cu­rity2017.com, to help con­sumers un­der­stand the breach and check whether they were af­fected. The company is of­fer­ing one year of free credit mon­i­tor­ing and iden­tity theft pro­tec­tion to any­one who may have been af­fected.

“This is clearly a dis­ap­point­ing event for our company, and one that strikes at the heart of who we are and what we do. I apol­o­gize to con­sumers and our busi­ness cus­tomers for the con­cern and frus­tra­tion this causes,” said Chief Ex­ec­u­tive Richard Smith said in a state­ment pub­lished on the company’s web­site. “We pride our­selves on be­ing a leader in man­ag­ing and pro­tect­ing data, and we are con­duct­ing a thor­ough re­view of our over­all se­cu­rity op­er­a­tions. We also are fo­cused on con­sumer pro­tec­tion and have de­vel­oped a com­pre­hen­sive portfolio of ser­vices to sup­port all U.S. con­sumers.”

The company did not im­me­di­ately re­spond to queries about what web ap­pli­ca­tion was hacked nor why it waited six weeks to alert con­sumers about the breach.

Com­pa­nies of­ten do not im­me­di­ately alert af­fected peo­ple to data breaches, prompt­ing calls from leg­is­la­tors for laws to re­quire rapid and com­plete dis­clo­sures.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.