CREDIT BUREAU HACK AFFECTS 143M
The critical identity data of nearly half the population of the United States has been compromised after credit monitoring company Equifax was hacked in a high-tech heist targeting Social Security numbers and other sensitive information.
About 143 million Americans now have to worry about having their identities stolen.
Atlanta-based Equifax, one of three major U.S. credit bureaus, said yesterday that “criminals” exploited a U.S. website application to access files between mid-May and July of this year.
“On a scale of one to 10, this is a 10 in terms of potential identity theft,” said Gartner security analyst Avivah Litan. “Credit bureaus keep so much data about us that affects almost everything we do.”
Hackers got access to consumers’ names, Social Security numbers, birthdates, addresses and, in some cases, driver’s license numbers — enough to hijack victims’ identities and wreak havoc on their lives.
“The credit bureaus have shown themselves to be incredibly poor stewards of consumer information,” said cybersecurity specialist Brian Krebs, author of the krebsonsecurity.com blog. “They’re just asking for more oversight and regulation, because it’s clear they’re not doing enough to keep these records secure.
Oren Falkowitz, CEO of Area 1 Security, said the Equifax hack could have major ripple effects, as the thieves launch follow-on phishing schemes — sending emails that appear reputable in order to steal more data.
“Everyone who has had their data exposed to this needs to be aware that the information that was obtained will be used to launch new phishing attacks,” Falkowitz said.
“Those attacks will be launched against individuals who had their data exposed, companies they work for, as well as organizations they support. It puts a tremendous risk out there in the world.”
Matt Schulz, CreditCards.com’s senior industry analyst, said, “We think nothing of checking Facebook or Instagram 10 times a day, but many think it is too much to ask to check your bank statements once a week. Consumers need to be diligent — and not just in the short term. Just because nothing looks amiss on your bank statements or your credit report now, that doesn’t mean you haven’t been compromised. Bad guys can be very patient.” Equifax discovered the hack on July 29, but waited more than a month, until yesterday, to warn consumers. The company declined to comment on the delay. U.S. authorities sometimes ask firms hit by major hacks to delay public notice so that investigators can pursue the perpetrators.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax CEO Richard Smith said, issuing a public apology.
In the biggest data breach to date, Yahoo was targeted in at least two separate digital burglaries that affected more than 1 billion users worldwide. But no Social Security numbers or drivers’ license were taken in the Yahoo case.