Credit agency’s data breach may affect 143M
The credit reporting agency Equifax said Thursday that hackers gained access to sensitive personal data — Social Security numbers, birth dates and home addresses — for up to 143 million Americans, a major cybersecurity breach at a firm that serves as one of the three major clearinghouses for Americans’ credit histories.
Equifax said the breach began in May and continued until it was discovered in late July. It said hackers exploited a “website application vulnerability” and obtained personal data about British and Canadian consumers as well as Americans. Social Security numbers and birth dates are particularly sensitive data, giving those who possess them the ingredients for identity fraud and other crimes.
Equifax also lost control of an unspecified number of driver’s licenses, along with the credit card numbers for 209,000 consumers and credit dispute documents for 182,000 others. The company said it did not detect intrusions into its “core consumer or commercial credit reporting databases.”
Equifax declined to comment on questions seeking more detail on what type of data was compromised.
Equifax is one of the largest U.S.-based credit reporting agencies, which collect and analyze detailed records of financial data for records of a wide range of consumers worldwide. The judgments of these companies about the creditworthiness of individuals can affect their ability to gain loans, housing and jobs, while also determining the interest rates on consumer products.
The information exposed in the Equifax breach is categorized as “personally identifiable information” or PII, and is regarded as particularly sensitive, experts say.
“All in all, this has the potential to be a very harmful breach to those who are affected by it,” said Beth Givens, executive director of the Privacy Rights Clearinghouse, a consumer advocacy group based in San Diego.
The company did not respond to a question about why it waited six weeks to disclose the hack.
Three company executives — chief financial officer John Gamble; Joseph Loughran III, the president of U.S. information solutions; and Rodolfo Ploder, the president of workforce solutions — sold large amounts of their shares of Equifax stock totaling nearly $1.8 million in the days after the breach was discovered July 29.
The stock trades were not part of a previous scheduled sale, federal filings show.
A company spokeswoman, Ines Gutzmer, said in an email Thursday night, “The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares.”
On Thursday, after the company disclosed the hack, Equifax shares plummeted 12 percent in after-hours trading.
One of the other leading credit rating agencies, Experian, was hacked in 2015, causing the personal data of 15 million Americans to be exposed.