Equifax discovered hack in late July
help them decide whether to approve financing for homes, cars and credit cards. Credit checks are even sometimes done by employers when deciding whom to hire for a job.
Equifax discovered the hack July 29, but waited until Thursday to warn consumers. The Atlantabased company declined to comment on that delay or anything else beyond its published statement. It’s not unusual for U.S. authorities to ask a company hit in a major hack to delay public notice so that investigators can pursue the perpetrators.
Free monitoring
The company established a website, https://www.equifaxsecurity2017.com/, where people can check to see if their personal information may have been stolen. Consumers can also call 866-447-7559 for more information. Experian is also offering free credit monitoring to all U.S. consumers for a year.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax CEO Richard Smith said in a statement. “I apologize to consumers and our business customers for the concern and frustration this causes .”
This isn’t the biggest data breach in history. That indignity still belongs to Yahoo, which was targeted in at least two separate digital burglaries that affected more than 1 billion of its users’ accounts throughout the world.
But no Social Security numbers or drivers’ license information were disclosed in the Yahoo break-in.
Equifax’s security lapse could be the largest theft involving Social Security numbers, one of the most common methods used to confirm a person’s identity in the U.S. It eclipses a 2015 hack at health insurer Anthem Inc. that involved the Social Security numbers of about 80 million people .
Any data breach threatens to tarnish a company’s reputation, but it is especially mortifying for Equifax, whose entire business revolves around providing a clear financial profile of consumers that lenders and other businesses can trust.
“This really undermines their credibility,” Litan said. It also could undermine the integrity of the information stockpiled by two other major credit bureaus, Experian and Trans Union, since they hold virtually all the data that Equifax does, Litan said.
Equifax’s stock plunged in extended trading after its announcement of the breach.
Stock sales
Three Equifax executives insulated themselves from that downturn by selling shares worth a combined $1.8 million just a few days after the company discovered it had been hacked, according to documents filed with securities regulators.
The sales, executed on Aug. 1 and Aug. 2, were made by John Gamble, Equifax’s chief financial officer; Rodolfo Ploder, Equifax’s president of workforce solutions; and Joseph Loughran, Equifax’s president of U.S. information solutions. Bloomberg News first reported the divestitures.
Equifax spokesperson Ines Gutzmer said in an email that the executives “had no knowledge that an intrusion had occurred at the time they sold their shares.”
The potential aftershocks of the Equifax breach should make it clear that Social Security numbers are becoming an unreliable way to verify a person’s identity, Nathaniel Gleicher, the former director of cybersecurity policy in the White House during the Obama administration, said in an email statement.
In addition to the personal information stolen in its breach, Equifax said the credit card numbers for about 209,000 U.S. consumers were also taken, as were “certain dispute documents” containing personal information for approximately 182,000 U.S. individuals.