Equifax, consumers alike will struggle to overcome massive hack
WASHINGTON — Cybersecurity experts Friday pilloried the credit reporting giant Equifax for a data breach that could potentially affect 143 million U.S. consumers, a nightmare hack that sharply underscores a new era of information insecurity.
“These millions of victims will be at increased risk of fraud for the rest of their lives,” John Gunn of VASCO Data Security, an Oakbrook Terrace, Ill., firm, said in a statement.
The repercussions of one of the largest cyberattacks to hit the United States continued to ripple. Equifax shares plunged more than 13 percent in value on the New York Stock Exchange, and an underground site offered what it claimed was pilfered information from the Equifax hack.
Consumers who never sought a credit check with Atlanta-based Equifax may not be safe either, experts said.
“Even if you are not a customer, Equifax likely has a lot of data about you,” said Kenneth Geers, senior research scientist at Comodo, a Clifton, N.J., company that authenticates websites and content on the internet.
Equifax said Thursday that hackers were in their networks from around mid-May until July 29, and that once detected the breach was halted. The company did not say why it waited six weeks to inform the public of the massive hack. Stolen personal data can be used to commit identity fraud, create counterfeit credit cards, and make fraudulent online purchases or insurance claims, among other crimes.
“This is clearly a disappointing event and one that strikes at the heart of who we are and what we do. I deeply regret the incident, and I apologize to every affected consumer,” Equifax chief executive Rick Smith said in a video the company posted.
In addition to the 143 million U.S. consumer records — equivalent to 44 percent of the U.S. population — the company said an unknown number of Canadian and British consumer records were stolen. Data taken included names, Social Security numbers, dates of birth, addresses and, in some cases, driver license numbers. Credit card information on roughly 209,000 U.S. consumers was also stolen.
Outsiders said the company, one of three giants in the credit reporting industry, will struggle to get back on its feet — even as consumers face greater fraud threats from the hack.
“The types of data potentially exposed in this breach could ruin lives, businesses, and might I say, credit scores,” said Hank Thomas, chief operating officer at Strategic Cyber Ventures, a Washington incubator of cybersecurity companies.
Referring to Equifax, Thomas added: “Their brand may never recover.”
Some cybersecurity experts lambasted Equifax for not monitoring sensitive files in their networks even if their perimeter network defenses were strong.
“It’s like if someone walked into a bank dressed like a teller, pretended to work there, and it took the management two months to notice that a stranger was walking out with cash every night,” said Brian Vecci of Varonis Systems, a firm that provides cybersecurity perimeters.
Not all cybersecurity experts delivered such a harsh assessment. Mark Nunnikhoven, vice president of cloud research for Trend Micro, wrote in a blog post that Equifax’s detailed acknowledgement of the hack was “exemplary.”
Another executive said the penetration signaled the perils now buffeting the digital realm.