Credit reporting agency Equifax on Thursday announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers.
According to Equifax, Criminals exploited a U.S. website application vulnerability to gain access to “certain files.” These “certain files” include personal data of customers, including names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents.
Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. Equifax discovered the unauthorized access on July 29 of this year and said it “acted immediately” to stop the intrusion.
The company said it “promptly engaged a leading, independent cybersecurity firm” that has been conducting a “comprehensive forensic review” to determine the scope of the intrusion, including the specific data impacted.
The company also said it has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company said it has found no evidence that personal information of consumers in any other country has been impacted.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”
Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year.
The website also provides additional information on steps consumers can take to protect their personal information. Equifax recommends that consumers with additional questions visit www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time.