Equifax Inc. Data Security Breach
On September 7, Equifax announced via a press release a cyber security incident potentially impacting approximately 143 million U.S. consumers. In the release, Equifax indicated that criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.
Equifax has found no evidence of unauthorized activity on their core consumer or commercial credit reporting databases.
The third-party forensic firm that Equifax hired to investigate the breach found that the accessed information primarily includes the following:
- Social Security Numbers
- Birth Dates
- Driver’s License Numbers (in some instances)
In addition, credit card numbers for approximately 209,000 U.S. consumers and dispute documents with personal, identifying information for approximately 182,000 U.S. consumers have also been breached.
As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited, personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.
Equifax has established a website that consumers can access to see if they were impacted by the breach. In addition, Equifax is offering free Identity Theft Protection and Credit File Monitoring to all U.S. consumers that can also be accessed from the website.