Disastrous Equifax Breach Exposes 44% Of The US Population

An estimated 143 million US consumers could be affected by a cybersecurity attack carried out by suspected criminal hackers, national credit-reporting company  Equifax announced last week.

The unauthorised access to information for nearly 44% of the US population occurred from mid-May through July 2017 and primarily involved names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers, the company said in a detailed announcement of the attack.

Additionally, the hackers gained access to credit card numbers for roughly 209,000 consumers, plus certain dispute documents with personal identifying information for approximately 182,000 consumers.Equifax also identified unauthorised access to limited personal information for certain United Kingdom, and Canadian residents.

However, there was no evidence of unauthorised activity on Equifax's core consumer or commercial credit reporting databases, the company said. "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do," Equifax Chairman and CEO Richard Smith said in a statement issued with the announcement. "I apologise to consumers and our business customers for the concern and frustration this causes." 

The company also posted questions and answers about the incident for investors. The news sent shares of Equifax down nearly 9% to $130.05. Financial regulatory filings show that three of the company's top executives sold shares of Equifax stock after July 29, the date the firm said the cyber-breach was detected.

On Aug. 1, Chief Financial Officer John Gamble sold shares with a market value of nearly $946,400, while Joseph Loughran, president of Equifax's US Information Solutions, exercised options to sell nearly $584,100. 

Rodolfo Ploder, president of business unit Workforce Solutions, sold shares valued at nearly $250,500 on Aug. 2, the filings show. The three executives continued to hold tens of thousands of Equifax shares after the transactions. 

News of the cyber-attack comes less than three months after the global Petya ransomware attack spread through computers across North America and Europe, affecting 65 countries. Similarly, the massive attack of the WannaCry ransomware virus infected computers around the world in May. 

Computer systems for the US Tax Service, Target, and other government agencies and private companies have also been struck by cyber-attacks in recent years. And Yahoo last year disclosed that information from an estimated 500 million of the internet giant's accounts was stolen in 2014.

Atlanta-based Equifax is one of the nation's largest credit-reporting companies, along with Experian and TransUnion. Equifax says it organizes and analyses data on more than 820 million consumers and more than 91 million businesses worldwide, and the company's databases hold employee data submitted by more than 7,100 employers.

After discovering the electronic intrusion, Equifax said it hired an independent cyber-security firm that has since been conducting a forensic investigation aimed at determining the scope of the electronic intrusion and the specific data accessed.

Equifax also reported the attack to law enforcement agencies and is continuing to work with them, the company said.
Separately, Equifax said the company would send direct mail notices to consumers whose credit card numbers or dispute documents were affected by the cyber-breach.

The company also is contacting US state and federal regulators and has sent written notifications to all US state attorneys general about the incident.

USA Today

You Might Also Read:

Crime Has Become Cybercrime:

How Cybersecurity Benefits from Hackers:

 

 

 

 

« US Military Fighting ISIS In Cyberspace
US Conducts Computer War Games in Response to North Korea Missile Launch »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ExaGrid Systems

ExaGrid Systems

ExaGrid provides Tiered Backup Storage with a unique disk-cache Landing Zone, long-term retention repository, and scale-out architecture.

F5 Networks

F5 Networks

F5 products ensure that network applications are always secure and perform the way they should—anywhere, any time, and on any device.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

Thomas Miller Specialty

Thomas Miller Specialty

Thomas Miller Specialty is a commercial Managing General Agency providing specialty risks insurance including Cyber & e-crime insurance.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

Adzuna

Adzuna

Adzuna is a search engine for job ads used by over 10 million visitors per month that aims to list every job everywhere, including thousands of vacancies in Cybersecurity.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

Intel 471

Intel 471

Intel 471 provides adversary and malware intelligence for leading intelligence, security and fraud teams.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

Defendis

Defendis

Defendis develops AI-powered cybersecurity solutions for Government Agencies, Banks, and Businesses, designed to helps them contain data leaks, minimise damage, and proactively hunt for new threats.

CyberForce Global

CyberForce Global

CyberForce Global are at the forefront of start-up technology recruitment in areas including cybersecurity, IT infrastructure, software, fintech, blockchain and more.