Credit reporting firm Equifax hacked, 143 million consumers impacted

Shawn Knight

TechSpot Staff
Staff member

Credit reporting firm Equifax on Thursday announced a data breach impacting around 143 million US consumers.

The unauthorized activity, which occurred from mid-May through July 2017, was discovered on July 29. Equifax says hackers exploited a website application vulnerability to gain access to users’ names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.

Credit card numbers of approximately 209,000 consumers were also compromised, as were certain dispute documents with personally identifying information belonging to roughly 182,000 users. Equifax also found unauthorized access to limited personal information for certain Canadian and UK residents.

One positive takeaway is the fact that the company has found no evidence of unauthorized activity on its core consumer or commercial credit reporting databases.

The credit reporting company said it immediately took steps to stop the intrusion and reached out to a leading cybersecurity firm to conduct a comprehensive forensic review. Law enforcement was also contacted, we’re told.

Equifax Chairman and CEO Richard F. Smith said it is clearly a disappointing event for their company and one that strikes at the heart of who they are and what they do. The executive apologized to consumers and business customers for the concern and frustration the matter has caused.

Equifax has set up a dedicated website to help consumers determine if they’re impacted by the breach and to sign up for credit file monitoring and identity theft protection services. The offer is complementary for a period of one year.

Permalink to story.

 
Last edited by a moderator:

Evernessince

地獄らしい人間動物園
A company should not be collecting this much personal information in the first place if there aren't incredibly strict security standards. The fact that they don't have a security firm on hire is telling enough. These credit bureaus are nothing more then large scale information brokers who couldn't care less about the plebs.
 

MoeJoe

Banned
Their website is shallow and only indicates that TrustedID has been registered.
No feedback on any "potential impact", one way or the other.

Very sketch !
 
  • Like
Reactions: alabama man
J

Jibberish18

Their website is shallow and only indicates that TrustedID has been registered.
No feedback on any "potential impact", one way or the other.

Very sketch !
Same thing here. As someone who worked in this field at one point, I always wondered when this would happen and if what they say is true, this could be really bad. Makes you wonder why 3 particular companies are allowed to hold so much power and information doesn't it?
 

stewi0001

TS Evangelist
Platinum
Their website is shallow and only indicates that TrustedID has been registered.
No feedback on any "potential impact", one way or the other.

Very sketch !
Same thing here. As someone who worked in this field at one point, I always wondered when this would happen and if what they say is true, this could be really bad. Makes you wonder why 3 particular companies are allowed to hold so much power and information doesn't it?
care to enlighten us some more about this area of business?
 

Uncle Al

TS Evangelist
Make it more simple. If they have and hold the data they must be ethically and financially responsible for it's safe keeping. If they lose it, they pay for the damages without the need for judicial action, in fact, they should be required to set up, manage and fund a similar agency to the FDIC and if they run short, all profits are diverted until every damaged party is made whole.
 
  • Like
Reactions: wiyosaya

wiyosaya

TS Evangelist
A company should not be collecting this much personal information in the first place if there aren't incredibly strict security standards. The fact that they don't have a security firm on hire is telling enough. These credit bureaus are nothing more then large scale information brokers who couldn't care less about the plebs.
Make it more simple. If they have and hold the data they must be ethically and financially responsible for it's safe keeping. If they lose it, they pay for the damages without the need for judicial action, in fact, they should be required to set up, manage and fund a similar agency to the FDIC and if they run short, all profits are diverted until every damaged party is made whole.
These! Absolutely!

And to think that there are those on this site who somehow seem to think that less regulation is a good thing! WTF?
 
A company should not be collecting this much personal information in the first place if there aren't incredibly strict security standards. The fact that they don't have a security firm on hire is telling enough. These credit bureaus are nothing more then large scale information brokers who couldn't care less about the plebs.
Make it more simple. If they have and hold the data they must be ethically and financially responsible for it's safe keeping. If they lose it, they pay for the damages without the need for judicial action, in fact, they should be required to set up, manage and fund a similar agency to the FDIC and if they run short, all profits are diverted until every damaged party is made whole.
These! Absolutely!

And to think that there are those on this site who somehow seem to think that less regulation is a good thing! WTF?
Yeah cause those regulations sure helped the federal government in not getting hacked. Regulations don't do jack except line the pockets of bureaucrats. You obviously do not understand the difference between liability and regulations managing operating procedure.

A lot better idea would be to let the execs be held to greater liability like the other guy said. Let citizens sue these buffoons who dumped stock before admitting to the Equifax hack. They should have their assets seized and used to compensate those who will suffer financially.
 

wiyosaya

TS Evangelist
A company should not be collecting this much personal information in the first place if there aren't incredibly strict security standards. The fact that they don't have a security firm on hire is telling enough. These credit bureaus are nothing more then large scale information brokers who couldn't care less about the plebs.
Make it more simple. If they have and hold the data they must be ethically and financially responsible for it's safe keeping. If they lose it, they pay for the damages without the need for judicial action, in fact, they should be required to set up, manage and fund a similar agency to the FDIC and if they run short, all profits are diverted until every damaged party is made whole.
These! Absolutely!

And to think that there are those on this site who somehow seem to think that less regulation is a good thing! WTF?
Yeah cause those regulations sure helped the federal government in not getting hacked. Regulations don't do jack except line the pockets of bureaucrats. You obviously do not understand the difference between liability and regulations managing operating procedure.

A lot better idea would be to let the execs be held to greater liability like the other guy said. Let citizens sue these buffoons who dumped stock before admitting to the Equifax hack. They should have their assets seized and used to compensate those who will suffer financially.
Yes, let citizens sue these buffoons - that sure sounds like a regulation. /facepalm