Equifax Inc. announced
a cybersecurity breach that could impact approximately 143 million U.S. consumers.
The Atlanta-based company stated that “criminals exploited a U.S. website application vulnerability to gain access to certain files” sometime between mid-May and June. Although Equifax said there was no evidence of unauthorized activity on its consumer and commercial credit reporting databases, it added that the information obtained in this cyber attack included personal data including Social Security numbers and, in some cases, driver’s license numbers and credit card numbers.
“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said Equifax Chairman and CEO Richard F. Smith. “I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident."
Terry W. Clemans, Executive Director of the National Consumer Reporting Association (NCRA), stressed that a time of crisis like this brings out the most devious of identity thieves.
"Be extra careful with any phone calls, e-mails, etc. as it’s typical for identity thieves, after major breaches like this, to send out phishing," noted Clemans. "Be careful that any Web site you visit is an official site, not a lookalike site. Companies and individuals are looking to scam people, posing as the entity being breached. Consumers need to be very cautious and double check."
"What is concerning is the amount of Personally Identifiable Information or PII that got out, including over 200,000 driver’s license numbers. This is a very troubling, massive breach,” added Clemans. “The good thing for mortgage and auto loans, big loans of that nature, that require face-to-face interaction, run the least chance of being fraudulently opened because you do have other safeguards requiring verification of photo ID as part of the in process. But there are credit applications that are exceptionally vulnerable at a time like this.”