This credit score is used by banks to asses whether they should extend you a loan, car rental companies to decide if they should rent you a car, and even by employers to judge the employment-worthiness of your character.
Equifax announced yesterday that it has been hacked by “criminals.” Information obtained by hackers includes consumers’ names, social security numbers, birth dates, addresses, and even many drivers’ license numbers.
Scale of the Attack
143 million Americans are almost half the entire population of the United States! 209,000 of these victims are particularly unlucky, as the criminals also made off with their credit card numbers.
Some “limited personal information” belonging to British and Canadian consumers was also stolen. Equifax chairman and CEO Richard Smith issued the following statement:
This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.
Gartner security analyst Avivah Litan observed to the Guardian:
On a scale of one to 10, this is a 10 in terms of potential identity theft. Credit bureaus keep so much data about us that affects almost everything we do.
Senator Mark Warner, vice-chairman of the senate intelligence committee, was also keen to stress the seriousness of this breach:
It is no exaggeration to suggest that a breach such as this … represents a real threat to the economic security of Americans.
The hack is all the more damaging because Equifax sells its services to companies as a consumer protection and data breach specialist.
The hack, which exploited a US website application to access files, occurred between mid-May and July. Equifax did not become aware of it until 29 July. It then took the company a full week to make the news public.
During this time, three senior Equifax Inc. executives sold shares worth almost $1.8 million. Since the news was made public, shares in Equifax have tumbled. As suspicion grew, a spokesperson for Equifax issued the following statement denying any wrongdoing on the executives’ part:
The three executives who sold a small percentage of their Equifax shares on Tuesday, August 1, and Wednesday, August 2, had no knowledge that an intrusion had occurred at the time they sold their shares.
As the Bloomberg report that broke the story notes:
I doubt this is the end of it...
You can check to see if your data has been stolen by visiting this website or calling 866-447-7559. Equifax is also offering consumers free monitoring:
We have taken the unprecedented step of offering every US consumer in the country a comprehensive package of identity theft protection and credit file monitoring at no cost.
As Ryan Kalember, Senior Vice President at cybersecurity company Proofpoint, observes, however, the notion of trusting a company to protect your identity, when it just completely failed to protect your identity, is “utterly farcical.”