Equifax, one of the three U.S. credit reporting agencies that holds sensitive information on nearly every American consumer, reports hackers gained access to files on as many as 143 million people earlier this year.
According to the company, the cybercriminals used a vulnerability in “a U.S. website application” to gain entry in mid May of this year. The breach was discovered in late July and was stopped at that time, the company said.
An investigation was begun immediately and determined that the attackers were not successful in gaining access to Equifax's core consumer or commercial reporting databases.
Personal data at risk
However, the attackers were able to access consumers' names, Social Security numbers, birth dates, addresses and, in some cases, driver's license numbers. About 209,000 credit card numbers may also have been compromised.
"This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” said company CEO Richard F. Smith. “I apologize to consumers and our business customers for the concern and frustration this causes."
Smith said Equifax is currently conducting a review of all security operations. He said the company has developed countermeasures to support all U.S. consumers, whether their personal information was stolen or not.
What consumers should do
Consumers can find out if their information might have been compromised by going to a special website Equifax has established – www.equifaxsecurity2017.com. At the site, consumers simply enter their last name and the last six digits of their Social Security number. Equifax will then instantly tell you if your information may have been compromised.
Also at the site, consumers can sign up for free credit file monitoring and identity theft protection. The service, TrustedID Premier, includes monitoring of credit reports on Equifax, Experian, and TransUnion. It also includes full access to Equifax credit reports and the ability to lock and unlock those reports – controlling who can access them.
The package also includes identity theft insurance and internet scanning for Social Security numbers. The service will be provided at no cost for 12 months. The website also has other information for consumers to help protect themselves from identity theft.
As of midday Friday, many consumers were reporting difficulty in using the site, perhaps not surprising considering how many people were trying to access it. Equifax was also facing a storm of anger on Twitter, along with speculation about the security of the data consumers were being asked to enter.
"This is reason Number 10,000 to check your online bank statements and credit card statements on a regular basis, ideally weekly,” said Matt Shultz, CreditCards.com's senior industry analyst. “We think nothing of checking Facebook or Instagram 10 times a day, but many think it is too much to ask to check your bank statements once a week. It's not.”
Shultz said consumers need to be diligent, and not just in the short term. He says it could be weeks or months before an individual consumer's information is purchased on the black market.