Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Equifax hack may have breached personal data on half the US population w/ updates

CNET: “…According to Equifax, which released a statement today, the company’s database was breached through a vulnerability on its website, exposing the personal information of an estimated 143 million people, including some in the UK and Canada….Equifax has set up its own program to help people find out if they were one of the millions affected in the hack. The program isn’t exactly straightforward, however — it requires a multi-step process that takes place over the course of at least one week. Here’s an overview of the process:…”

Equifax News Release: “Equifax Announces Cybersecurity Incident Involving Consumer Information: “Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases. The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted…”

The Atlantic: “In the end, the truth of the Equifax breach—who was affected, and how, and what the company will do to help, and what the terms of such assistance entail—might not be the most important lesson from this incident. More than anything, it suggests that a corner has been turned in corporate consumer data responsibility. Like severe weather, breaches have become so frequent and severe that they can begin receding from prominence. No matter their grievous effects, Equifax’s response suggests that fatalism might replace responsibility, planning, and foresight. This is just what happens now.”

ConsumerWatchDog: Equifax’s Data Breach Response, Credit Monitoring Offer May Violate California Law, Consumer Watchdog Says; Group Calls for Attorney General to Investigate

Daily Beast – Equifax Stung With Multibillion-Dollar Class-Action Lawsuit After Massive Data Breach

Ars Technica – Why the Equifax breach is very possibly the worst leak of personal info ever

Ars Technica – Failure to patch two-month-old bug led to massive Equifax breach

The New York Times – Consumers, but Not Executives, May Pay for Equifax Failings

Sorry, comments are closed for this post.