CNET: “…According to Equifax, which released a statement today, the company’s database was breached through a vulnerability on its website, exposing the personal information of an estimated 143 million people, including some in the UK and Canada….Equifax has set up its own program to help people find out if they were one of the millions affected in the hack. The program isn’t exactly straightforward, however — it requires a multi-step process that takes place over the course of at least one week. Here’s an overview of the process:…”
Equifax News Release: “Equifax Announces Cybersecurity Incident Involving Consumer Information: “Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases. The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted…”
The Atlantic: “In the end, the truth of the Equifax breach—who was affected, and how, and what the company will do to help, and what the terms of such assistance entail—might not be the most important lesson from this incident. More than anything, it suggests that a corner has been turned in corporate consumer data responsibility. Like severe weather, breaches have become so frequent and severe that they can begin receding from prominence. No matter their grievous effects, Equifax’s response suggests that fatalism might replace responsibility, planning, and foresight. This is just what happens now.”
ConsumerWatchDog: Equifax’s Data Breach Response, Credit Monitoring Offer May Violate California Law, Consumer Watchdog Says; Group Calls for Attorney General to Investigate
Daily Beast – Equifax Stung With Multibillion-Dollar Class-Action Lawsuit After Massive Data Breach
Ars Technica – Why the Equifax breach is very possibly the worst leak of personal info ever
Ars Technica – Failure to patch two-month-old bug led to massive Equifax breach
The New York Times – Consumers, but Not Executives, May Pay for Equifax Failings
Washington Post – Why didn’t Equifax protect your data? Because corporations have all the power. The hack revealed how little control consumers have these days.
EFF – Will the Equifax Data Breach Finally Spur the Courts (and Lawmakers) to Recognize Data Harms?
Fortune – Equifax is finally taking real steps to help consumers who are the victim of its catastrophic data breach: “On Wednesday [September 27, 2017], the company’s interim CEO said the credit bureau will offer a free lifetime service that will let customers lock and unlock their files. The proposed service, which Equifax says will be ready by January 31, is better than its initial response, which consisted of a broken breach-detection tool and an offer to freeze customers’ credit for one month. In the company’s words:
The service we are developing will let consumers easily lock and unlock access to their Equifax credit files. You will be able to do this at will. It will be reliable, safe and simple. Most significantly, the service will be offered free, for life.”